Lucene search
+L

193 matches found

Positive Technologies
Positive Technologies
added 2025/01/29 12:0 a.m.9 views

PT-2025-5569 · Snowflake · Snowflake-Connector-Net

Name of the Vulnerable Software and Affected Versions: snowflake-connector-net versions 2.0.12 through 4.2.0 Description: The issue arises when files downloaded from stages are temporarily placed in a world-readable local directory, making them accessible to unauthorized users on the same machine...

5CVSS7.1AI score0.00141EPSS
Exploits0References9
OSV
OSV
added 2024/10/16 12:15 p.m.39 views

UBUNTU-CVE-2023-32190

mlocate's %post script allows RUNUPDATEDBAS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges...

8.5CVSS5.9AI score0.00202EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/10/16 12:0 a.m.7 views

PT-2024-12299 · Mlocate · Mlocate

Name of the Vulnerable Software and Affected Versions: mlocate affected versions not specified Description: The issue allows the RUN UPDATEDB AS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges. This is due to mlocate's %post script...

8.5CVSS6.7AI score0.00202EPSS
Exploits0References13
OSV
OSV
added 2024/10/01 3:37 p.m.8 views

CLSA-2024-1727797025 Fix CVE(s): CVE-2024-32002

SECURITY UPDATE: Hardlink creation to arbitrary user-readable files - debian/patches/CVE-2024-32002.patch: submodule paths must not contain symlinks - CVE-2024-32002...

9CVSS7.4AI score0.25334EPSS
Exploits32References1
OSV
OSV
added 2024/09/16 2:15 a.m.30 views

UBUNTU-CVE-2024-46958

In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files between the server and client may become world writable or world readable. This is fixed in 3.13.4...

9.1CVSS5.8AI score0.00555EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.10 views

RHEL 7 : vim (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - vim: Integer overflow at an unserializeuep memory allocation site CVE-2017-6350 - VIM version 8.0.1187 an...

9.8CVSS8.3AI score0.03389EPSS
Exploits5References12
BDU FSTEC
BDU FSTEC
added 2024/05/30 12:0 a.m.6 views

The vulnerability of the distributed Git version control system, related to improper preservation of permissions, allows a violator to create hard links to any readable file within the same file system.

The vulnerability of the distributed Git version control system relates to access to the database of objects in another user’s target repository. Exploiting this vulnerability allows a perpetrator to create hard links to any readable files within the same file system...

3.9CVSS6.6AI score0.00519EPSS
Exploits1References7Affected Software6
BDU FSTEC
BDU FSTEC
added 2024/05/24 12:0 a.m.5 views

The vulnerability of the distributed Git version control system, related to the use of pre-installed security-related data, allows a hacker to create hard links to any readable file within the same file system.

The vulnerability of the distributed Git version control system is related to the use of pre-installed data related to security. Exploiting this vulnerability allows a attacker to create hard links to any readable file within the same file system...

3.9CVSS6.6AI score0.00956EPSS
Exploits1References14Affected Software11
NOZOMI
NOZOMI
added 2024/05/15 12:0 a.m.9 views

Sensitive data exfiltration via unsafe permissions on Windows systems in Arc before v1.6.0

Summary On Windows systems, the Arc configuration files resulted to be world-readable. Impact This can lead to information disclosure by local attackers, via exfiltration of sensitive data from configuration files. Mitigation N/A Solution Upgrade to v1.6.0 or later...

5.2CVSS6AI score0.00145EPSS
Exploits0Affected Software1
NVD
NVD
added 2024/05/14 8:15 p.m.35 views

CVE-2024-32021

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target reposito...

7.1CVSS6.9AI score0.00956EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2024/05/14 7:15 p.m.30 views

CVE-2024-32021

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target reposito...

7.1CVSS7.5AI score0.00956EPSS
Exploits1
OSV
OSV
added 2024/04/19 5:15 a.m.4 views

CVE-2024-29962

Brocade SANnav OVA before v2.3.1 and v2.3.0a have an insecure file permission setting that makes files world-readable. This could allow a local user without the required privileges to access sensitive information or a Java binary...

5.5CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2024/04/13 4:56 p.m.6 views

MGASA-2024-0131 Updated rear packages fix security vulnerability

Relax-and-Recover aka ReaR through 2.7 creates a world-readable initrd when using GRUBRESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root. CVE-2024-23301...

5.5CVSS6.6AI score0.00291EPSS
Exploits1References2
Veracode
Veracode
added 2024/04/04 7:58 a.m.38 views

Local File Inclusion

voila is vulnerable to Local File Inclusion. The vulnerability is due to improper handling of file paths within app.py which allows an attacker to access readable files on the server's filesystem...

7.5CVSS6.7AI score0.00725EPSS
Exploits0References8Affected Software1
RedHat Linux
RedHat Linux
added 2023/08/09 2:20 p.m.54 views

Moderate: Red Hat Security Advisory: RHUI 4.5.0 release - Security, Bug Fixes, and Enhancements

An updated version of Red Hat Update Infrastructure RHUI is now available. RHUI 4.5 fixes several security and operational bugs and also adds several new features. Red Hat Update Infrastructure RHUI offers a highly scalable, highly redundant framework that enables you to manage repositories and...

9.8CVSS6.6AI score0.0138EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2023/02/15 6:17 a.m.4 views

SUSE CVE-2005-2945

arc 5.21j and earlier create temporary files with world-readable permissions, which allows local users to read sensitive information from files created by 1 arc arc.c or 2 marc marc.c...

2.1CVSS6.2AI score0.00364EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:17 a.m.3 views

SUSE CVE-2005-3088

fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords...

2.1CVSS6.2AI score0.00453EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:51 a.m.8 views

SUSE CVE-2011-3177

The YaST2 network created files with world readable permissions which could have allowed local users to read sensitive material out of network configuration files, like passwords for wireless networks...

7.8CVSS6.5AI score0.00311EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:43 a.m.3 views

SUSE CVE-2012-5577

Python keyring lib before 0.10 created keyring files with world-readable permissions...

7.5CVSS7AI score0.0146EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:36 a.m.3 views

SUSE CVE-2021-45083

An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobble...

8.4CVSS6.4AI score0.00311EPSS
Exploits0References9
Rows per page
Query Builder