Code injection

In Eternal Terminal 6.2.1, etserver and etclient have world-readable logfiles...

net/eternalterminal -- Multiple vulnerabilities

Mitre reports: etserver and etclient have predictable logfile names in /tmp and they are world-readable logfiles...

CVE-2022-48258

In Eternal Terminal 6.2.1, etserver and etclient have world-readable logfiles...

PT-2023-15654 · Unknown · Eternal Terminal

Name of the Vulnerable Software and Affected Versions: Eternal Terminal version 6.2.1 Description: The issue concerns world-readable logfiles in etserver and etclient. Recommendations: For Eternal Terminal version 6.2.1, restrict access to the logfiles of etserver and etclient to prevent...

CVE-2022-48258

CVE-2022-48258 affects EternalTerminal 6.2.1; etserver and etclient create world-readable logfiles, enabling potential exposure of logs containing sensitive data. The CVSS v3.1 base score is 5.3 (Medium) with Confidentiality impact Low. Remediation: update to 6.2.8 (and related package fixes) as ...

UBUNTU-CVE-2022-47927

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to local users. These files inclu...

Generalized frontrunning risk for claiming winnings due to request.currentChosenTokenId being public

Lines of code Vulnerability details Impact The function VRFNFTRandomDraw.sol:fulfillRandomWords called by Chainlink receives an array of random words, and uses it to choose a random offset by which the winning tokenId is selected. The chosen tokenId is stored on the public request variable in the...

Debian: Security Advisory (DLA-3229-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian dla-3229 : node-log4js - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3229 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-3229-1 [email protected] https://www.debian.org/lts/security/...

mediawiki -- multiple vulnerabilities

Mediawikwi reports: T322637, CVE-2022-PENDING SECURITY: Make sqlite DB files not world readable...

DEBIAN-CVE-2022-46338

g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, contained a udev rule to make supported device nodes world-readable and writable, allowing any process on the system to read traffic from keyboards, including sensitive data...

CVE-2022-46338

g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, contained a udev rule to make supported device nodes world-readable and writable, allowing any process on the system to read traffic from keyboards, including sensitive data...

CVE-2022-46338

g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, contained a udev rule to make supported device nodes world-readable and writable, allowing any process on the system to read traffic from keyboards, including sensitive data...

MPXJ 安全漏洞

MPXJ is an open source library for Jon Iles individual developers. It is used to read and write project plans from various file formats and databases. A security vulnerability exists in MPXJ versions prior to 10.14.1 that stems from the use of File.createTempFile... This causes a temporary file t...

PT-2022-26181 · Mpxj · Mpxj

Name of the Vulnerable Software and Affected Versions: MPXJ versions prior to 10.14.1 Description: MPXJ is an open source library to read and write project plans from a variety of file formats and databases. On Unix-like operating systems, MPXJ's use of File.createTempFile.. results in temporary...

Oracle Linux 9 : logrotate (ELSA-2022-8393)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2022-8393 advisory. - fix potential DoS from unprivileged users via the state file CVE-2022-1348 Mon Aug 09 2021 Mohan Boddu Tenable has extracted the preceding description block...

AlmaLinux 9 : logrotate (ALSA-2022:8393)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2022:8393 advisory. - A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate...

Wire 日志信息泄露漏洞

Wire is a chat software from the German company Wire. The software supports Web, WindowsiOS, Android, and OS X platforms, has group functionality, can make voice calls, send photos, and its original greeting method, PING. Wire 3.22.3993 and earlier versions contain an information disclosure...

logrotate: potential DoS from unprivileged users via the state file

A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an...

netty: world readable temporary file containing sensitive data

CVE-2021-21290 contains an incomplete fix, and this addresses the issue found in netty. When using multipart decoders in netty, local information disclosure can occur via the local system temporary directory if temporary storing of uploads on the disk is enabled...