GO-2024-3007 snapd failed to restrict writes to the $HOME/bin path in github.com/snapcore/snapd

snapd failed to restrict writes to the $HOME/bin path in github.com/snapcore/snapd. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners,...

PT-2023-21678 · Unknown +2 · Stellarium +2

Name of the Vulnerable Software and Affected Versions: Stellarium versions through 1.2 Description: The issue allows attackers to write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal. Recommendations: For Stellarium versions through 1.2,...

PT-2022-13939 · Gruntjs +3 · Gruntjs +3

Name of the Vulnerable Software and Affected Versions: GruntJS versions prior to 1.5.3 Description: The issue concerns a TOCTOU Time-of-Check-to-Time-of-Use race condition in file.copy operations. This can lead to arbitrary file writes, potentially resulting in local privilege escalation if a...