Lucene search
K

706 matches found

EUVD
EUVD
added 2026/07/06 8:16 p.m.7 views

EUVD-2026-24988

mkdir: -m exposes directory with umask perms before chmod race window...

3.3CVSS5.9AI score0.00102EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/07/06 7:52 p.m.7 views

CVE-2026-13769

A flaw was found in AWS CLI. Overly permissive file permissions on Unix-like systems, where the umask has not been configured to restrict file permissions, may allow other local users on the same host to read credentials. This occurs when certain AWS CLI subcommands, such as aws codeartifact logi...

6.8CVSS5.9AI score0.00101EPSS
Exploits0References7
OSV
OSV
added 2026/07/01 6:34 p.m.4 views

CVE-2026-13769 Overly permissive File Permissions in AWS CLI

Overly permissive file permissions in AWS CLI before 1.44.78 v1 and 2.34.29 v2 on Unix-like systems where the umask has not been configured to restrict file permissions the default on most systems may allow other local users on the same host to read credentials written by certain CLI subcommands...

6.8CVSS5.9AI score0.00101EPSS
Exploits0References6
OSV
OSV
added 2026/05/26 5:16 p.m.8 views

DEBIAN-CVE-2026-48693

FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to '/tmp/fastnetmon.dat' src/fastnetmon.cpp line 159. The printscreencontentsintofile function src/fastnetmonlogic.cpp line 2186 opens this path...

5.5CVSS5.9AI score0.00127EPSS
Exploits0References1
NVD
NVD
added 2026/05/26 5:16 p.m.24 views

CVE-2026-48693

FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to '/tmp/fastnetmon.dat' src/fastnetmon.cpp line 159. The printscreencontentsintofile function src/fastnetmonlogic.cpp line 2186 opens this path...

5.5CVSS0.00127EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.19 views

PT-2026-43311

Name of the Vulnerable Software and Affected Versions FastNetMon Community Edition versions prior to 1.2.10 Description A local symlink attack is possible due to predictable file paths in the /tmp directory. The software uses a default statistics file path at '/tmp/fastnetmon.dat'. The print scre...

5.5CVSS5.9AI score0.00127EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/26 12:0 a.m.10 views

CVE-2026-48693

FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to '/tmp/fastnetmon.dat' src/fastnetmon.cpp line 159. The printscreencontentsintofile function src/fastnetmonlogic.cpp line 2186 opens this path...

5.9AI score0.00127EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/05/26 12:0 a.m.15 views

CVE-2026-48693

FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to '/tmp/fastnetmon.dat' src/fastnetmon.cpp line 159. The printscreencontentsintofile function src/fastnetmonlogic.cpp line 2186 opens this path...

5.5CVSS5.9AI score0.00127EPSS
Exploits0
EUVD
EUVD
added 2026/05/26 12:0 a.m.12 views

EUVD-2026-31899

FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to '/tmp/fastnetmon.dat' src/fastnetmon.cpp line 159. The printscreencontentsintofile function src/fastnetmonlogic.cpp line 2186 opens this path...

5.5CVSS5.9AI score0.00127EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Python-Django

A issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 when Python 3.7+ was used. The intermediate-level directories of the filesystem cache had the system’s standard umask instead of 0o077...

7.5CVSS7.4AI score0.0327EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Redis

Redis is an in-memory database that persists data on disk. Upon startup, Redis begins listening on Unix sockets before adjusting its permissions to the configuration provided by the user. If a permissive umask value is used, this can create a race condition that allows another process to establis...

3.6CVSS6.6AI score0.00444EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/18 7:3 p.m.9 views

CVE-2026-45246

Summarize prior to 0.15.1 contains an insecure file permission vulnerability in the refresh-free configuration rewrite path that allows local users to read sensitive credentials by exploiting default filesystem permissions. When the refresh-free path rewrites the configuration file, it creates th...

6.8CVSS5.8AI score0.00137EPSS
Exploits1References5
OSV
OSV
added 2026/04/29 4:12 p.m.7 views

CLSA-2026-1777479123 openssh: Fix of CVE-2026-35385

CVE-2026-35385: scp legacy -O mode privilege escalation via umask bypass...

8.1CVSS5.8AI score0.00419EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/28 1:54 p.m.7 views

CVE-2026-40556

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

5.2AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/24 8:33 p.m.7 views

CVE-2026-35353

The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by creating a directory with umask-derived permissions typically 0755 before subsequently changing them to the requested mode via a separate chmod system call. In multi-user environments, this introduces ...

3.3CVSS5.2AI score0.00102EPSS
Exploits0References2
OSV
OSV
added 2026/04/22 6:31 p.m.6 views

GHSA-VF87-345H-9QHX Duplicate Advisory: uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mj6p-44ch-cq69. This link is maintained to preserve external references. Original Description The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by creating a directory...

3.3CVSS5.9AI score0.00102EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/22 6:31 p.m.7 views

EUVD-2026-24996

The cp utility in uutils coreutils is vulnerable to an information disclosure race condition. Destination files are initially created with umask-derived permissions e.g., 0644 before being restricted to their final mode e.g., 0600 later in the process. A local attacker can race to open the file...

4.7CVSS5.7AI score0.00091EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.11 views

Duplicate Advisory: uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mj6p-44ch-cq69. This link is maintained to preserve external references. Original Description The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by creating a directory...

3.3CVSS5.9AI score0.00102EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.8 views

uutils coreutils has an Incorrect Permission Assignment for Critical Resource

The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, typically resulting in a world-readable file 0644. In multi-user environments, this allows any user on the...

3.3CVSS5.2AI score0.00114EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/04/22 6:31 p.m.6 views

GHSA-W8M4-4V35-V6X3 Duplicate Advisory: uutils coreutils allows unauthorized modification of permissions on existing files

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pmf6-rcx4-v53v. This link is maintained to preserve external references. Original Description A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions on existing files...

7.1CVSS6AI score0.00165EPSS
Exploits1References3
Rows per page
Query Builder