CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

Positive Technologies•added 2026/04/22 12:0 a.m.•9 views

PT-2026-34489

The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by creating a directory with umask-derived permissions typically 0755 before subsequently changing them to the requested mode via a separate chmod system call. In multi-user environments, this introduces ...

3.3CVSS5.7AI score0.00102EPSS

Exploits0References3

Tenable Nessus•added 2026/01/16 12:0 a.m.•5 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003985)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003985 advisory. In the Linux kernel before 5.7.8, fs/nfsd/vfs.c in the NFS server can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka...

7.1CVSS6.4AI score0.00361EPSS

Exploits0References13

OSV•added 2025/03/07 3:26 p.m.•5 views

OESA-2025-1237 rust security update

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator. Security Fixes: Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not...

7.9CVSS6.8AI score0.00763EPSS

Exploits0References3

RedHat Linux•added 2023/08/15 12:13 a.m.•3 views

rust-cargo: cargo does not respect the umask when extracting dependencies

A flaw was found in the rust-cargo package. Cargo, as bundled with the Rust compiler, did not respect the umask when extracting dependency tarballs and caching the extraction for future builds. If a dependency contained files with 0777 permissions, another local user could edit the cache of the...

7.9CVSS5.9AI score0.00763EPSS

Exploits0References5

OSV•added 2023/08/03 12:0 p.m.•4 views

UBUNTU-CVE-2023-38497

Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local...

7.9CVSS7AI score0.00763EPSS

Exploits0References6

SUSE CVE•added 2023/02/15 6:11 a.m.•6 views

SUSE CVE-2007-3740

The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges...

4.4CVSS6.6AI score0.0038EPSS

Exploits0References5

RedHat Linux•added 2021/02/02 12:11 p.m.•2 views

kernel: Nfsd failure to clear umask after processing an open or create

A flaw incorrect umask during file or directory modification in the Linux kernel NFS network file system functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with...

4.9CVSS6.2AI score0.01347EPSS

Exploits0References5

OSV•added 2017/10/31 8:29 p.m.•7 views

CVE-2017-1000383

GNU Emacs version 25.3.1 and other versions most likely ignores umask when creating a backup save file "ORIGINALFILENAME" resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary...

5.5CVSS5.7AI score0.00424EPSS

Exploits0References2