Lucene search
K

43 matches found

Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.14 views

PT-2026-26067

When a plugin is installed using the Arturia Software Center MacOS, it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the...

8.2CVSS5.9AI score0.00127EPSS
Exploits1References5
EUVD
EUVD
added 2025/11/26 1:12 a.m.6 views

EUVD-2025-199667

CMService.exe creates the C:\usr directory and subdirectories with insecure permissions, granting write access to all authenticated users. This allows attackers to replace configuration files such as snmp.conf or hijack DLLs to escalate privileges...

6.9CVSS6.6AI score0.00099EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2001-0598

Malware in sbrugna...

4.6CVSS6.4AI score0.00471EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-15860

Malware in sbrugna...

7CVSS6.9AI score0.00584EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-1999-1405

Malware in sbrugna...

6.2CVSS6.4AI score0.0028EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2025/10/02 6:11 a.m.7 views

An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privileges to root upon package installation or update.

...

7.8CVSS7AI score0.00761EPSS
Exploits1
Cvelist
Cvelist
added 2024/05/15 4:6 p.m.23 views

CVE-2023-5937 Sensitive data exfiltration via unsafe permissions on Windows systems in Arc before v1.6.0

On Windows systems, the Arc configuration files resulted to be world-readable. This can lead to information disclosure by local attackers, via exfiltration of sensitive data from configuration files...

5.2CVSS4.3AI score0.00145EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/01/31 9:30 a.m.22 views

Spring Cloud Contract vulnerable to local information disclosure

In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in...

5.5CVSS6.6AI score0.00223EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/01/31 7:15 a.m.31 views

CVE-2024-22236

In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in...

5.5CVSS4.4AI score0.00223EPSS
Exploits0References1
OSV
OSV
added 2024/01/31 7:15 a.m.22 views

CVE-2024-22236

In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in...

5.5CVSS6.6AI score0.00223EPSS
Exploits0References1
Prion
Prion
added 2024/01/31 7:15 a.m.18 views

Information disclosure

In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in...

1.7CVSS6.6AI score0.00223EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/31 12:0 a.m.6 views

PT-2024-19288 · Google +1 · Guava +1

Name of the Vulnerable Software and Affected Versions: Spring Cloud Contract versions 3.1.x prior to 3.1.10 Spring Cloud Contract versions 4.0.x prior to 4.0.5 Spring Cloud Contract versions 4.1.x prior to 4.1.1 Description: The issue concerns local information disclosure via a temporary director...

5.5CVSS5.2AI score0.00223EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2023/02/15 5:53 a.m.3 views

SUSE CVE-2011-1836

utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process...

4.6CVSS6.6AI score0.00378EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/17 7:57 p.m.26 views

Ansible sets unsafe permissions for sources.list

Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format...

5.5CVSS6.1AI score0.00362EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/05/17 7:57 p.m.18 views

GHSA-6667-F46P-PG88 Ansible sets unsafe permissions for sources.list

Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format...

6.8CVSS5AI score0.00362EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/04/11 12:0 a.m.5 views

PT-2022-3217 · D Link · D-Link Dsl-G2452Dg

Name of the Vulnerable Software and Affected Versions: D-Link DSL-G2452DG version ME 2.00 Description: The issue is related to insecure permissions in the implementation of the execute cmd.cgi script in the D-Link DSL-G2452DG router's firmware. This could allow an attacker to execute arbitrary...

9.8CVSS9.6AI score0.03051EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2022/03/23 8:22 a.m.5 views

guava: local information disclosure via temporary directory created with unsafe permissions

A flaw was found in Guava that creates temporary directories with default permissions similar to /tmp. This issue may allow local users access, possibly permitting information exposure...

3.3CVSS6.8AI score0.00964EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2022/03/22 3:33 p.m.4 views

guava: local information disclosure via temporary directory created with unsafe permissions

A flaw was found in Guava that creates temporary directories with default permissions similar to /tmp. This issue may allow local users access, possibly permitting information exposure...

3.3CVSS6.8AI score0.00964EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2022/02/21 7:30 a.m.45 views

CVE-2021-45083

A flaw was found in cobbler. The vulnerability occurs due to unsafe permissions on sensitive files in /etc/cobbler and leads to cleartext transmission. This flaw allows an attacker to interact and read sensitive configuration files...

7.1CVSS4.1AI score0.00306EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2022/02/19 12:0 a.m.13 views

SUSE: Security Advisory (SUSE-SU-2022:14891-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.1CVSS8.4AI score0.00306EPSS
Exploits0References5
Rows per page
Query Builder