43 matches found
PT-2026-26067
When a plugin is installed using the Arturia Software Center MacOS, it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the...
EUVD-2025-199667
CMService.exe creates the C:\usr directory and subdirectories with insecure permissions, granting write access to all authenticated users. This allows attackers to replace configuration files such as snmp.conf or hijack DLLs to escalate privileges...
EUVD-2001-0598
Malware in sbrugna...
EUVD-2021-15860
Malware in sbrugna...
EUVD-1999-1405
Malware in sbrugna...
An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privileges to root upon package installation or update.
...
CVE-2023-5937 Sensitive data exfiltration via unsafe permissions on Windows systems in Arc before v1.6.0
On Windows systems, the Arc configuration files resulted to be world-readable. This can lead to information disclosure by local attackers, via exfiltration of sensitive data from configuration files...
Spring Cloud Contract vulnerable to local information disclosure
In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in...
CVE-2024-22236
In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in...
CVE-2024-22236
In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in...
Information disclosure
In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in...
PT-2024-19288 · Google +1 · Guava +1
Name of the Vulnerable Software and Affected Versions: Spring Cloud Contract versions 3.1.x prior to 3.1.10 Spring Cloud Contract versions 4.0.x prior to 4.0.5 Spring Cloud Contract versions 4.1.x prior to 4.1.1 Description: The issue concerns local information disclosure via a temporary director...
SUSE CVE-2011-1836
utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process...
Ansible sets unsafe permissions for sources.list
Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format...
GHSA-6667-F46P-PG88 Ansible sets unsafe permissions for sources.list
Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format...
PT-2022-3217 · D Link · D-Link Dsl-G2452Dg
Name of the Vulnerable Software and Affected Versions: D-Link DSL-G2452DG version ME 2.00 Description: The issue is related to insecure permissions in the implementation of the execute cmd.cgi script in the D-Link DSL-G2452DG router's firmware. This could allow an attacker to execute arbitrary...
guava: local information disclosure via temporary directory created with unsafe permissions
A flaw was found in Guava that creates temporary directories with default permissions similar to /tmp. This issue may allow local users access, possibly permitting information exposure...
guava: local information disclosure via temporary directory created with unsafe permissions
A flaw was found in Guava that creates temporary directories with default permissions similar to /tmp. This issue may allow local users access, possibly permitting information exposure...
CVE-2021-45083
A flaw was found in cobbler. The vulnerability occurs due to unsafe permissions on sensitive files in /etc/cobbler and leads to cleartext transmission. This flaw allows an attacker to interact and read sensitive configuration files...
SUSE: Security Advisory (SUSE-SU-2022:14891-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...