42 matches found
Claude SDK for TypeScript has Insecure Default File Permissions in Local Filesystem Memory Tool
The BetaLocalFilesystemMemoryTool in the Anthropic TypeScript SDK created memory files and directories using the Node.js default modes 0o666 for files, 0o777 for directories, leaving them world-readable on systems with a standard umask and world-writable in environments with a permissive umask su...
EUVD-2006-2542
Malware in sbrugna...
EUVD-2002-1501
Malware in sbrugna...
EUVD-2018-8395
Malware in sbrugna...
EUVD-2019-7995
Malware in sbrugna...
EUVD-2001-0406
Malware in sbrugna...
EUVD-2004-2125
Malware in sbrugna...
EUVD-2008-0068
Malware in sbrugna...
EUVD-2023-38303
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-52991
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Nix, Lix, and Guix package managers default to using temporary build directories in a world-readable and world-writable location. This allows standard users...
CVE-2025-8941
A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020. Mitigation Disable the pamnamespace...
DEBIAN-CVE-2025-52991
The Nix, Lix, and Guix package managers default to using temporary build directories in a world-readable and world-writable location. This allows standard users to deceive the package manager into using directories with pre-existing content, potentially leading to unauthorized actions or data...
CVE-2024-45310 runc can be confused to create empty files/directories on the host
runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers an...
DEBIAN-CVE-2023-30571
Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask call inside archivewritediskposix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race...
ALPINE-CVE-2021-3996
A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves like /tmp or mounted in a...
PT-2021-20890 · Red Hat · Ansible Automation Platform +2
Name of the Vulnerable Software and Affected Versions: Ansible Tower version 3.7 Ansible Automation Platform version 1.2 Description: A flaw was found in Ansible related to the setting of the ANSIBLE ASYNC DIR variable to a subdirectory of a world-writable directory, leading to a race condition o...
CVE-2020-27568
Insecure File Permissions exist in Aviatrix Controller 5.3.1516. Several world writable files and directories were found in the controller resource. Note: All Aviatrix appliances are fully encrypted. This is an extra layer of security...
CVE-2019-8453
Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062 are taken from directories where all users have write permissions. This can allow a local attacker to replace a DLL file with a malicious one and cause Denial of Service to the client...
Linux: Sticky bit on all world-writable directories
Setting the sticky bit on world writable directories prevents users from deleting or renaming files in that directory that are not owned by them. This feature prevents the ability to delete or rename files in world writable directories such as /tmp that are owned by another user...
Privilege escalation
Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 SLE-12 and through 4.5-5.39 for SUSE Linux Enterprise 15 SLE-15. Non-existing intermediate directories are created with mode 0777 durin...