Lucene search
K

24 matches found

OSV
OSV
added 2026/06/30 6:7 p.m.4 views

GHSA-55F6-4PR5-C7M5 Kahi has privilege-drop and socket/log permission issues

Kahi releases up to and including v0.1.0-alpha.8 contain three privilege/permission issues, all fixed in v0.1.0-alpha.9. They were identified in a full-codebase security review on 2026-05-26. Affected versions All releases = v0.1.0-alpha.8. Patched version v0.1.0-alpha.9. Details 1. Per-process...

5.8AI score
Exploits0References2
NVD
NVD
added 2026/06/27 9:16 a.m.9 views

CVE-2026-45258

dspmmapsingle validated the requested mapping by checking the sum of the user-supplied offset and length against the buffer size. This addition could overflow, so that a large offset and length wrapped around and passed the check. The offset was then narrowed from 64 to 32 bits when converted to ...

7.8CVSS0.00149EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/27 8:48 a.m.37 views

CVE-2026-49417 Multiple vulnerabilities in the sound(4) mmap path

Second, the audio buffer backing a mapping could be freed when the device was closed even though the mapping remained valid. The freed memory could then be reused elsewhere while still accessible through the stale mapping. The /dev/dsp device nodes are world-accessible by default. On a system wit...

0.00125EPSS
Exploits0References1
CVE
CVE
added 2026/06/27 8:48 a.m.30 views

CVE-2026-49417

CVE-2026-49417 is part of two memory-safety issues in FreeBSD’s sound(4) mmap path. The advisories describe: (1) dsp_mmap_single() could overflow when validating a requested mapping, allowing a mapping to extend past the audio buffer into kernel memory (CVE-2026-45258), and (2) the audio buffer b...

7CVSS5.9AI score0.00125EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.13 views

PT-2026-53063

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An issue exists where the audio buffer backing a mapping could be freed upon closing the device while the mapping remains valid. This allows the freed memory to ...

7CVSS6.1AI score0.00125EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/05 6:55 p.m.6 views

EUVD-2026-27434

Tunnelblick is an open source graphic user interface for OpenVPN on macOS. In versions 3.3beta26 through 9.0beta01, any local user can read arbitrary root-owned files by exploiting a symlink following vulnerability in tunnelblick-helper, reachable through the world-accessible tunnelblickd Unix...

6.8CVSS5.9AI score0.00242EPSS
Exploits1References2
OSV
OSV
added 2026/04/23 10:59 a.m.6 views

CLSA-2026-1776941944 tigervnc: Fix of CVE-2026-34352

CVE-2026-34352: fix world-accessible SHM segment in x0vncserver by changing shmget mode from 0777 to 0600 in ShmImage::Init...

9.8CVSS5.8AI score0.00247EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/24 6:38 p.m.5 views

CVE-2025-10937

Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 creates a temporary file to store the local authentication token during startup, before copying it to its final location. This temporary file is created in a directory accessible to all users on the system. An unauthorize...

6.8CVSS7AI score0.00156EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/23 9:31 p.m.4 views

EUVD-2025-35720

Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 creates a temporary file to store the local authentication token during startup, before copying it to its final location. This temporary file is created in a directory accessible to all users on the system. An unauthorize...

6.8CVSS6.5AI score0.00156EPSS
Exploits0References5
NVD
NVD
added 2025/10/23 7:15 p.m.5 views

CVE-2025-10937

Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 creates a temporary file to store the local authentication token during startup, before copying it to its final location. This temporary file is created in a directory accessible to all users on the system. An unauthorize...

6.8CVSS0.00156EPSS
Exploits0References4
CVE
CVE
added 2025/10/23 6:24 p.m.13 views

CVE-2025-10937

CVE-2025-10937 concerns Oxford Nanopore MinKNOW (versions up to 24.11). The DoS arises from how a local authentication token is written to a temporary file, created in /tmp and world-accessible, allowing an unauthenticated local user/process to place a file lock (flock) on the token file, prevent...

6.8CVSS6.7AI score0.00156EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2016-10692

Malware in sbrugna...

6.1CVSS7.9AI score0.01143EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/12/16 1:43 a.m.2 views

SUSE CVE-2023-49342

Temporary data passed between application components by Budgie Extras Clockworks applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false...

7.8CVSS6.3AI score0.00303EPSS
Exploits0References3
OSV
OSV
added 2023/12/14 12:0 a.m.1 views

UBUNTU-CVE-2023-49345

Temporary data passed between application components by Budgie Extras Takeabreak applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false...

7.8CVSS5.8AI score0.00303EPSS
Exploits0References4
OSV
OSV
added 2023/12/14 12:0 a.m.2 views

UBUNTU-CVE-2023-49346

Temporary data passed between application components by Budgie Extras WeatherShow applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false...

7.8CVSS5.8AI score0.00303EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2023/06/26 12:0 a.m.212 views

WordPress Duplicator 4.0.5 Backup DIsclosure

==================================================================================================================================== | Title : WordPress - Duplicator 4.0.5 Backup Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

7.1AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 4:54 a.m.3 views

SUSE CVE-2016-9903

Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resource to be loaded as a document it could allow injecting content and script into an add-on's context. This vulnerability affects Firefox 50.1...

6.1CVSS6.5AI score0.01143EPSS
Exploits0References20
NVD
NVD
added 2020/04/10 12:15 a.m.11 views

CVE-2019-7305

Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system directories world-accessible over HTTP. Introduced in the Makefile patch file debian/patches/debian-changes-2.1.0b6+dfsg-1 or debian/patches/adds-a-makefile.patch, this can lead to data leakage, information...

9.8CVSS7.9AI score0.01833EPSS
Exploits0References1
Veracode
Veracode
added 2019/09/17 3:1 a.m.18 views

Insecure Session Management

github.com/astaxie/beego uses an insecure session management. The excessive permissions configured on session files allows a local attacker to manipulate and modify session files before the application creates it in the world-accessible folder...

4.7CVSS2.4AI score0.00199EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/06/11 9:29 p.m.3 views

CVE-2016-9903

Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resource to be loaded as a document it could allow injecting content and script into an add-on's context. This vulnerability affects Firefox 50.1...

6.1CVSS6.8AI score0.01143EPSS
Exploits0References4
Rows per page
Query Builder