24 matches found
GHSA-55F6-4PR5-C7M5 Kahi has privilege-drop and socket/log permission issues
Kahi releases up to and including v0.1.0-alpha.8 contain three privilege/permission issues, all fixed in v0.1.0-alpha.9. They were identified in a full-codebase security review on 2026-05-26. Affected versions All releases = v0.1.0-alpha.8. Patched version v0.1.0-alpha.9. Details 1. Per-process...
CVE-2026-45258
dspmmapsingle validated the requested mapping by checking the sum of the user-supplied offset and length against the buffer size. This addition could overflow, so that a large offset and length wrapped around and passed the check. The offset was then narrowed from 64 to 32 bits when converted to ...
CVE-2026-49417 Multiple vulnerabilities in the sound(4) mmap path
Second, the audio buffer backing a mapping could be freed when the device was closed even though the mapping remained valid. The freed memory could then be reused elsewhere while still accessible through the stale mapping. The /dev/dsp device nodes are world-accessible by default. On a system wit...
CVE-2026-49417
CVE-2026-49417 is part of two memory-safety issues in FreeBSD’s sound(4) mmap path. The advisories describe: (1) dsp_mmap_single() could overflow when validating a requested mapping, allowing a mapping to extend past the audio buffer into kernel memory (CVE-2026-45258), and (2) the audio buffer b...
PT-2026-53063
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An issue exists where the audio buffer backing a mapping could be freed upon closing the device while the mapping remains valid. This allows the freed memory to ...
EUVD-2026-27434
Tunnelblick is an open source graphic user interface for OpenVPN on macOS. In versions 3.3beta26 through 9.0beta01, any local user can read arbitrary root-owned files by exploiting a symlink following vulnerability in tunnelblick-helper, reachable through the world-accessible tunnelblickd Unix...
CLSA-2026-1776941944 tigervnc: Fix of CVE-2026-34352
CVE-2026-34352: fix world-accessible SHM segment in x0vncserver by changing shmget mode from 0777 to 0600 in ShmImage::Init...
CVE-2025-10937
Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 creates a temporary file to store the local authentication token during startup, before copying it to its final location. This temporary file is created in a directory accessible to all users on the system. An unauthorize...
EUVD-2025-35720
Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 creates a temporary file to store the local authentication token during startup, before copying it to its final location. This temporary file is created in a directory accessible to all users on the system. An unauthorize...
CVE-2025-10937
Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 creates a temporary file to store the local authentication token during startup, before copying it to its final location. This temporary file is created in a directory accessible to all users on the system. An unauthorize...
CVE-2025-10937
CVE-2025-10937 concerns Oxford Nanopore MinKNOW (versions up to 24.11). The DoS arises from how a local authentication token is written to a temporary file, created in /tmp and world-accessible, allowing an unauthenticated local user/process to place a file lock (flock) on the token file, prevent...
EUVD-2016-10692
Malware in sbrugna...
SUSE CVE-2023-49342
Temporary data passed between application components by Budgie Extras Clockworks applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false...
UBUNTU-CVE-2023-49345
Temporary data passed between application components by Budgie Extras Takeabreak applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false...
UBUNTU-CVE-2023-49346
Temporary data passed between application components by Budgie Extras WeatherShow applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false...
WordPress Duplicator 4.0.5 Backup DIsclosure
==================================================================================================================================== | Title : WordPress - Duplicator 4.0.5 Backup Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
SUSE CVE-2016-9903
Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resource to be loaded as a document it could allow injecting content and script into an add-on's context. This vulnerability affects Firefox 50.1...
CVE-2019-7305
Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system directories world-accessible over HTTP. Introduced in the Makefile patch file debian/patches/debian-changes-2.1.0b6+dfsg-1 or debian/patches/adds-a-makefile.patch, this can lead to data leakage, information...
Insecure Session Management
github.com/astaxie/beego uses an insecure session management. The excessive permissions configured on session files allows a local attacker to manipulate and modify session files before the application creates it in the world-accessible folder...
CVE-2016-9903
Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resource to be loaded as a document it could allow injecting content and script into an add-on's context. This vulnerability affects Firefox 50.1...