Lucene search
K

1677 matches found

Github Security Blog
Github Security Blog
added 2026/04/29 10:28 p.m.30 views

Claude SDK for TypeScript has Insecure Default File Permissions in Local Filesystem Memory Tool

The BetaLocalFilesystemMemoryTool in the Anthropic TypeScript SDK created memory files and directories using the Node.js default modes 0o666 for files, 0o777 for directories, leaving them world-readable on systems with a standard umask and world-writable in environments with a permissive umask su...

4.8CVSS5.3AI score0.00119EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/04/22 6:31 p.m.6 views

EUVD-2026-25015

The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, typically resulting in a world-readable file 0644. In multi-user environments, this allows any user on the...

3.3CVSS5.8AI score0.00114EPSS
Exploits1References2
OSV
OSV
added 2026/04/22 6:31 p.m.4 views

GHSA-5HGF-628X-MCQF uutils coreutils has an Incorrect Permission Assignment for Critical Resource

The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, typically resulting in a world-readable file 0644. In multi-user environments, this allows any user on the...

3.3CVSS5.8AI score0.00114EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.7 views

uutils coreutils has an Incorrect Permission Assignment for Critical Resource

The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, typically resulting in a world-readable file 0644. In multi-user environments, this allows any user on the...

3.3CVSS5.2AI score0.00114EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/04/22 5:16 p.m.7 views

CVE-2026-35367

The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, typically resulting in a world-readable file 0644. In multi-user environments, this allows any user on the...

3.3CVSS0.00114EPSS
Exploits1References1
CVE
CVE
added 2026/04/22 4:8 p.m.13 views

CVE-2026-35367

The CVE concerns the nohup utility from the uutils coreutils project, where nohup.out is created without explicit restricted permissions, causing it to inherit umask-based permissions (typically 0644) and become world-readable. This differs from GNU coreutils, which creates nohup.out with owner-o...

3.3CVSS5.8AI score0.00114EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/22 4:8 p.m.5 views

CVE-2026-35367

The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, typically resulting in a world-readable file 0644. In multi-user environments, this allows any user on the...

3.3CVSS5.8AI score0.00114EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/22 4:8 p.m.28 views

CVE-2026-35367 uutils coreutils nohup Information Disclosure via Insecure Default Output Permissions

The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, typically resulting in a world-readable file 0644. In multi-user environments, this allows any user on the...

3.3CVSS0.00114EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-35367

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to...

3.3CVSS5.8AI score0.00114EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.4 views

PT-2026-34503

The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, typically resulting in a world-readable file 0644. In multi-user environments, this allows any user on the...

3.3CVSS5.8AI score0.00114EPSS
Exploits1References2
OSV
OSV
added 2026/04/21 8:35 a.m.5 views

SUSE-SU-2026:21263-1 Security update for libvirt

This update for libvirt fixes the following issues: - CVE-2025-12748: Denial of service in XML parsing bsc1253278. - CVE-2025-13193: Information disclosure via world-readable VM snapshots bsc1253703...

5.5CVSS6AI score0.00185EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/04/01 11:0 p.m.7 views

CVE-2026-34450

The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and...

4.8CVSS5.8AI score0.00122EPSS
Exploits0References1
OSV
OSV
added 2026/04/01 9:15 p.m.2 views

GHSA-Q5F5-3GJM-7MFM Claude SDK for Python has Insecure Default File Permissions in Local Filesystem Memory Tool

The local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and world-writable in environments with a permissive umask such as many Docker base images. A local attacker on a shared host could read...

4.8CVSS5.9AI score0.00122EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/01 9:15 p.m.7 views

Claude SDK for Python has Insecure Default File Permissions in Local Filesystem Memory Tool

The local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and world-writable in environments with a permissive umask such as many Docker base images. A local attacker on a shared host could read...

4.8CVSS5.9AI score0.00122EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/03/31 10:16 p.m.7 views

CVE-2026-34450

The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and...

4.8CVSS0.00122EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/31 9:32 p.m.28 views

CVE-2026-34450 Claude SDK for Python: Insecure Default File Permissions in Local Filesystem Memory Tool

The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and...

4.8CVSS0.00122EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/31 9:32 p.m.8 views

CVE-2026-34450

The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and...

4.8CVSS5.8AI score0.00122EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/31 9:32 p.m.6 views

CVE-2026-34450 Claude SDK for Python: Insecure Default File Permissions in Local Filesystem Memory Tool

The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and...

4.8CVSS5.8AI score0.00122EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.3 views

PT-2026-29378

The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and...

4.8CVSS5.8AI score0.00122EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/18 4:9 p.m.29 views

Capgo CLI: symlink-following local secret writes enable arbitrary file overwrite + world-readable credentials (0600 missing)

Summary The Capgo CLI writes sensitive local files .capgo API key file and build credentials JSON using unsafe file operations that follow symlinks and do not enforce safe permissions. This allows an attacker-controlled repository to cause arbitrary file overwrite on the developer’s machine when...

5.9AI score
Exploits0References3Affected Software1
Rows per page
Query Builder