1677 matches found
Claude SDK for TypeScript has Insecure Default File Permissions in Local Filesystem Memory Tool
The BetaLocalFilesystemMemoryTool in the Anthropic TypeScript SDK created memory files and directories using the Node.js default modes 0o666 for files, 0o777 for directories, leaving them world-readable on systems with a standard umask and world-writable in environments with a permissive umask su...
EUVD-2026-25015
The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, typically resulting in a world-readable file 0644. In multi-user environments, this allows any user on the...
GHSA-5HGF-628X-MCQF uutils coreutils has an Incorrect Permission Assignment for Critical Resource
The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, typically resulting in a world-readable file 0644. In multi-user environments, this allows any user on the...
uutils coreutils has an Incorrect Permission Assignment for Critical Resource
The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, typically resulting in a world-readable file 0644. In multi-user environments, this allows any user on the...
CVE-2026-35367
The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, typically resulting in a world-readable file 0644. In multi-user environments, this allows any user on the...
CVE-2026-35367
The CVE concerns the nohup utility from the uutils coreutils project, where nohup.out is created without explicit restricted permissions, causing it to inherit umask-based permissions (typically 0644) and become world-readable. This differs from GNU coreutils, which creates nohup.out with owner-o...
CVE-2026-35367
The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, typically resulting in a world-readable file 0644. In multi-user environments, this allows any user on the...
CVE-2026-35367 uutils coreutils nohup Information Disclosure via Insecure Default Output Permissions
The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, typically resulting in a world-readable file 0644. In multi-user environments, this allows any user on the...
Linux Distros Unpatched Vulnerability : CVE-2026-35367
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to...
PT-2026-34503
The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, typically resulting in a world-readable file 0644. In multi-user environments, this allows any user on the...
SUSE-SU-2026:21263-1 Security update for libvirt
This update for libvirt fixes the following issues: - CVE-2025-12748: Denial of service in XML parsing bsc1253278. - CVE-2025-13193: Information disclosure via world-readable VM snapshots bsc1253703...
CVE-2026-34450
The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and...
GHSA-Q5F5-3GJM-7MFM Claude SDK for Python has Insecure Default File Permissions in Local Filesystem Memory Tool
The local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and world-writable in environments with a permissive umask such as many Docker base images. A local attacker on a shared host could read...
Claude SDK for Python has Insecure Default File Permissions in Local Filesystem Memory Tool
The local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and world-writable in environments with a permissive umask such as many Docker base images. A local attacker on a shared host could read...
CVE-2026-34450
The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and...
CVE-2026-34450 Claude SDK for Python: Insecure Default File Permissions in Local Filesystem Memory Tool
The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and...
CVE-2026-34450
The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and...
CVE-2026-34450 Claude SDK for Python: Insecure Default File Permissions in Local Filesystem Memory Tool
The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and...
PT-2026-29378
The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and...
Capgo CLI: symlink-following local secret writes enable arbitrary file overwrite + world-readable credentials (0600 missing)
Summary The Capgo CLI writes sensitive local files .capgo API key file and build credentials JSON using unsafe file operations that follow symlinks and do not enforce safe permissions. This allows an attacker-controlled repository to cause arbitrary file overwrite on the developer’s machine when...