Lucene search
K

1417 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/06 4:43 p.m.4 views

CVE-2026-23740

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when astcoredumper writes its gdb init and output files to a directory that is world-writable for example /tmp, an attacker with write permissionwhich is a...

7.8CVSS5.8AI score0.00112EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/02/06 4:43 p.m.29 views

CVE-2026-23740

Asterisk contains a local privilege escalation flaw: if ast_coredumper writes gdb init/output to a world-writable directory (e.g., /tmp), a local attacker with write access to that directory can cause arbitrary commands to execute as root or overwrite files by manipulating the gdb init and output...

7.8CVSS5.8AI score0.00112EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/02/06 4:43 p.m.4 views

CVE-2026-23740 Asterisk vulnerable to potential privilege escalation

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when astcoredumper writes its gdb init and output files to a directory that is world-writable for example /tmp, an attacker with write permissionwhich is a...

5.9AI score0.00112EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/06 4:43 p.m.6 views

EUVD-2026-5617

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when astcoredumper writes its gdb init and output files to a directory that is world-writable for example /tmp, an attacker with write permissionwhich is a...

7.8CVSS5.8AI score0.00112EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/06 4:43 p.m.36 views

CVE-2026-23740 Asterisk vulnerable to potential privilege escalation

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when astcoredumper writes its gdb init and output files to a directory that is world-writable for example /tmp, an attacker with write permissionwhich is a...

0.00112EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/02/06 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-23740

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when astcoredumper...

7.8CVSS5.9AI score0.00112EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/03 3:18 p.m.52 views

CVE-2025-10279

In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This vulnerability allows an attacker with write access to the /tmp directory to exploit a race condition and overwrite .py files in the virtual...

7CVSS5.9AI score0.00215EPSS
Exploits1References1
OSV
OSV
added 2026/02/02 12:31 p.m.4 views

GHSA-4X5P-F36R-MXXR mlflow Creates of Temporary File in Directory with Insecure Permissions

In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This vulnerability allows an attacker with write access to the /tmp directory to exploit a race condition and overwrite .py files in the virtual...

7CVSS5.9AI score0.00215EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/02/02 12:31 p.m.8 views

mlflow Creates of Temporary File in Directory with Insecure Permissions

In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This vulnerability allows an attacker with write access to the /tmp directory to exploit a race condition and overwrite .py files in the virtual...

7CVSS5.9AI score0.00215EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/02/02 11:16 a.m.6 views

CVE-2025-10279

In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This vulnerability allows an attacker with write access to the /tmp directory to exploit a race condition and overwrite .py files in the virtual...

7CVSS0.00215EPSS
Exploits1References2
OSV
OSV
added 2026/02/02 10:36 a.m.5 views

CVE-2025-10279 Privilege Escalation in mlflow/mlflow

In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This vulnerability allows an attacker with write access to the /tmp directory to exploit a race condition and overwrite .py files in the virtual...

7CVSS7.3AI score0.00215EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/02 10:36 a.m.5 views

CVE-2025-10279

In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This vulnerability allows an attacker with write access to the /tmp directory to exploit a race condition and overwrite .py files in the virtual...

7CVSS5.9AI score0.00215EPSS
Exploits1References3
CVE
CVE
added 2026/02/02 10:36 a.m.19 views

CVE-2025-10279

CVE-2025-10279 affects mlflow 2.20.3 where the temporary directory used to create Python virtual environments is created with world-writable permissions (0o777). This insecure permission setup enables a local attacker with write access to /tmp to race and overwrite .py files inside the venv, enab...

7CVSS5.9AI score0.00215EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/02/02 10:36 a.m.32 views

CVE-2025-10279 Privilege Escalation in mlflow/mlflow

In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This vulnerability allows an attacker with write access to the /tmp directory to exploit a race condition and overwrite .py files in the virtual...

7CVSS0.00215EPSS
Exploits1References2
EUVD
EUVD
added 2026/02/02 10:36 a.m.16 views

EUVD-2025-206598

In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This vulnerability allows an attacker with write access to the /tmp directory to exploit a race condition and overwrite .py files in the virtual...

7CVSS5.9AI score0.00215EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/02 10:36 a.m.5 views

CVE-2025-10279 Privilege Escalation in mlflow/mlflow

In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This vulnerability allows an attacker with write access to the /tmp directory to exploit a race condition and overwrite .py files in the virtual...

7CVSS5.9AI score0.00215EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.9 views

PT-2026-5652

Name of the Vulnerable Software and Affected Versions mlflow versions prior to 3.4.0 Description A flaw exists in mlflow version 2.20.3 where the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This allows an attacker with...

7CVSS7.3AI score0.00215EPSS
Exploits1References14
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.6 views

Azure Linux 3.0 Security Update: samba (CVE-2019-3870)

The version of samba installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2019-3870 advisory. - A vulnerability was found in Samba from version including 4.9 to versions before 4.9.6 and 4.10.2. During the...

6.1CVSS5.7AI score0.00552EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 8 : targetcli-2.1.51-4.el8 (AXSA:2020-296:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-296:01 advisory. targetcli: world writable /var/run/targetclid.sock allows unprivileged user to execute commands CVE-2020-10699 Tenable has extracted the preceding description...

7.8CVSS5.7AI score0.00348EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 9 : dotnet7.0-7.0.100-0.5.rc2.el9.ML.1 (AXSA:2023-5051:06)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5051:06 advisory. dotnet: Nuget cache poisoning on Linux via world-writable cache directory CVE-2022-41032 Tenable has extracted the preceding description block directly from...

7.8CVSS7.5AI score0.01057EPSS
Exploits0References2
Rows per page
Query Builder