25 matches found
CVE-2022-31072
Octokit is a Ruby toolkit for the GitHub API. Versions 4.23.0 and 4.24.0 of the octokit gem were published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to -rw-rw-rw- i.e. 0666 instead of rw-r--r-- i.e. 0644. This means everyone who is...
EUVD-2000-0710
Malware in sbrugna...
EUVD-2001-1237
Malware in sbrugna...
EUVD-2013-4249
Malware in sbrugna...
EUVD-2022-5885
Malicious code in bioql PyPI...
EUVD-2022-6044
Malicious code in bioql PyPI...
CVE-2022-31072
Octokit is a Ruby toolkit for the GitHub API. Versions 4.23.0 and 4.24.0 of the octokit gem were published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to -rw-rw-rw- i.e. 0666 instead of rw-r--r-- i.e. 0644. This means everyone who is...
CVE-2022-31071
Octopoller is a micro gem for polling and retrying. Version 0.2.0 of the octopoller gem was published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to -rw-rw-rw- i.e. 0666 instead of rw-r--r-- i.e. 0644. This means everyone who is not t...
CVE-2022-31071 Octopoller gem published with world-writable files
Octopoller is a micro gem for polling and retrying. Version 0.2.0 of the octopoller gem was published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to -rw-rw-rw- i.e. 0666 instead of rw-r--r-- i.e. 0644. This means everyone who is not t...
CVE-2022-31072
The CVE affects the Ruby Octokit gem; versions 4.23.0 and 4.24.0 ship world-writable files (permissions 0666) instead of 0644, enabling modification by non-owners in affected environments. The root cause is improper packaging of files during these releases. A fix is available in Octokit 4.25.0. W...
CVE-2022-31072 Octokit gem published with world-writable files
Octokit is a Ruby toolkit for the GitHub API. Versions 4.23.0 and 4.24.0 of the octokit gem were published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to -rw-rw-rw- i.e. 0666 instead of rw-r--r-- i.e. 0644. This means everyone who is...
Code injection
ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to an upstream kernel change which impacted how python's os.chmod works when passed a mode of '-1'...
CVE-2013-4367
CVE-2013-4367 affects ovirt-engine 3.2 running on Linux kernel 3.1 and newer, where upstream kernel behavior change with os.chmod(-1) causes certain files to become world-writable. This is a local attacker issue with potential exposure of sensitive data, as reflected by CVSS metrics (NVD CVSSv3.1...
World-writeable files may be created in additional shares on a
Description Administrators of the Samba 4.0 Active Directory Domain Controller might unexpectedly find files created world-writeable if additional CIFS file shares are created on the AD DC. By default the AD DC is not vulnerable to this issue, as a specific inheritable ACL is set on the files in...
Ubuntu 4.10 : cpio vulnerability (USN-75-1)
Recently it was discovered that cpio created world-writeable files when used in -o/--create mode with giving an output file with -O. This allowed any user to modify the created cpio archives. Now cpio respects the current umask setting of the user. Note: This vulnerability has already been fixed ...
USN-75-1: cpio vulnerability
Recently it was discovered that cpio created world-writeable files when used in -o/--create mode with giving an output file with -O. This allowed any user to modify the created cpio archives. Now cpio respects the current umask setting of the user. Note: This vulnerability has already been fixed ...
CVE-2003-0150
MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf...
CVE-2003-0150
MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf...
MySQL allows default user to be changed to root via custom "my.cnf" file
Overview MySQL reads configuration options from world-writeable files. This can lead to a remote user gaining elevated privileges. Description A message posted to the bugtraq mailing list details a vulnerability affecting versions of MySQL prior to 3.23.56. MySQL would permit users with 'FILE'...
CVE-1999-1460
BMC PATROL SNMP Agent before 3.2.07 allows local users to create arbitrary world-writeable files as root by specifying the target file as the second argument to the snmpmagt program...