Lucene search
K

214 matches found

OSV
OSV
added 2025/02/19 7:17 a.m.6 views

BIT-PYTHON-MIN-2024-3220

There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause MemoryError to be raised on Python runtime startup or have file extensions be interpreted as the...

2.3CVSS6.2AI score0.00498EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/14 4:18 p.m.18 views

CVE-2024-3220 Default mimetype known files writeable on Windows

There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause MemoryError to be raised on Python runtime startup or have file extensions be interpreted as the...

2.3CVSS6.8AI score0.00498EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/20 3:38 p.m.12 views

CVE-2025-22620 gix-worktree-state nonexclusive checkout sets executable files world-writable

gitoxide is an implementation of git written in Rust. Prior to 0.17.0, gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject to the umask. Thi...

5CVSS6.6AI score0.00361EPSS
Exploits0References1
CVE
CVE
added 2025/01/20 3:38 p.m.313 views

CVE-2025-22620

Summary: CVE-2025-22620 affects gitoxide’s gix-worktree-state, where one checkout strategy can apply 0777 permissions to executable files in Unix-like systems, bypassing the umask and potentially making files world-writable. This occurs in the checkout logic depending on destination_is_initially_...

5CVSS5AI score0.00361EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/20 3:38 p.m.27 views

CVE-2025-22620 gix-worktree-state nonexclusive checkout sets executable files world-writable

gitoxide is an implementation of git written in Rust. Prior to 0.17.0, gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject to the umask. Thi...

5CVSS0.00361EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/20 12:0 a.m.6 views

gitoxide 安全漏洞

gitoxide is a git implementation written in Rust by the individual developer Sebastian Thiel. A security vulnerability exists in gitoxide versions prior to 0.17.0, which stems from the fact that files in the repository are globally writable under certain circumstances...

5CVSS6.3AI score0.00361EPSS
Exploits0References2
OSV
OSV
added 2025/01/18 12:0 p.m.13 views

RUSTSEC-2025-0001 gix-worktree-state nonexclusive checkout sets executable files world-writable

Summary gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject to the umask. This causes files in a repository to be world-writable in some...

5CVSS5.6AI score0.00361EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2024/10/15 12:0 a.m.6 views

CVE-2019-3870

...

6.1CVSS6.6AI score0.00552EPSS
Exploits1
OSV
OSV
added 2024/09/16 2:15 a.m.30 views

UBUNTU-CVE-2024-46958

In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files between the server and client may become world writable or world readable. This is fixed in 3.13.4...

9.1CVSS5.8AI score0.00555EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2024/08/24 1:40 a.m.16 views

CVE-2024-43791

A flaw was found in RequestStore, which provides per-request global storage. This flaw allows a malicious user to execute arbitrary code due to global permission issues...

7.8CVSS7.7AI score0.00194EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2024/08/23 3:15 p.m.15 views

CVE-2024-43791

RequestStore provides per-request global storage for Rack. The files published as part of requeststore 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, and most production environments do not...

7.8CVSS7.1AI score0.00194EPSS
Exploits0References2
OSV
OSV
added 2024/08/23 3:15 p.m.45 views

UBUNTU-CVE-2024-43791

RequestStore provides per-request global storage for Rack. The files published as part of requeststore 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, and most production environments do not...

7.8CVSS6AI score0.00194EPSS
Exploits0References3
OSV
OSV
added 2024/08/23 2:39 p.m.22 views

CVE-2024-43791 RequestStore has Incorrect Default Permissions

RequestStore provides per-request global storage for Rack. The files published as part of requeststore 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, and most production environments do not...

7.8CVSS7.5AI score0.00194EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2024/08/23 2:39 p.m.48 views

CVE-2024-43791

RequestStore provides per-request global storage for Rack. The files published as part of requeststore 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, and most production environments do not...

7.8CVSS7.9AI score0.00194EPSS
Exploits0
Amazon
Amazon
added 2024/07/22 12:0 a.m.5 views

Medium: cups

Issue Overview: OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary...

4.4CVSS7.7AI score0.02421EPSS
Exploits1
OSV
OSV
added 2024/06/11 3:16 p.m.4 views

DEBIAN-CVE-2024-35235

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the...

6.7CVSS5.3AI score0.02421EPSS
Exploits1References1
Veracode
Veracode
added 2024/04/03 9:48 a.m.41 views

Information Disclosure

apacheairflow is vulnerable to a Information Disclosure. The vulnerability is due to an insecure umask configuration in numerous Airflow components when running with the --daemon flag, resulting in a race condition that results in setting files within the airflow home directory world writable...

4.7CVSS6.5AI score0.00593EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2024/03/20 5:15 a.m.18 views

CVE-2024-22078

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem permissions. This results in write access for all authenticated users and the possibility to...

8.8CVSS7AI score0.00642EPSS
Exploits0References1
OSV
OSV
added 2024/03/20 5:15 a.m.4 views

CVE-2024-22078

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem permissions. This results in write access for all authenticated users and the possibility to...

8.8CVSS5.8AI score0.00642EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/20 12:0 a.m.16 views

CVE-2024-22078

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem permissions. This results in write access for all authenticated users and the possibility to...

7.2AI score0.00642EPSS
Exploits0References1
Rows per page
Query Builder