Lucene search
K

2839 matches found

ATTACKERKB
ATTACKERKB
added 2023/05/30 4:15 a.m.3 views

CVE-2023-34204

imapsync through 2.229 uses predictable paths under /tmp and /var/tmp in its default mode of operation. Both of these are typically world-writable, and thus for example an attacker can modify imapsync's cache and overwrite files belonging to the user who runs it...

6.5CVSS6.2AI score0.00625EPSS
Exploits1References2
NVD
NVD
added 2023/05/30 4:15 a.m.14 views

CVE-2023-34204

imapsync through 2.229 uses predictable paths under /tmp and /var/tmp in its default mode of operation. Both of these are typically world-writable, and thus for example an attacker can modify imapsync's cache and overwrite files belonging to the user who runs it...

6.5CVSS6.5AI score0.00625EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/05/30 12:0 a.m.10 views

PT-2023-24735 · Imapsync · Imapsync

Name of the Vulnerable Software and Affected Versions: imapsync versions through 2.229 Description: The issue concerns the use of predictable paths under /tmp and /var/tmp in the default mode of operation. Since these paths are typically world-writable, an attacker can modify imapsync's cache and...

6.5CVSS6.9AI score0.00625EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/05/30 12:0 a.m.22 views

CVE-2023-34204

imapsync through 2.229 uses predictable paths under /tmp and /var/tmp in its default mode of operation. Both of these are typically world-writable, and thus for example an attacker can modify imapsync's cache and overwrite files belonging to the user who runs it...

6.7AI score0.00625EPSS
Exploits1References1
NVD
NVD
added 2023/05/29 8:15 p.m.16 views

CVE-2023-30571

Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask call inside archivewritediskposix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race...

5.3CVSS4.6AI score0.00192EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/05/29 8:15 p.m.5 views

CVE-2023-30571

Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask call inside archivewritediskposix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race...

5.3CVSS6.3AI score0.00192EPSS
Exploits0References3
OSV
OSV
added 2023/05/29 8:15 p.m.3 views

DEBIAN-CVE-2023-30571

Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask call inside archivewritediskposix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race...

5.3CVSS5.2AI score0.00192EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2023/05/29 8:15 p.m.24 views

CVE-2023-30571

Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask call inside archivewritediskposix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race...

5.3CVSS6.7AI score0.00192EPSS
Exploits0
OSV
OSV
added 2023/05/29 8:15 p.m.2 views

UBUNTU-CVE-2023-30571

Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask call inside archivewritediskposix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race...

5.3CVSS6AI score0.00192EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2023/05/29 12:0 a.m.13 views

CVE-2023-30571

Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask call inside archivewritediskposix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race...

5.3CVSS4.5AI score0.00192EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2023/05/29 12:0 a.m.9 views

CVE-2023-30571

Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask call inside archivewritediskposix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race...

3.9CVSS6.5AI score0.00192EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/05/28 12:0 a.m.4 views

PT-2023-35518 · Oracle · Java

Name of the Vulnerable Software and Affected Versions: Java affected versions not specified Description: A security exception occurs due to an issue in the java.awt.image package, specifically in the DataBufferInt constructor, which is called by Raster.createPackedRaster and...

7AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/05/24 5:30 p.m.46 views

nfpm has incorrect default permissions

Summary When building packages directly from source control, file permissions on the checked-in files are not maintained. Details When building packages directly from source control, file permissions on the checked-in files are not maintained. When nfpm packaged the files without extra config for...

7.1CVSS6.7AI score0.00384EPSS
Exploits1References5Affected Software2
Positive Technologies
Positive Technologies
added 2023/05/24 12:0 a.m.3 views

PT-2023-23971 · Nfpm · Nfpm

Name of the Vulnerable Software and Affected Versions: nfpm affected versions not specified Description: The issue arises when nfpm packages files without maintaining the original file permissions from the source control. This can result in files being packaged with incorrect permissions, such as...

7.1CVSS6.7AI score0.00384EPSS
Exploits1References10
Ubuntu
Ubuntu
added 2023/05/23 2:7 p.m.85 views

USN-6088-2: runC vulnerabilities

USN-6088-1 fixed vulnerabilities in runC. This update provides the corresponding updates for Ubuntu 16.04 LTS. It was discovered that runC incorrectly performed access control when mounting /proc to non-directories. An attacker could possibly use this issue to escalate privileges. CVE-2019-19921...

7.8CVSS7.2AI score0.01663EPSS
Exploits3
OSV
OSV
added 2023/05/18 10:3 a.m.5 views

USN-6088-1 runc vulnerabilities

It was discovered that runC incorrectly made /sys/fs/cgroup writable when in rootless mode. An attacker could possibly use this issue to escalate privileges. CVE-2023-25809 It was discovered that runC incorrectly performed access control when mounting /proc to non-directories. An attacker could...

7.8CVSS6.9AI score0.00448EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2023/05/10 12:0 a.m.4 views

PT-2023-3613 · Netskope · Netskope Client Service

Name of the Vulnerable Software and Affected Versions: Netskope client service versions prior to R96 Description: The issue is related to a synchronization error when using a shared resource, which can be exploited by a malicious local user to elevate privileges. The Netskope client service runs ...

7CVSS6.6AI score0.00161EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/05/09 12:0 a.m.6 views

PT-2023-21098 · Siemens · Scalance Lpe9403

Name of the Vulnerable Software and Affected Versions: SCALANCE LPE9403 versions prior to V2.1 Description: A vulnerability has been identified where the i2c mutex file is created with the permissions bits of -rw-rw-rw-. This file is used as a mutex for multiple applications interacting with i2c...

3.3CVSS3.7AI score0.00169EPSS
Exploits0References3
OSV
OSV
added 2023/04/06 8:15 p.m.14 views

CVE-2023-29465

SageMath FlintQS 1.0 relies on pathnames under TMPDIR typically world-writable, which for example allows a local user to overwrite files with the privileges of a different user who is running FlintQS...

5.5CVSS5.7AI score
Exploits0References2
Veracode
Veracode
added 2023/04/05 8:16 a.m.30 views

Improper Access Control

github.com/opencontainers/runc is vulnerable to Improper Access Control. The vulnerability exists because the rootless runc makes /sys/fs/cgroup writable when runc is executed inside the user namespace, and the config.json does not specify the cgroup namespace to be unshared e.g..,...

6.3CVSS6.6AI score0.00327EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder