Lucene search
K

2838 matches found

Cvelist
Cvelist
added 2022/10/06 5:14 p.m.21 views

CVE-2022-31252 permissions: chkstat does not check for group-writable parent directories or target files in safeOpen()

A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the...

4.4CVSS4.7AI score0.00139EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/09/20 5:0 p.m.4 views

CVE-2017-20147

In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript uses a PID file that is writable by the smokeping user. By writing arbitrary PIDs to that file, the smokeping user can cause a denial of service to arbitrary PIDs when the service is stopped...

7.3AI score0.00831EPSS
Exploits1References2
OSV
OSV
added 2022/09/19 6:15 p.m.3 views

CVE-2022-40142

A security link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service agents could allow a local attacker to create a writable folder in an arbitrary location and escalate privileges on affected installations. Please note: an attacker mus...

7.8CVSS6.1AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/09/19 6:15 p.m.2 views

CVE-2022-40142

A security link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service agents could allow a local attacker to create a writable folder in an arbitrary location and escalate privileges on affected installations. Please note: an attacker mus...

7.8CVSS7.4AI score0.0034EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/09/19 6:1 p.m.16 views

CVE-2022-40142

A security link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service agents could allow a local attacker to create a writable folder in an arbitrary location and escalate privileges on affected installations. Please note: an attacker mus...

9.2AI score0.0034EPSS
Exploits0References2
OSV
OSV
added 2022/09/03 12:0 a.m.26 views

GHSA-Q8H9-PQCX-59HW Apache Airflow exposes arbitrary file content

In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the --daemon flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via th...

5.7CVSS4.6AI score0.00593EPSS
Exploits0References11
OSV
OSV
added 2022/09/02 7:15 a.m.24 views

CVE-2022-38170

In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the --daemon flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via th...

4.7CVSS4.7AI score0.00593EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/09/02 7:15 a.m.4 views

CVE-2022-38170

In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the --daemon flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via th...

4.7CVSS5.9AI score0.00593EPSS
Exploits0References5
NVD
NVD
added 2022/09/02 7:15 a.m.23 views

CVE-2022-38170

In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the --daemon flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via th...

4.7CVSS0.00593EPSS
Exploits0References4
OSV
OSV
added 2022/09/02 7:15 a.m.19 views

PYSEC-2022-261

In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the --daemon flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via th...

4.7CVSS3.9AI score0.00593EPSS
Exploits0References4
PyPA
PyPA
added 2022/09/02 7:15 a.m.8 views

PYSEC-2022-261

In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the --daemon flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via th...

4.7CVSS6.6AI score0.00593EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2022/09/02 7:15 a.m.18 views

Race condition

In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the --daemon flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via th...

1CVSS4.7AI score0.00593EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2022/09/02 7:10 a.m.35 views

CVE-2022-38170 Overly permissive umask for daemons

In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the --daemon flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via th...

5AI score0.00593EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/09/02 12:0 a.m.2 views

CVE-2022-31252

A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the...

4.4CVSS5.8AI score0.00139EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/09/02 12:0 a.m.5 views

PT-2022-24256 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.3.4 Description: The issue is related to an insecure umask configuration in Apache Airflow when running with the --daemon flag. This could lead to a race condition, resulting in world-writable files in the...

5.7CVSS4.6AI score0.00593EPSS
Exploits0References15
Microsoft CVE
Microsoft CVE
added 2022/08/31 7:0 a.m.3 views

A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS.

...

7.8CVSS6.8AI score0.01018EPSS
Exploits2
NVD
NVD
added 2022/08/23 8:15 p.m.21 views

CVE-2021-3996

A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves like /tmp or mounted in a...

5.5CVSS0.00634EPSS
Exploits3References10
OSV
OSV
added 2022/08/23 8:15 p.m.3 views

DEBIAN-CVE-2021-3996

A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves like /tmp or mounted in a...

5.5CVSS6AI score0.00634EPSS
Exploits3References1
OSV
OSV
added 2022/08/23 8:15 p.m.4 views

ALPINE-CVE-2021-3996

A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves like /tmp or mounted in a...

5.5CVSS6.5AI score0.00634EPSS
Exploits3References1
OSV
OSV
added 2022/08/23 4:15 p.m.2 views

DEBIAN-CVE-2021-3701

A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 are written to world R/W locations. This flaw allows an attacker to pre-create the directory, resulting in reading private information or forcing ansible-runner to write files as the legitimate use...

6.6CVSS7AI score0.00264EPSS
Exploits0References1
Rows per page
Query Builder