2836 matches found
Ansible Runner 安全漏洞
Ansible Runner is an open source tool and python library for Ansible. It can help when interacting with Ansible directly or as part of another system. A security vulnerability in Ansible Runner version 2.0.0, which stems from the default temporary file configuration being written to a world R/W...
podman security update
1.6.4-36.0.1 - Reduce unnecessary writable mounts in NaiveDiffDriver Orabug: 31025483 - handle redirect from the docker registry v2 Orabug: 29874238 [email protected] - remove changes in NaiveDiffDriver 1.6.4-36 - update to the latest content of...
CVE-2022-20239
remappfnrange' here may map out of size kernel memory for example, may map the kernel area, and because the 'vma-vmpageprot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID:...
DSpace 路径遍历漏洞
DSpace is an open source turnkey repository application from the DuraSpace community. A path traversal vulnerability exists in DSpace versions 4.0 through 6.3, which stems from a JSPUI in SubmissionController and FileUploadRequest that allows an attacker to create Tomcat/DSpace user-writable file...
DSpace 路径遍历漏洞
DSpace is an open source turnkey repository application from the DuraSpace community. A path traversal vulnerability exists in DSpace versions 4.0 through 6.3, which stems from the intention that the SAF Simple Archive Format package could lead to the creation of files/directories in any location...
TerraformGoat - "Vulnerable By Design" Multi Cloud Deployment Tool
TerraformGoat is selefra research lab's "Vulnerable by Design" multi cloud deployment tool. Currently supported cloud vendors include Alibaba Cloud, Tencent Cloud, Huawei Cloud, Amazon Web Services, Google Cloud Platform, Microsoft Azure. Scenarios ID | Cloud Service Company | Types Of Cloud...
EulerOS Virtualization 2.10.1 : util-linux (EulerOS-SA-2022-2069)
According to the versions of the util-linux package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an...
CVE-2021-45492
In Sage 300 ERP formerly accpac through 6.8.x, the installer configures the C:\Sage\Sage300\Runtime directory to be the first entry in the system-wide PATH environment variable. However, this directory is writable by unprivileged users because the Sage installer fails to set explicit permissions...
PT-2022-12371 · Sage · Sage 300 Erp
Name of the Vulnerable Software and Affected Versions: Sage 300 ERP versions through 6.8.x Description: The installer configures the C:SageSage300Runtime directory to be the first entry in the system-wide PATH environment variable. However, this directory is writable by unprivileged users because...
CVE-2022-20238
'remappfnrange' here may map out of size kernel memory for example, may map the kernel area, and because the 'vma-vmpageprot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID:...
CVE-2022-20238
'remappfnrange' here may map out of size kernel memory for example, may map the kernel area, and because the 'vma-vmpageprot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID:...
CVE-2022-20238
'remappfnrange' here may map out of size kernel memory for example, may map the kernel area, and because the 'vma-vmpageprot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID:...
ASB-A-233154555
'remappfnrange' here may map out of size kernel memory for example, may map the kernel area, and because the 'vma-vmpageprot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploited...
CVE-2014-0068
It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log/watchman.ouput with world writable permission...
CVE-2014-0068
It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log/watchman.ouput with world writable permission...
Red Hat openshift node-utils 安全漏洞
Red Hat openshift node-utils is a cloud application Platform-as-a-Service PaaS package from Red Hat, Inc. A security vulnerability exists in Red Hat openshift node-utils, which originates when watchman creates /var/run/watchman.pid and /var/log/watchman.ouput with global writable privileges...
Insecure Permissions
Overview Affected versions of this package are vulnerable to Insecure Permissions due to the gem file containing world-writeable files. This means everyone who is not the owner Group and Public with access to the instance where this release had been installed could modify the world-writable files...
Insecure Permissions
Overview octopoller is a micro gem for polling and retrying, perfect for making repeating requests. Affected versions of this package are vulnerable to Insecure Permissions due to the gem file containing world-writable files, this means everyone who is not the owner Group and Public with access t...
Improper Access Control
octopoller is vulnerable to improper access control. The vulnerability exists because the files are given with world-writable permission without proper validations which allows a malicious attacker to modify files and change the existing behavior...
CVE-2022-31072
Octokit is a Ruby toolkit for the GitHub API. Versions 4.23.0 and 4.24.0 of the octokit gem were published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to -rw-rw-rw- i.e. 0666 instead of rw-r--r-- i.e. 0644. This means everyone who is...