Lucene search
K

2835 matches found

Prion
Prion
added 2022/06/15 11:15 p.m.13 views

Design/Logic Flaw

Octokit is a Ruby toolkit for the GitHub API. Versions 4.23.0 and 4.24.0 of the octokit gem were published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to -rw-rw-rw- i.e. 0666 instead of rw-r--r-- i.e. 0644. This means everyone who is...

2.1CVSS3.7AI score0.00251EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/06/15 11:15 p.m.3 views

UBUNTU-CVE-2022-31072

Octokit is a Ruby toolkit for the GitHub API. Versions 4.23.0 and 4.24.0 of the octokit gem were published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to -rw-rw-rw- i.e. 0666 instead of rw-r--r-- i.e. 0644. This means everyone who is...

3.3CVSS5.7AI score0.00251EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/06/15 10:35 p.m.5 views

CVE-2022-31071 Octopoller gem published with world-writable files

Octopoller is a micro gem for polling and retrying. Version 0.2.0 of the octopoller gem was published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to -rw-rw-rw- i.e. 0666 instead of rw-r--r-- i.e. 0644. This means everyone who is not t...

2.5CVSS3.7AI score0.00214EPSS
Exploits0References2
CVE
CVE
added 2022/06/15 10:35 p.m.77 views

CVE-2022-31071

The CVE-2022-31071 affects the Ruby gem octopoller, specifically version 0.2.0, where world-writable files were included in the package (permissions 0666 instead of 0644). This permits modification of gem files by anyone on the host, potentially altering behavior at runtime. The issue was fixed i...

3.3CVSS3.5AI score0.00214EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/06/15 10:35 p.m.37 views

CVE-2022-31071 Octopoller gem published with world-writable files

Octopoller is a micro gem for polling and retrying. Version 0.2.0 of the octopoller gem was published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to -rw-rw-rw- i.e. 0666 instead of rw-r--r-- i.e. 0644. This means everyone who is not t...

2.5CVSS4.1AI score0.00214EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/06/15 10:35 p.m.5 views

CVE-2022-31072 Octokit gem published with world-writable files

Octokit is a Ruby toolkit for the GitHub API. Versions 4.23.0 and 4.24.0 of the octokit gem were published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to -rw-rw-rw- i.e. 0666 instead of rw-r--r-- i.e. 0644. This means everyone who is...

2.5CVSS3.8AI score0.00251EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/06/15 10:35 p.m.46 views

CVE-2022-31072 Octokit gem published with world-writable files

Octokit is a Ruby toolkit for the GitHub API. Versions 4.23.0 and 4.24.0 of the octokit gem were published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to -rw-rw-rw- i.e. 0666 instead of rw-r--r-- i.e. 0644. This means everyone who is...

2.5CVSS4.1AI score0.00251EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2022/06/15 10:35 p.m.28 views

CVE-2022-31072

Octokit is a Ruby toolkit for the GitHub API. Versions 4.23.0 and 4.24.0 of the octokit gem were published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to -rw-rw-rw- i.e. 0666 instead of rw-r--r-- i.e. 0644. This means everyone who is...

3.3CVSS3.5AI score0.00251EPSS
Exploits0
OSV
OSV
added 2022/06/15 9:24 p.m.20 views

GHSA-G28X-PGR3-QQX6 Octokit gem published with world-writable files

Impact Versions 4.23.0 and 4.24.0 of the octokit gem were published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to -rw-rw-rw- i.e. 0666 instead of rw-r--r-- i.e. 0644. This means everyone who is not the owner Group and Public with...

2.5CVSS3.7AI score0.00251EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/06/15 9:24 p.m.29 views

Octokit gem published with world-writable files

Impact Versions 4.23.0 and 4.24.0 of the octokit gem were published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to -rw-rw-rw- i.e. 0666 instead of rw-r--r-- i.e. 0644. This means everyone who is not the owner Group and Public with...

3.3CVSS4.8AI score0.00251EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/15 9:24 p.m.34 views

Octopoller gem published with world-writable files

Impact Version 0.2.0 of the octopoller gem was published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to -rw-rw-rw- i.e. 0666 instead of rw-r--r-- i.e. 0644. This means everyone who is not the owner Group and Public with access to the...

3.3CVSS4.7AI score0.00214EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/06/15 9:24 p.m.25 views

GHSA-26QJ-CR27-R5C4 Octopoller gem published with world-writable files

Impact Version 0.2.0 of the octopoller gem was published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to -rw-rw-rw- i.e. 0666 instead of rw-r--r-- i.e. 0644. This means everyone who is not the owner Group and Public with access to the...

2.5CVSS3.7AI score0.00214EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/06/15 12:0 a.m.4 views

Octopoller 安全漏洞

Octopoller is an Octokit open source micro gem for polling and retrying. A security vulnerability exists in Octopoller version 0.2.0, which stems from a problem with the permissions settings of files contained in the gem, and can be used to modify globally writable files in the gem...

3.3CVSS4.9AI score0.00214EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/06/15 12:0 a.m.5 views

Octokit 安全漏洞

Octokit is a Ruby toolkit for the GitHub API. A security vulnerability exists in Octokit versions 4.23.0 and 4.24.0, which stems from a problem with the permissions settings of files contained in the gem, and can be used by an attacker to modify globally writable files in this gem...

3.3CVSS5AI score0.00251EPSS
Exploits0References3
RubySec
RubySec
added 2022/06/15 12:0 a.m.15 views

Octopoller gem published with world-writable files

Impact Version 0.2.0 of the octopoller gem was published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to -rw-rw-rw- i.e. 0666 instead of rw-r--r-- i.e. 0644. This means everyone who is not the owner Group and Public with access to the...

3.3CVSS2.3AI score0.00214EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/06/15 12:0 a.m.21 views

Octokit gem published with world-writable files

Impact Versions 4.23.0 and 4.24.0 of the octokit gem were published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to -rw-rw-rw- i.e. 0666 instead of rw-r--r-- i.e. 0644. This means everyone who is not the owner Group and Public with...

3.3CVSS2.1AI score0.00251EPSS
Exploits0References1Affected Software1
Exploit DB
Exploit DB
added 2022/06/14 12:0 a.m.481 views

phpIPAM 1.4.5 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: phpIPAM 1.4.5 - Remote Code Execution RCE Authenticated Date: 2022-04-10 Exploit Author: Guilherme '@behiNdyk1' Alves Vendor Homepage: https://phpipam.net/ Software Link: https://github.com/phpipam/phpipam/releases/tag/v1.4.5 Version: 1.4.5 Tested on: Linux Ubuntu 20.04.3 LTS...

7.4AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/06/09 5:15 p.m.2 views

CVE-2022-26363

x86 pv: Insufficient care with non-coherent mappings This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to...

7.2CVSS7AI score0.00341EPSS
Exploits0References10
OSV
OSV
added 2022/06/09 5:15 p.m.2 views

ALPINE-CVE-2022-26362

x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by...

6.4CVSS6.7AI score0.00379EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/05/17 3:44 a.m.22 views

Doctrine Security Misconfiguration Vulnerability

Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local...

7.8CVSS7.6AI score0.00381EPSS
Exploits0References19Affected Software11
Rows per page
Query Builder