2832 matches found
CVE-2019-11485 apport created lock file in wrong directory
Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling...
CVE-2019-11485
CVE-2019-11485 affects the Ubuntu Apport package: the lock file is created in a world-writable directory, allowing a local authenticated user to prevent crash handling. This is a local-priority issue with low to moderate impact as described, and remediation is via the corresponding Ubuntu securit...
CVE-2019-17190
A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe which is running as NT AUTHORITY\SYSTEM when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, th...
CVE-2019-20384
Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners...
Design/Logic Flaw
Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners...
CVE-2020-1606
A path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J-web user to read files with 'world' readable permission and delete files with 'world' writeable permission. This issue does not affect system files that can be accessed only by root user. This issu...
CVE-2019-16784
In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a privileged user at least more than the current one which have his "TempPath" resolving to a world...
PYSEC-2020-175
In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a privileged user at least more than the current one which have his "TempPath" resolving to a world...
Privilege escalation
In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a privileged user at least more than the current one which have his "TempPath" resolving to a world...
kubernetes: Schema info written with world-writeable permissions when cached
A flaw was found in kubectl that leaves http-cache files with read/write permissions for any user. In conjunction with a non-default value for --cache-dir, this may lead to the cache content being placed in a location accessible to other users on the system...
Razer: Aws bucket writable mobile.razer.com
The tester discovered an S3 bucked owned by Mobile that was writeable. No files were present but the permissions were incorrect and subsequently fixed. Razer appreciates the report...
Linux: Separate partition for /tmp
The /tmp directory is a world-writable directory used for temporary storage. This script tests if a separate partition exists for /tmp. Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under...
Linux: Separate partition for /var/tmp
The /var/tmp directory is a world-writable directory used for temporary storage. This script tests if a separate partition exists for /var/tmp. Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify i...
DEBIAN-CVE-2019-19920
sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval rather than direct parsing and/or use of the taint feature. This issue is similar to CVE-2018-11805...
Security Bulletin: Incorrect permissions on CIT files in IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments (CVE-2018-2025)
Summary The IBM Spectrum Protect formerly Tivoli Storage Manager Backup-Archive Client creates directories/files in the CIT directory that have insecure permissions. Vulnerability Details CVEID: CVE-2018-2025 DESCRIPTION: IBM Spectrum Protect Client creates directories/files in the CIT sub...
Reptile Rootkit reptile_cmd Privilege Escalation
This module uses Reptile rootkit's reptilecmd backdoor executable to gain root privileges using the root command. This module has been tested successfully with Reptile from master branch 2019-03-04 on Ubuntu 18.04.3 x64 and Linux Mint 19 x64. This module requires Metasploit:...
kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members
A vulnerability was found in the fs/inode.c:inodeinitowner function logic of the LInux kernel that allows local users to create files with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group an...
CVE-2012-4480
mom creates world-writable pid files in /var/run...
Code injection
mom creates world-writable pid files in /var/run...
CVE-2012-4480
CVE-2012-4480 affects the mom tool, where it creates world-writable PID files in /var/run. This local issue could let an attacker influence PID handling and terminate other processes, as indicated by CNVD/Fedora advisories and the NVD entry. The vulnerability is tied to local access and uncertain...