2831 matches found
Design/Logic Flaw
The rubyparser-legacy aka legacy gem 1.0.0 for Ruby allows local privilege escalation because of world-writable files. For example, if the brakeman gem which has a legacy dependency 4.5.0 through 4.7.0 is used, a local user can insert malicious code into the...
CVE-2019-18409
The rubyparser-legacy aka legacy gem 1.0.0 for Ruby allows local privilege escalation because of world-writable files. For example, if the brakeman gem which has a legacy dependency 4.5.0 through 4.7.0 is used, a local user can insert malicious code into the...
CVE-2019-18409
The CVE-2019-18409 entry concerns the ruby_parser-legacy gem (version 1.0.0) for Ruby, where local privilege escalation is possible due to world-writable files. The Red Hat and other sources reiterate that, for example, if the brakeman gem (with legacy dependency) versions 4.5.0–4.7.0 are used, a...
brakeman world writable files allow local privilege escalation
The rubyparser-legacy aka legacy gem 1.0.0 for Ruby allows local privilege escalation because of world-writable files. For example, if the brakeman gem which has a legacy dependency 4.5.0 through 4.7.0 is used, a local user can insert malicious code into the...
ruby_parser-legacy world writable files allow local privilege escalation
The rubyparser-legacy aka legacy gem 1.0.0 for Ruby allows local privilege escalation because of world-writable files. For example, if the brakeman gem which has a legacy dependency 4.5.0 through 4.7.0 is used, a local user can insert malicious code into the...
Unspecified Vulnerability in GNU Guix
GNU Guix is an open source, cross-platform package manager from the GNU Project. A security vulnerability in GNU Guix version 1.0.1, which stems from the parent directory of the user profile directory being globally writable, can be exploited by a local attacker to gain access to arbitrary users...
CVE-2019-18192
GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365...
CVE-2019-18192
GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365...
Code injection
GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365...
CVE-2019-18192
GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365...
CVE-2019-18192
GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365...
CloudCTI HIP Integrator Recognition Configuration Tool Elevation of Privilege Vulnerability
CloudCTI HIP Integrator Recognition Configuration Tool is an integrator recognition configuration tool from CloudCTI, Netherlands. A security vulnerability exists in the CloudCTI HIP Integrator Recognition Configuration Tool that originates from an elevated privilege process that can execute...
CVE-2019-11528
An issue was discovered in Softing uaGate SI 1.60.01. A system default path for executables is user writable...
CVE-2019-11528
An issue was discovered in Softing uaGate SI 1.60.01. A system default path for executables is user writable...
CVE-2019-11528
An issue was discovered in Softing uaGate SI 1.60.01. A system default path for executables is user writable...
CVE-2019-11528
CVE-2019-11528 affects Softing uaGate SI 1.60.01. The issue is that a system default path for executables is user-writable, allowing an attacker to modify or add executables in that path. No remediation details are provided in the connected documents. If exploiting details are present, they are n...
CVE-2019-17365
Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable...
CVE-2019-17365
Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable...
Code injection
Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable...
CVE-2019-17365
Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable...