Lucene search
K

2831 matches found

Prion
Prion
added 2019/10/24 2:15 p.m.17 views

Design/Logic Flaw

The rubyparser-legacy aka legacy gem 1.0.0 for Ruby allows local privilege escalation because of world-writable files. For example, if the brakeman gem which has a legacy dependency 4.5.0 through 4.7.0 is used, a local user can insert malicious code into the...

4.6CVSS7.7AI score0.00332EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/10/24 1:59 p.m.17 views

CVE-2019-18409

The rubyparser-legacy aka legacy gem 1.0.0 for Ruby allows local privilege escalation because of world-writable files. For example, if the brakeman gem which has a legacy dependency 4.5.0 through 4.7.0 is used, a local user can insert malicious code into the...

7.8AI score0.00332EPSS
Exploits1References1
CVE
CVE
added 2019/10/24 1:59 p.m.96 views

CVE-2019-18409

The CVE-2019-18409 entry concerns the ruby_parser-legacy gem (version 1.0.0) for Ruby, where local privilege escalation is possible due to world-writable files. The Red Hat and other sources reiterate that, for example, if the brakeman gem (with legacy dependency) versions 4.5.0–4.7.0 are used, a...

7.8CVSS7.7AI score0.00332EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2019/10/24 12:0 a.m.24 views

brakeman world writable files allow local privilege escalation

The rubyparser-legacy aka legacy gem 1.0.0 for Ruby allows local privilege escalation because of world-writable files. For example, if the brakeman gem which has a legacy dependency 4.5.0 through 4.7.0 is used, a local user can insert malicious code into the...

7.8CVSS3.3AI score0.00332EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2019/10/24 12:0 a.m.22 views

ruby_parser-legacy world writable files allow local privilege escalation

The rubyparser-legacy aka legacy gem 1.0.0 for Ruby allows local privilege escalation because of world-writable files. For example, if the brakeman gem which has a legacy dependency 4.5.0 through 4.7.0 is used, a local user can insert malicious code into the...

7.8CVSS3.2AI score0.00332EPSS
Exploits1References1
CNVD
CNVD
added 2019/10/18 12:0 a.m.3 views

Unspecified Vulnerability in GNU Guix

GNU Guix is an open source, cross-platform package manager from the GNU Project. A security vulnerability in GNU Guix version 1.0.1, which stems from the parent directory of the user profile directory being globally writable, can be exploited by a local attacker to gain access to arbitrary users...

7.8CVSS6.9AI score0.00344EPSS
Exploits1References1
OSV
OSV
added 2019/10/17 8:15 p.m.3 views

CVE-2019-18192

GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365...

7.8CVSS7.2AI score0.00344EPSS
Exploits1References2
NVD
NVD
added 2019/10/17 8:15 p.m.31 views

CVE-2019-18192

GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365...

7.8CVSS7.7AI score0.00344EPSS
Exploits1References2
Prion
Prion
added 2019/10/17 8:15 p.m.19 views

Code injection

GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365...

4.6CVSS7.6AI score0.00433EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2019/10/17 7:6 p.m.35 views

CVE-2019-18192

GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365...

7.7AI score0.00344EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2019/10/17 7:6 p.m.24 views

CVE-2019-18192

GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365...

7.8CVSS7.7AI score0.00344EPSS
Exploits1
CNVD
CNVD
added 2019/10/16 12:0 a.m.3 views

CloudCTI HIP Integrator Recognition Configuration Tool Elevation of Privilege Vulnerability

CloudCTI HIP Integrator Recognition Configuration Tool is an integrator recognition configuration tool from CloudCTI, Netherlands. A security vulnerability exists in the CloudCTI HIP Integrator Recognition Configuration Tool that originates from an elevated privilege process that can execute...

7.8CVSS7AI score0.0047EPSS
Exploits2References1
NVD
NVD
added 2019/10/10 8:15 p.m.23 views

CVE-2019-11528

An issue was discovered in Softing uaGate SI 1.60.01. A system default path for executables is user writable...

7.5CVSS7.6AI score0.01153EPSS
Exploits1References1
OSV
OSV
added 2019/10/10 8:15 p.m.5 views

CVE-2019-11528

An issue was discovered in Softing uaGate SI 1.60.01. A system default path for executables is user writable...

7.5CVSS7.1AI score0.01153EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/10/10 7:30 p.m.22 views

CVE-2019-11528

An issue was discovered in Softing uaGate SI 1.60.01. A system default path for executables is user writable...

7.6AI score0.01153EPSS
Exploits1References1
CVE
CVE
added 2019/10/10 7:30 p.m.101 views

CVE-2019-11528

CVE-2019-11528 affects Softing uaGate SI 1.60.01. The issue is that a system default path for executables is user-writable, allowing an attacker to modify or add executables in that path. No remediation details are provided in the connected documents. If exploiting details are present, they are n...

7.5CVSS7.5AI score0.01153EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2019/10/09 10:15 p.m.17 views

CVE-2019-17365

Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable...

7.8CVSS7.7AI score0.00433EPSS
Exploits1References3
OSV
OSV
added 2019/10/09 10:15 p.m.7 views

CVE-2019-17365

Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable...

7.8CVSS6.8AI score
Exploits0References3
Prion
Prion
added 2019/10/09 10:15 p.m.21 views

Code injection

Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable...

4.6CVSS7.7AI score0.00433EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2019/10/09 9:19 p.m.18 views

CVE-2019-17365

Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable...

7.7AI score0.00433EPSS
Exploits1References3
Rows per page
Query Builder