2831 matches found
CVE-2018-18654
Crossroads 2.81 does not properly handle the /tmp directory during a build of xr. A local attacker can first create a world-writable subdirectory in a certain location under the /tmp directory, wait until a user process copies xr there, and then replace the entire contents of this subdirectory to...
CVE-2018-18654
Crossroads 2.81 does not properly handle the /tmp directory during a build of xr. A local attacker can first create a world-writable subdirectory in a certain location under the /tmp directory, wait until a user process copies xr there, and then replace the entire contents of this subdirectory to...
UBUNTU-CVE-2018-18654
Crossroads 2.81 does not properly handle the /tmp directory during a build of xr. A local attacker can first create a world-writable subdirectory in a certain location under the /tmp directory, wait until a user process copies xr there, and then replace the entire contents of this subdirectory to...
CVE-2018-18654
Removed by vendor...
openSUSE Security Update : rust (openSUSE-2018-1279)
This update for rust fixes the following issues : - CVE-2018-1000622: rustdoc loads plugins from world-writable directory allowing for arbitrary code execution This patch consists of requiring --plugin-path to be passed whenever --plugin is passed Note that rustdoc plugins will be removed entirel...
puppet: Unpacking of tarballs in tar/mini.rb can create files with insecure permissions
In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability...
CVE-2018-16588
Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 SLE-12 and through 4.5-5.39 for SUSE Linux Enterprise 15 SLE-15. Non-existing intermediate directories are created with mode 0777 durin...
Privilege escalation
Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 SLE-12 and through 4.5-5.39 for SUSE Linux Enterprise 15 SLE-15. Non-existing intermediate directories are created with mode 0777 durin...
CVE-2018-16588
Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 SLE-12 and through 4.5-5.39 for SUSE Linux Enterprise 15 SLE-15. Non-existing intermediate directories are created with mode 0777 durin...
Solaris EXTREMEPARR dtappgather Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Solaris 'EXTREMEPARR' dtappgather Privilege Escalation", 'Description' = %q This module exploits a directory traversal vulnerability in the...
CVE-2018-17183
Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code. Mitigation Please refer to the "Mitigation" section of CVE-2018-16509 :...
CVE-2013-4451
gitolite commit fa06a34 through 3.5.3 might allow attackers to have unspecified impact via vectors involving world-writable permissions when creating 1 /.gitolite.rc, 2 /.gitolite, or 3 /repositories/gitolite-admin.git on fresh installs...
Information disclosure
gitolite commit fa06a34 through 3.5.3 might allow attackers to have unspecified impact via vectors involving world-writable permissions when creating 1 /.gitolite.rc, 2 /.gitolite, or 3 /repositories/gitolite-admin.git on fresh installs...
CVE-2013-4451
gitolite commit fa06a34 through 3.5.3 might allow attackers to have unspecified impact via vectors involving world-writable permissions when creating 1 /.gitolite.rc, 2 /.gitolite, or 3 /repositories/gitolite-admin.git on fresh installs...
CVE-2013-4451
CVE-2013-4451 affects gitolite up to version 3.5.3. The issue arises during fresh installs when world-writable permissions are created on setup artifacts, specifically ~/.gitolite.rc, ~/.gitolite, or ~/repositories/gitolite-admin.git, allowing unspecified impact. The connected sources corroborate...
MGASA-2018-0380 Updated libcgroup packages fix security vulnerability
The cgrulesengd daemon cgred in libcgroup through version 0.41 creates log files /var/log/cgred with world readable and writable permissions 0o666 due to a reset of the file mode creation mask umask0 in the daemon/cgrulesengd.c:cgrestartdaemon function CVE-2018-14348...
Updated libcgroup packages fix security vulnerability
The cgrulesengd daemon cgred in libcgroup through version 0.41 creates log files /var/log/cgred with world readable and writable permissions 0o666 due to a reset of the file mode creation mask umask0 in the daemon/cgrulesengd.c:cgrestartdaemon function CVE-2018-14348...
CVE-2018-17183
Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code...
DEBIAN-CVE-2018-17183
Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code...
CVE-2018-17183
Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code...