183 matches found
[SECURITY] Fedora 40 Update: rust-writeable-0.5.5-3.fc40
A more efficient alternative to fmt::Display...
[SECURITY] Fedora 42 Update: rust-writeable-0.5.5-3.fc42
A more efficient alternative to fmt::Display...
CVE-2024-7834
The CVE-2024-7834 entry concerns Overwolf. Affected: Overwolf software (frames/SDK) that loads and executes certain DLLs from a user-writable folder during startup, running in SYSTEM context. Root cause: untrusted DLLs placed in the user-writable location are loaded on launch, enabling local priv...
Samba Symlink Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Samba Symlink Directory Traversal', 'Description' = %Q This module exploits a directory traversal flaw in the Samba CIFS server. To exploit this...
CVE-2024-3913
An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup...
CVE-2024-3913
CVE-2024-3913 affects Phoenix Contact CHARX SEC-3100. An unauthenticated remote attacker can change device configuration via a file that is writable for a short window after system startup. Public details identify the product and the timing window; no fix/version is provided in the connected sour...
CVE-2024-3913 Phoenix Contact: Start sequence allows attack during the boot process
An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup...
CVE-2024-3913 Phoenix Contact: Start sequence allows attack during the boot process
An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup...
RHEL 8 : mysql (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - mysql: pid file can be created in a world-writeable directory CPU Apr 2018 CVE-2018-2773 Note that Nessus has not...
RHEL 5 / 6 : CloudForms System Engine 1.1 update (Important) (RHSA-2012:1543)
The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1543 advisory. Red Hat CloudForms is an on-premise hybrid cloud Infrastructure-as-a-Service IaaS product that lets you create and manage private and...
Oracle Linux 7 : kubernetes (ELSA-2019-4716)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-4716 advisory. - OLCNE-494 CVE-2019-11244 fix CVE-2019-11244: 'kubectl --http-cache=' Tenable has extracted the preceding description block directly from the Oracle Linux...
Oracle Linux 7 : kubeadm-ha-setup (ELSA-2019-4717)
The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2019-4717 advisory. 0.0.2-1.0.52 - OLCNE-678 Restore fails when trying to restore after a failed update 0.0.2-1.0.51 - OLCNE-667 Minor version update doesn't update kubeadm on all...
CVE-2023-28960 Junos OS Evolved: Docker repository is world-writeable, allowing low-privileged local user to inject files into Docker containers
An Incorrect Permission Assignment for Critical Resource vulnerability in Juniper Networks Junos OS Evolved allows a local, authenticated low-privileged attacker to copy potentially malicious files into an existing Docker container on the local system. A follow-on administrator could then...
Exploit for Integer Underflow (Wrap or Wraparound) in Microsoft
CVE-2021-31956 pretty stable exploit on win10 20h2...
CVE-2022-31072
Octokit is a Ruby toolkit for the GitHub API. Versions 4.23.0 and 4.24.0 of the octokit gem were published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to -rw-rw-rw- i.e. 0666 instead of rw-r--r-- i.e. 0644. This means everyone who is...
CVE-2022-31071
Octopoller is a micro gem for polling and retrying. Version 0.2.0 of the octopoller gem was published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to -rw-rw-rw- i.e. 0666 instead of rw-r--r-- i.e. 0644. This means everyone who is not t...
CVE-2022-31071 Octopoller gem published with world-writable files
Octopoller is a micro gem for polling and retrying. Version 0.2.0 of the octopoller gem was published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to -rw-rw-rw- i.e. 0666 instead of rw-r--r-- i.e. 0644. This means everyone who is not t...
CVE-2022-31072
The CVE affects the Ruby Octokit gem; versions 4.23.0 and 4.24.0 ship world-writable files (permissions 0666) instead of 0644, enabling modification by non-owners in affected environments. The root cause is improper packaging of files during these releases. A fix is available in Octokit 4.25.0. W...
CVE-2022-31072 Octokit gem published with world-writable files
Octokit is a Ruby toolkit for the GitHub API. Versions 4.23.0 and 4.24.0 of the octokit gem were published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to -rw-rw-rw- i.e. 0666 instead of rw-r--r-- i.e. 0644. This means everyone who is...
Exploit for Code Injection in Oracle Fusion_Middleware
CVE-2022-22965 - vulnerable app and PoC ------------------------...