Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

umask project umask vulnerabilities and exploits

(subscribe to this query)
7.2
CVSSv2
CVE-2021-31155
Failure to normalize the umask in please prior to 0.4 allows a local malicious user to gain full root privileges if they are allowed to execute at least one command.
Umask Project Umask
7.2
CVSSv2
CVE-2015-5723
Doctrine Annotations prior to 1.2.7, Cache prior to 1.3.2 and 1.4.x prior to 1.4.2, Common prior to 2.4.3 and 2.5.x prior to 2.5.1, ORM prior to 2.4.8 or 2.5.x prior to 2.5.1, MongoDB ODM prior to 1.0.2, and MongoDB ODM Bundle prior to 3.0.1 use world-writable permissions for cac...
Zend Zend-cache 2.5.1Zend Zend-cache 2.5.0Zend Zend-cache 2.5.2Zend Zend-cacheDebian Debian Linux 8.0Debian Debian Linux 7.0Doctrine-project Object Relational Mapper 2.5.0Doctrine-project Object Relational MapperDoctrine-project Doctrinemongodbbundle 3.0.0Zend Zend FrameworkDoctrine-project CommonDoctrine-project Common 2.5.0Doctrine-project AnnotationsDoctrine-project Mongodb-odmDoctrine-project Cache 1.4.0Doctrine-project Cache 1.4.1Doctrine-project CacheZend Zf-apigility-doctrine
7.2
CVSSv2
CVE-2007-4573
The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x prior to 2.6.22.7, when running on the x86_64 architecture, does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to gain privileges by trigger...
Linux Linux Kernel
5.5
CVSSv2
CVE-2018-14348
libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information.
Libcgroup Project LibcgroupDebian Debian Linux 8.0Fedoraproject Fedora 28
4.9
CVSSv2
CVE-2007-3731
The Linux kernel 2.6.20 and 2.6.21 does not properly handle an invalid LDT segment selector in %cs (the xcs field) during ptrace single-step operations, which allows local users to cause a denial of service (NULL dereference and OOPS) via certain code that makes ptrace PTRACE_SET...
Linux Linux Kernel 2.6.21Linux Linux Kernel 2.6.20
4.7
CVSSv2
CVE-2007-3739
mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not prevent stack expansion from entering into reserved kernel page memory, which allows local users to cause a denial of service (OOPS) via unspecified vectors.
Redhat Enterprise Linux 5.0
4.6
CVSSv2
CVE-2013-2027
Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors.
Opensuse Opensuse 13.1Opensuse Opensuse 13.2Jython Project Jython 2.2.1
4.6
CVSSv2
CVE-2005-3148
StoreBackup prior to 1.19 does not properly set the uid and guid for symbolic links (1) that are backed up by storeBackup.pl, or (2) recovered by storeBackupRecover.pl, which could cause files to be restored with incorrect ownership.
Storebackup Storebackup 1.13Storebackup Storebackup 1.14Storebackup Storebackup 1.15Storebackup Storebackup 1.16Storebackup Storebackup 1.6Storebackup Storebackup 1.7Storebackup Storebackup 1.8Storebackup Storebackup 1.8.1Storebackup Storebackup 1.9Storebackup Storebackup 1.10.1Storebackup Storebackup 1.12Storebackup Storebackup 1.12.2Storebackup Storebackup 1.16.1Storebackup Storebackup 1.17Storebackup Storebackup 1.3Storebackup Storebackup 1.5Storebackup Storebackup 1.1Storebackup Storebackup 1.10Storebackup Storebackup 1.18.1Storebackup Storebackup 1.18.2Storebackup Storebackup 1.18.3Storebackup Storebackup 1.18.4
4.4
CVSSv2
CVE-2007-3740
The CIFS filesystem in the Linux kernel prior to 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges.
Linux Linux Kernel 2.2.27Linux Linux Kernel 2.6.21.5Linux Linux Kernel 2.6.20.21Linux Linux Kernel 2.6.18Linux Linux Kernel 2.6.20.16Linux Linux Kernel 2.4.36.2Linux Linux Kernel 2.6.21.6Linux Linux Kernel 2.4.36.6Linux Linux Kernel 2.6.19.7Linux Linux Kernel 2.6.19.4Linux Linux Kernel 2.4.36Linux Linux Kernel 2.4.36.3Linux Linux Kernel 2.6.20.20Linux Linux Kernel 2.6.20.19Linux Linux Kernel 2.6.19.6Linux Linux Kernel 2.4.36.5Linux Linux Kernel 2.4.36.1Linux Linux Kernel 2.6.20.18Linux Linux Kernel 2.6.20.17Linux Linux Kernel 2.6.19.5Linux Linux Kernel 2.6Linux Linux Kernel 2.4.36.4
4.4
CVSSv2
CVE-2007-4849
JFFS2, as used on One Laptop Per Child (OLPC) build 542 and possibly other Linux systems, when POSIX ACL support is enabled, does not properly store permissions during (1) inode creation or (2) ACL setting, which might allow local users to access restricted files or directories a...
One Laptop Per Child Olpc Linux Build 542
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-29895injectCVE-2023-52689CVE-2024-5049CVE-2024-5051privilege escalationphysicalCVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook