Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
umask project umask vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv2
CVE-2021-31155
Failure to normalize the umask in please prior to 0.4 allows a local malicious user to gain full root privileges if they are allowed to execute at least one command.
Umask Project Umask
5.5
CVSSv2
CVE-2018-14348
libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information.
Libcgroup Project Libcgroup
Debian Debian Linux 8.0
Fedoraproject Fedora 28
4.6
CVSSv2
CVE-2013-2027
Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors.
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Jython Project Jython 2.2.1
7.2
CVSSv2
CVE-2015-5723
Doctrine Annotations prior to 1.2.7, Cache prior to 1.3.2 and 1.4.x prior to 1.4.2, Common prior to 2.4.3 and 2.5.x prior to 2.5.1, ORM prior to 2.4.8 or 2.5.x prior to 2.5.1, MongoDB ODM prior to 1.0.2, and MongoDB ODM Bundle prior to 3.0.1 use world-writable permissions for cac...
Zend Zend-cache 2.5.1
Zend Zend-cache 2.5.0
Zend Zend-cache 2.5.2
Zend Zend-cache
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Doctrine-project Object Relational Mapper 2.5.0
Doctrine-project Object Relational Mapper
Doctrine-project Doctrinemongodbbundle 3.0.0
Zend Zend Framework
Doctrine-project Common
Doctrine-project Common 2.5.0
Doctrine-project Annotations
Doctrine-project Mongodb-odm
Doctrine-project Cache 1.4.0
Doctrine-project Cache 1.4.1
Doctrine-project Cache
Zend Zf-apigility-doctrine
1 Github repository
NA
CVE-2023-38497
Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files...
Rust-lang Cargo
Fedoraproject Fedora 38
2.1
CVSSv2
CVE-2021-21364
swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition. In swagger-codegen before version 2.4.19, on Unix-Like systems, the syste...
Smartbear Swagger-codegen
2.1
CVSSv2
CVE-2005-3146
StoreBackup prior to 1.19 allows local users to perform unauthorized operations on arbitrary files via a symlink attack on temporary files.
Storebackup Storebackup 1.12
Storebackup Storebackup 1.12.1
Storebackup Storebackup 1.12.2
Storebackup Storebackup 1.13
Storebackup Storebackup 1.4
Storebackup Storebackup 1.5
Storebackup Storebackup 1.6
Storebackup Storebackup 1.7
Storebackup Storebackup 1.1
Storebackup Storebackup 1.10.1
Storebackup Storebackup 1.15
Storebackup Storebackup 1.16.1
Storebackup Storebackup 1.18.2
Storebackup Storebackup 1.18.4
Storebackup Storebackup 1.3
Storebackup Storebackup 1.8
Storebackup Storebackup 1.9
Storebackup Storebackup 1.16.2
Storebackup Storebackup 1.17
Storebackup Storebackup 1.18
Storebackup Storebackup 1.18.1
Storebackup Storebackup 1.10
2.1
CVSSv2
CVE-2005-3147
StoreBackup prior to 1.19 creates the backup root with world-readable permissions, which allows local users to obtain sensitive information.
Storebackup Storebackup 1.12.1
Storebackup Storebackup 1.12.2
Storebackup Storebackup 1.13
Storebackup Storebackup 1.14
Storebackup Storebackup 1.5
Storebackup Storebackup 1.6
Storebackup Storebackup 1.7
Storebackup Storebackup 1.8
Storebackup Storebackup 1.10.1
Storebackup Storebackup 1.12
Storebackup Storebackup 1.15
Storebackup Storebackup 1.16.1
Storebackup Storebackup 1.17
Storebackup Storebackup 1.18.4
Storebackup Storebackup 1.3
Storebackup Storebackup 1.9
Storebackup Storebackup 1.1
Storebackup Storebackup 1.18
Storebackup Storebackup 1.18.1
Storebackup Storebackup 1.18.2
Storebackup Storebackup 1.18.3
Storebackup Storebackup 1.10
4.6
CVSSv2
CVE-2005-3148
StoreBackup prior to 1.19 does not properly set the uid and guid for symbolic links (1) that are backed up by storeBackup.pl, or (2) recovered by storeBackupRecover.pl, which could cause files to be restored with incorrect ownership.
Storebackup Storebackup 1.13
Storebackup Storebackup 1.14
Storebackup Storebackup 1.15
Storebackup Storebackup 1.16
Storebackup Storebackup 1.6
Storebackup Storebackup 1.7
Storebackup Storebackup 1.8
Storebackup Storebackup 1.8.1
Storebackup Storebackup 1.9
Storebackup Storebackup 1.10.1
Storebackup Storebackup 1.12
Storebackup Storebackup 1.12.2
Storebackup Storebackup 1.16.1
Storebackup Storebackup 1.17
Storebackup Storebackup 1.3
Storebackup Storebackup 1.5
Storebackup Storebackup 1.1
Storebackup Storebackup 1.10
Storebackup Storebackup 1.18.1
Storebackup Storebackup 1.18.2
Storebackup Storebackup 1.18.3
Storebackup Storebackup 1.18.4
2.1
CVSSv2
CVE-2005-1152
popauth.c in qpopper 4.0.5 and previous versions does not properly set the umask, which may cause qpopper to create files with group or world-writable permissions.
Debian Qpopper
Debian Qpopper 4.0.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »