CVE-2021-24032

MEDIUM Year: 2021
CVSS v3 Score
4.7
Medium
CVSS v2 Score
1.9
Low
Weakness Type
CWE-277
View all →

Vulnerability Description

Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.

Related Vulnerabilities

CVE-2019-5068

MEDIUM
CVSS:5.1(Medium)

An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to ...

CWE-2772019

CVE-2023-29065

MEDIUM
CVSS:4.3(Medium)

The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be us...

CWE-2772023

CVE-2021-32725

MEDIUM
CVSS:5.3(Medium)

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, default share permissions were not being respected for federated reshares of files ...

CWE-2772021

CVE-2021-24031

MEDIUM
CVSS:5.5(Medium)

In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output fi...

CWE-2772021

CVE-2023-28207

MEDIUM
CVSS:5.5(Medium)

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A plug-in may be able to inherit app permissions and access user d...

CWE-2772023

CVE-2023-34391

MEDIUM
CVSS:5.5(Medium)

Insecure Inherited Permissions vulnerability in Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC Software on Windows allows Leveraging/Manipulating Configuration File Search Paths. See In...

CWE-2772023