2 results (0.002 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-32303 – Planet's secret file is created with excessive permissions

https://notcve.org/view.php?id=CVE-2023-32303

Planet is software that provides satellite data. The secret file stores the user's Planet API authentication information. It should only be accessible by the user, but before version 2.0.1, its permissions allowed the user's group and non-group to read the file as well. This issue was patched in version 2.0.1. As a workaround, set the secret file permissions to only user read/write by hand. • https://github.com/planetlabs/planet-client-python/commit/d71415a83119c5e89d7b80d5f940d162376ee3b7 https://github.com/planetlabs/planet-client-python/releases/tag/2.0.1 https://github.com/planetlabs/planet-client-python/security/advisories/GHSA-j5fj-rfh6-qj85 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2

CVE-2009-2937 – Planet 2.0 - HTML Injection

https://notcve.org/view.php?id=CVE-2009-2937

Cross-site scripting (XSS) vulnerability in Planet 2.0 and Planet Venus allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IMG element in a feed. Vulnerabildiad de Secuencias de Comandos en Sitios Cruzados (XSS) en Planet v2.0 y Planet Venus, permite a atacantes remotos inyectar secuencias de comandos Web o HTML de su elección a través del atributo SRC en un elemento IMG en una fuente. • https://www.exploit-db.com/exploits/33219 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546178 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546179 http://intertwingly.net/blog/2009/09/09/Venus-Updates http://lists.planetplanet.org/archives/devel/2009-September/001999.html http://secunia.com/advisories/36636 http://secunia.com/advisories/36766 http://www.securityfocus.com/bid/36392 https://bugzilla.redhat.com/show_bug.cgi?id=522802 https://www.redhat.com/archives • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •