CVE-2026-4387

StrongDM Desktop Application before 23.74.0 Desktop Client before 53.77.0 on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a per-user state file located at C:\Users\.sdm\state.kv. The file is protected only by default...

StrongDM 安全漏洞

StrongDM is an infrastructure access management platform developed by the US company StrongDM. Versions of StrongDM prior to 23.74.0 contained security vulnerabilities. These vulnerabilities stemmed from the storage of authentication status in plaintext, including JSON Web Tokens and key material...

Tunnelblick 安全漏洞

Tunnelblick is a graphical user interface tool for the OpenVPN client developed by Tunnelblick. There are security vulnerabilities in versions 3.3beta26 to 9.0beta01 of Tunnelblick. These vulnerabilities stem from a symbolic link follow-up vulnerability in tunnelblick-helper, which may allow any...

NewStart CGSL MAIN 6.06 : postfix Multiple Vulnerabilities (NS-SA-2025-0220)

The remote NewStart CGSL host, running version MAIN 6.06, has postfix packages installed that are affected by multiple vulnerabilities: - The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are...

Linux Distros Unpatched Vulnerability : CVE-2024-21164

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 7.0.20. Difficult ...

CVE-2021-28100

Priam uses File.createTempFile, which gives the permissions on that file -rw-r--r--. An attacker with read access to the local filesystem can read anything written there by the Priam process...

CVE-2023-43035

IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 allows web pages to be stored locally which can be read by another user on the system...

Medium: apr

Issue Overview: Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. This issue does not affect non-Unix platforms, or builds with APRUSESHMEMSHMGET=1 apr...

SUSE CVE-2005-2851

smb4k 0.4 and other versions before 0.6.3 allows local users to read sensitive files via a symlink attack on the 1 smb4k.tmp or 2 sudoers temporary files...

SUSE CVE-2011-4578

event.c in acpid aka acpid2 before 2.0.11 does not have an appropriate umask setting during execution of event-handler scripts, which might allow local users to 1 perform write operations within directories created by a script, or 2 read files created by a script, via standard filesystem system...

CVE-2021-36799

KNX ETS5 through 5.7.6 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2019-4465

IBM Cloud Pak System 2.3 and 2.3.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 163774...

IBM BigFix Compliance Analytics Information Disclosure Vulnerability

IBM BigFix Compliance Analytics TEMA SUAv1 SCA SCM is a suite of systems management software from IBM in the United States. The software provides remote control, patch management, software distribution, operating system deployment, network access protection and other functions. A security...

UBUNTU-CVE-2016-4036

The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE Linux Enterprise Server 11 SP 1 uses weak permissions for /etc/quagga, which allows local users to obtain sensitive information by reading files in the directory...

UBUNTU-CVE-2013-0347

The Gentoo init script for webfs uses world-readable permissions for /var/log/webfsd.log, which allows local users to have unspecified impact by reading the file...