PYSEC-2025-28

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. On Linux systems, when temporary credential...

Snowflake JDBC uses insecure temporary credential cache file permissions

Issue Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. On Linux systems, when temporary credential caching is enabled, the Snowflake JDBC Driver will cache temporary credentials locally in a world-readable file. This vulnerability affects versions 3.6.8 through...

PT-2025-5576 · Snowflake · Snowflake Connector For Python

Name of the Vulnerable Software and Affected Versions: Snowflake Connector for Python versions 2.3.7 through 3.13.0 Description: The Snowflake Connector for Python stores temporary credentials locally in a world-readable file when temporary credential caching is enabled on Linux systems. This iss...

Franklin Fueling TS-550 EVO Automatic Tank Gauge 安全漏洞

Franklin Fueling TS-550 EVO Automatic Tank Gauge is an automated industrial tank gauge from Franklin Fueling USA. A security vulnerability previously existed in the Franklin Fueling TS-550 EVO Automatic Tank Gauge version 2.26.4.8967, which stemmed from administrator credentials being stored in a...

CVE-2024-41954

Summary: CVE-2024-41954 affects FOGProject. The vulnerable component is the /opt/fog/.fogsettings file, which stores plaintext service account credentials and is readable by all users on the host. Exploitation of these credentials could allow a malicious user to create new web-application account...

PT-2024-21704 · Toshiba · Toshiba Printers

Name of the Vulnerable Software and Affected Versions: Toshiba printers affected versions not specified Description: It was observed that all the Toshiba printers contain credentials used for WebDAV access in a readable file, allowing for full access with WebDAV to the printer. Recommendations: A...

Moderate: Red Hat Security Advisory: rpm-ostree security update

An update for rpm-ostree is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

PT-2024-5018 · Unknown +2 · Rpm-Ostree +2

Name of the Vulnerable Software and Affected Versions: rpm-ostree affected versions not specified Description: A security issue has been found in rpm-ostree, related to the /etc/shadow file having the world-readable bit enabled in default builds. This is due to default permissions being set highe...

foreman: World readable file containing secrets

A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable...

Moderate: Red Hat Security Advisory: Satellite 6.14.1 Async Security Update

Updated Satellite 6.14 packages that fixes Important security bugs and several regular bugs are now available for Red Hat Satellite. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet...

foreman: World readable file containing secrets

A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable...

SUSE CVE-2011-2916

qtnx 0.9 stores non-custom SSH keys in a world-readable configuration file. If a user has a world-readable or world-executable home directory, another local system user could obtain the private key used to connect to remote NX sessions...

SUSE CVE-2017-9615

Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-readable file...

NOKIA 1350 OMS 日志信息泄露漏洞

NOKIA 1350 OMS is an optical management system from Nokia Finland. A log information disclosure vulnerability exists in NOKIA 1350 OMS version R14.2, which arises from the insertion of sensitive information into an application log file, where a web application stores critical information in a...

NanoHTTPD 安全漏洞

NanoHTTPD is a lightweight HTTP server designed to be embedded in other applications, released under a modified BSD license. An information disclosure vulnerability exists in all versions of the NanoHTTPD package. The vulnerability stems from the fact that when an HTTP request body is parsed in a...

cloud-init: randomly generated passwords logged in clear-text to world-readable file

A flaw was found in cloud-init. When a system is configured through cloud-init and the "Set Passwords" module is used with "chpasswd" directive and "RANDOM", the randomly generated password for the relative user is written in clear-text in a file readable by any existing user of the system. The...

cloud-init: randomly generated passwords logged in clear-text to world-readable file

A flaw was found in cloud-init. When a system is configured through cloud-init and the "Set Passwords" module is used with "chpasswd" directive and "RANDOM", the randomly generated password for the relative user is written in clear-text in a file readable by any existing user of the system. The...

CentOS 8 : cloud-init (CESA-2021:3081)

The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2021:3081 advisory. - cloud-init: randomly generated passwords logged in clear-text to world-readable file CVE-2021-3429 Note that Nessus has not tested for this issue but has...

cloud-init: randomly generated passwords logged in clear-text to world-readable file

A flaw was found in cloud-init. When a system is configured through cloud-init and the "Set Passwords" module is used with "chpasswd" directive and "RANDOM", the randomly generated password for the relative user is written in clear-text in a file readable by any existing user of the system. The...

RLSA-2021:3081 Moderate: cloud-init security update

The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Security Fixes: cloud-init: randomly generated passwords logged in clear-text to...