Design/Logic Flaw

The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/pulp/nodes/" directory, which allows local users to gain access to sensitive data...

CVE-2016-3107

The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/pulp/nodes/" directory, which allows local users to gain access to sensitive data...

CA Client Automation Local Information Disclosure Vulnerability

CA Client Automation is a suite of automation and remote client management tools from CA, Inc.OS Installation Management component is the operating system installation management component. A security vulnerability exists in the OS Installation Management component of CA Client Automation version...

Plaintext Credentials Logged

presto-main logs plaintext database credentials on startup. It loads the credentials stored in a properties file and logs it to a world readable file, server.log...

glusterfs: glusterfs-server %pretrans rpm script temporary file issue

It was found that glusterfs-server RPM package would write file with predictable name into world readable /tmp directory. A local attacker could potentially use this flaw to escalate their privileges to root by modifying the shell script during the installation of the glusterfs-server package...

Information Disclosure

salt is vulnerable to information disclosures. The library stores it secrets in a file called highstate.cache.p that is world readable, allowing a malicious user to access sensitive information...

pulp: Agent certificate containing private key is stored in world-readable file

It was found that the private key for the agent certificate was contained in a world-readable file. A local user could possibly use this flaw to gain access to the private key information in the file...

pulp: Node certificate containing private key stored in world-readable file

It was found that the private key for the node certificate was contained in a world-readable file. A local user could possibly use this flaw to gain access to the private key information in the file...

CVE-2016-0910

EMC Data Domain OS 5.5 before 5.5.4.0, 5.6 before 5.6.1.004, and 5.7 before 5.7.2.0 stores session identifiers of GUI users in a world-readable file, which allows local users to hijack arbitrary accounts via unspecified vectors...

CVE-2016-0910

EMC Data Domain OS 5.5 before 5.5.4.0, 5.6 before 5.6.1.004, and 5.7 before 5.7.2.0 stores session identifiers of GUI users in a world-readable file, which allows local users to hijack arbitrary accounts via unspecified vectors...

Debian DLA-136-1 : websvn security update

James Clawson discovered that websvn, a web viewer for Subversion repositories, would follow symlinks in a repository when presenting a file for download. An attacker with repository write access could thereby access any file on disk readable by the user the webserver runs as. NOTE: Tenable Netwo...

Important: Red Hat Security Advisory: Red Hat JBoss Operations Network 3.3.0 update

Red Hat JBoss Operations Network 3.2.3, which fixes multiple security issues and several bugs, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give...

virt-who: plaintext hypervisor passwords in world-readable /etc/sysconfig/virt-who configuration file

It was discovered that the /etc/sysconfig/virt-who configuration file, which may contain hypervisor authentication credentials, was world-readable. A local user could use this flaw to obtain authentication credentials from this file...

Glibc 2.11.3 / 2.12.x LD_AUDIT libmemusage.so Local Root Exploit

Local root exploit for Glibc versions 2.11.3 and 2.12.x utilizing LDAUDIT libmemusage.so. !/bin/sh + Glibc /tmp/payload.c /dev/null echo "+ Filling the lib file with lib contents." cat /tmp/exploit /lib/sploit.so rm /tmp/payload.c /tmp/exploit echo "+ Executing payload.." LDAUDIT="sploit.so" ping...

CVE-2012-6115

The domain management tool rhevm-manage-domains in Red Hat Enterprise Virtualization Manager RHEV-M 3.1 and earlier, when the validate action is enabled, logs the administrative password to a world-readable log file, which allows local users to obtain sensitive information by reading this file...

CVE-2012-5509

aeolus-configserver-setup in the Aeolas Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for a temporary file in /tmp, which allows local users to read credentials by reading this file...

Installer: Generated auto-install xml is world readable

The GUI installer in JBoss Enterprise Application Platform EAP and Enterprise Web Platform EWP 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by reading this file...

Code injection

Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in a world-readable file, which allows local users to read pulp administrative passwords by reading production.log...

Safend Data Protector information leakage

Private key is logged into user readable file...

FreeBSD : puppet -- multiple vulnerabilities (3a6960ef-c8a8-11e1-9924-001fd0af1a4c)

puppet -- multiple vulnerabilities Arbitrary file read on the puppet master from authenticated clients high. It is possible to construct an HTTP get request from an authenticated client with a valid certificate that will return the contents of an arbitrary file on the Puppet master that the maste...