libvirt 安全漏洞

libvirt is libvirt's open source Linux API for implementing Linux virtualization features. it supports a variety of Hypervisors, including Xen and KVM, as well as QEMU and a number of virtualization products used for other operating systems. A security vulnerability exists in libvirt that stems...

Snowflake snowflake-connector-net 安全漏洞

Snowflake snowflake-connector-net is the Snowflake connector from Snowflake USA for . A security vulnerability exists in snowflake-connector-net versions prior to 4.3.0, which originates when files downloaded from the Stage are temporarily placed in a globally-readable local directory, allowing...

Nix 安全漏洞

Nix is a powerful package manager from the Nix open source. It is used for making packages. Nix has a security vulnerability that stems from built-in builders on macOS that are not executed in the macOS sandbox, resulting in these builders being able to access globally readable paths and globally...

barbican 安全漏洞

barbican is an OpenStack key management service, API server. A security vulnerability exists in barbican that stems from the barbican configuration file being set to globally readable in Red Hat OpenStack, which poses a security risk because it allows an attacker with limited access to the file t...

cPanel Privilege Management Vulnerability

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A security vulnerability exists in cPanel versions prior to 88.03, which stems from having weak privileges globally readable to t...

Grafana Information Disclosure Vulnerability (CNVD-2020-27229)

Grafana is a set of open source monitoring tools from Grafana Labs that provide a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, among others. An information disclosure vulnerability exists in Grafana 6.7.3 and earlier versions,...

Unspecified vulnerability in Python keyring

Python keyring is a library for supporting access to system key services from Python. A security vulnerability exists in Python keyring, which stems from the fact that the file created is globally readable and can be exploited by an attacker to obtain information...

Sensitive Data Exposure in pem

Versions of pem before 1.13.2 expose sensitive data when the readPkcs12 is used. The readPkcs12 function reads the certificate and key data from a pkcs12 file using the encryption password. As part of this process it creates a globally readable file with a filename of 20 random 0-f characters in...

SolarWinds SFTP Insecure Password Storage Vulnerability

SolarWinds SFTP is an FTP service program. An insecure password storage vulnerability exists in SolarWinds SFTP. The vulnerability is due to the configuration file being globally readable and writable and storing user passwords in an insecure manner, allowing an attacker to determine passwords fo...

Cisco Prime Collaboration Provisioning Information Disclosure Vulnerability (CNVD-2018-11350)

Cisco Prime Collaboration Provisioning PCP is a set of Web-based, next-generation communications services software from Cisco. The software provides IP communication service features for IP telephony, voice mail and unified communications environments. An information disclosure vulnerability exis...

Heketi Information Disclosure Vulnerability

Heketi is a REST-based GlusterFS management framework that provides a RESTful management interface that can be used to manage the lifecycle of GlusterFS. An information disclosure vulnerability exists in Heketi version 5, which stems from a program that sets the heketi.json configuration file to ...

rhnsd Denial of Service Vulnerability

rhnsd is a network service daemon in Linux. A security vulnerability exists in rhnsd that stems from the program creating the PID file as globally readable. A local attacker could exploit this vulnerability to cause a denial of service...

EasyPHP Devserver Insecure File Permissions Vulnerability

EasyPHP Devserver is a server developed by NodeJS, its goal is to assist in debugging some front-end effects that require server support. An insecure file permission vulnerability exists in EasyPHP Devserver version 16.1.1, which can be exploited by a local attacker to gain access to globally...

LXD Path Read Vulnerability

LXD is a container for managing applications on Linux-based systems. LXD fails to properly set permissions when converting the container to privileged mode, allowing a local attacker to exploit the vulnerability to access arbitrary globally readable paths in the container directory...

Pulp Information Disclosure Vulnerability (CNVD-2016-03574)

Pulp is a free and open source repository platform for managing content. The platform supports pushing content from software packages to consumers. An information disclosure vulnerability exists in Pulp that stems from a Node certificate being installed in a globally readable form. An attacker ca...

Pulp Private Key Read Vulnerability (CNVD-2016-03572)

Pulp is a free and open source repository platform for managing content. The platform supports pushing content from software packages to consumers. A private key read vulnerability exists in Pulp that stems from the fact that the pulp.spec file is globally readable at certain times. An attacker...

Pulp CA Key Read Vulnerability

Pulp is a free and open source platform for managing repositories of content. A key reading vulnerability exists in Pulp's pulp-gen-ca-certificate script, which originates when the program creates a private key in a globally readable file. A local attacker could exploit the vulnerability to read...

pxz Insecure File Permissions Vulnerability

pxz is a compression tool for linux. An insecure file permission vulnerability exists in pxz, which allows local attackers to exploit the vulnerability to access globally readable files and obtain sensitive information...