193 matches found
PT-2025-5569 · Snowflake · Snowflake-Connector-Net
Name of the Vulnerable Software and Affected Versions: snowflake-connector-net versions 2.0.12 through 4.2.0 Description: The issue arises when files downloaded from stages are temporarily placed in a world-readable local directory, making them accessible to unauthorized users on the same machine...
UBUNTU-CVE-2023-32190
mlocate's %post script allows RUNUPDATEDBAS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges...
PT-2024-12299 · Mlocate · Mlocate
Name of the Vulnerable Software and Affected Versions: mlocate affected versions not specified Description: The issue allows the RUN UPDATEDB AS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges. This is due to mlocate's %post script...
CLSA-2024-1727797025 Fix CVE(s): CVE-2024-32002
SECURITY UPDATE: Hardlink creation to arbitrary user-readable files - debian/patches/CVE-2024-32002.patch: submodule paths must not contain symlinks - CVE-2024-32002...
UBUNTU-CVE-2024-46958
In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files between the server and client may become world writable or world readable. This is fixed in 3.13.4...
RHEL 7 : vim (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - vim: Integer overflow at an unserializeuep memory allocation site CVE-2017-6350 - VIM version 8.0.1187 an...
The vulnerability of the distributed Git version control system, related to improper preservation of permissions, allows a violator to create hard links to any readable file within the same file system.
The vulnerability of the distributed Git version control system relates to access to the database of objects in another user’s target repository. Exploiting this vulnerability allows a perpetrator to create hard links to any readable files within the same file system...
The vulnerability of the distributed Git version control system, related to the use of pre-installed security-related data, allows a hacker to create hard links to any readable file within the same file system.
The vulnerability of the distributed Git version control system is related to the use of pre-installed data related to security. Exploiting this vulnerability allows a attacker to create hard links to any readable file within the same file system...
Sensitive data exfiltration via unsafe permissions on Windows systems in Arc before v1.6.0
Summary On Windows systems, the Arc configuration files resulted to be world-readable. Impact This can lead to information disclosure by local attackers, via exfiltration of sensitive data from configuration files. Mitigation N/A Solution Upgrade to v1.6.0 or later...
CVE-2024-32021
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target reposito...
CVE-2024-32021
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target reposito...
CVE-2024-29962
Brocade SANnav OVA before v2.3.1 and v2.3.0a have an insecure file permission setting that makes files world-readable. This could allow a local user without the required privileges to access sensitive information or a Java binary...
MGASA-2024-0131 Updated rear packages fix security vulnerability
Relax-and-Recover aka ReaR through 2.7 creates a world-readable initrd when using GRUBRESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root. CVE-2024-23301...
Local File Inclusion
voila is vulnerable to Local File Inclusion. The vulnerability is due to improper handling of file paths within app.py which allows an attacker to access readable files on the server's filesystem...
Moderate: Red Hat Security Advisory: RHUI 4.5.0 release - Security, Bug Fixes, and Enhancements
An updated version of Red Hat Update Infrastructure RHUI is now available. RHUI 4.5 fixes several security and operational bugs and also adds several new features. Red Hat Update Infrastructure RHUI offers a highly scalable, highly redundant framework that enables you to manage repositories and...
SUSE CVE-2005-2945
arc 5.21j and earlier create temporary files with world-readable permissions, which allows local users to read sensitive information from files created by 1 arc arc.c or 2 marc marc.c...
SUSE CVE-2005-3088
fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords...
SUSE CVE-2011-3177
The YaST2 network created files with world readable permissions which could have allowed local users to read sensitive material out of network configuration files, like passwords for wireless networks...
SUSE CVE-2012-5577
Python keyring lib before 0.10 created keyring files with world-readable permissions...
SUSE CVE-2021-45083
An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobble...