CVE-2025-32803

CVE-2025-32803 affects ISC Kea log/lease files that can be world-readable. Affected Kea versions: 2.4.0–2.4.1, 2.6.0–2.6.2, 2.7.0–2.7.8. The CVE is categorized with LOCAL attack vector, low confidentiality impact, and no exploitation details provided in the initial documents. Connected advisories...

PT-2025-23106

Name of the Vulnerable Software and Affected Versions Kea versions 2.4.0 through 2.4.1 Kea versions 2.6.0 through 2.6.2 Kea versions 2.7.0 through 2.7.8 Description In some cases, Kea log files or lease files may be world-readable. Recommendations For Kea versions 2.4.0 through 2.4.1, update to a...

UBUNTU-CVE-2025-32803

In some cases, Kea log files or lease files may be world-readable. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8...

Rpm-ostree: world-readable /etc/shadow file

...

CVE-2025-24788

snowflake-connector-net is the Snowflake Connector for .NET. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for .NET in which files downloaded from stages are temporarily placed in a world-readable local directory, making them accessible to unauthorized users on th...

CVE-2024-29962

Brocade SANnav OVA before v2.3.1 and v2.3.0a have an insecure file permission setting that makes files world-readable. This could allow a local user without the required privileges to access sensitive information or a Java binary...

CVE-2024-22333

IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 279973...

CVE-2024-29965

In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface "SSH". The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the...

CVE-2024-28955

Affected devices create coredump files when crashed, storing them with world-readable permission. Any local user of the device can examine the coredump files, and research the memory contents. As for the details of affected product names, model numbers, and versions, refer to the information...

CVE-2023-44124

The vulnerability is to theft of arbitrary files with system privilege in the Screen recording "com.lge.gametools.gamerecorder" app in the "com/lge/gametools/gamerecorder/settings/ProfilePreferenceFragment.java" file. The main problem is that the app launches implicit intents that can be...

CVE-2022-21704

log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable in unix. This could cause problems if log files contain sensitive information. This would affect any users that have not...

CVE-2021-28100

Priam uses File.createTempFile, which gives the permissions on that file -rw-r--r--. An attacker with read access to the local filesystem can read anything written there by the Priam process...

CVE-2021-23021

The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644...

CVE-2021-22572

On unix-like systems, the system temporary directory is shared between all users on that system. The root cause is File.createTempFile creates files in the the system temporary directory with world readable permissions. Any sensitive information written to theses files is visible to all other loc...

CVE-2020-8634

Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on files modified within the HTTP file management interface, resulting in files being saved with world-readable and world-writable permissions. If a sensitive system file were edited this way, a low-privilege user may...

CVE-2020-15324

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/opt/axXMPPHandler/config/xmppconfig.py file that stores hardcoded credentials...

CVE-2018-20952

cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor SEC-388...

CVE-2011-1934

lilo-uuid-diskid causes lilo.conf to be world-readable in lilo 23.1...

CVE-2010-2450

The keygen.sh script in Shibboleth SP 2.0 located in /usr/local/etc/shibboleth by default uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask default 22 instead of chmoding the resulting file itself, so the generated private key is world readable by...

CVE-2017-18391

cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval SEC-323...