Default credentials

When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user...

CVE-2021-3429

When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user...

Debian: Security Advisory (DLA-577-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

K36926027: NGINX Controller vulnerability CVE-2021-23021

Security Advisory Description The agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644. CVE-2021-23021 Impact Local attackers are able to obtain the sensitive data, such as the API key. Security Advisory Status F5 Product Development...

SUSE CVE-2005-2945

arc 5.21j and earlier create temporary files with world-readable permissions, which allows local users to read sensitive information from files created by 1 arc arc.c or 2 marc marc.c...

SUSE CVE-2005-3088

fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords...

SUSE CVE-2005-3147

StoreBackup before 1.19 creates the backup root with world-readable permissions, which allows local users to obtain sensitive information...

SUSE CVE-2006-2442

kphone 4.2 creates .qt/kphonerc with world-readable permissions, which allows local users to read usernames and SIP passwords...

SUSE CVE-2006-2752

The RedCarpet /etc/ximian/rcd.conf configuration file in Novell Linux Desktop 9 and SUSE SLES 9 has world-readable permissions, which allows attackers to obtain the rc RedCarpet password...

SUSE CVE-2009-1073

nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which allows local users to obtain a cleartext password for the LDAP server by reading the bindpw field...

SUSE CVE-2009-1214

GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with world-readable permissions, which might allow local users to obtain sensitive session information...

SUSE CVE-2009-1631

The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files...

SUSE CVE-2011-0993

SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors...

SUSE CVE-2011-2916

qtnx 0.9 stores non-custom SSH keys in a world-readable configuration file. If a user has a world-readable or world-executable home directory, another local system user could obtain the private key used to connect to remote NX sessions...

SUSE CVE-2011-3177

The YaST2 network created files with world readable permissions which could have allowed local users to read sensitive material out of network configuration files, like passwords for wireless networks...

SUSE CVE-2011-3589

The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, uses world-readable permissions for vmcore files, which allows local users to obtain sensitive information by inspecting the file...

SUSE CVE-2011-4328

plugin/npapi/plugin.cpp in Gnash before 0.8.10 uses weak permissions world readable for cookie files with predictable names in /tmp, which allows local users to obtain sensitive information...

SUSE CVE-2011-4944

Python 2.6 through 3.2 creates /.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file...

SUSE CVE-2012-0421

The SUSE Audit Log Keeper daemon before 0.2.1-0.4.6.1 for SUSE Manager and Spacewalk uses world-readable permissions for /etc/auditlog-keeper.conf, which allows local users to obtain passwords by reading this file...

SUSE CVE-2012-1930

Opera before 11.62 on UNIX uses world-readable permissions for temporary files during printing, which allows local users to obtain sensitive information by reading these files...