SUSE CVE-2017-1000383

GNU Emacs version 25.3.1 and other versions most likely ignores umask when creating a backup save file "ORIGINALFILENAME" resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary...

SUSE CVE-2017-1000382

VIM version 8.0.1187 and other versions most likely ignores umask when creating a swap file "ORIGINALFILENAME.swp" resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary...

SUSE CVE-2019-3684

SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade created world-readable swap files on systems that don't have a swap already configured and don't have btrfs as filesystem...

SUSE CVE-2019-13179

Calamares versions 3.1 through 3.2.10 copies a LUKS encryption keyfile from /cryptokeyfile.bin mode 0600 owned by root to /boot within a globally readable initramfs image with insecure permissions, which allows this originally protected file to be read by any user, thereby disclosing decryption...

SUSE CVE-2020-1736

A flaw was found in Ansible Engine when a file is moved using atomicmove primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions...

SUSE CVE-2020-6820

Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird 68.7.0, Firefox 74.0.1, and Firefox ESR 68.6.1...

SUSE CVE-2020-12459

In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml which contain a secretkey and a bindpassword are world readable...

SUSE CVE-2020-12458

An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information e.g., cleartext or encrypted datasource passwords...

SUSE CVE-2020-12831

An issue was discovered in FRRouting FRR aka Free Range Routing through 7.3.1. When using the split-config feature, the init script creates an empty config file with world-readable default permissions, leading to a possible information leak via tools/frr.in and tools/frrcommon.sh.in. NOTE: some...

SUSE CVE-2021-3429

When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user...

SUSE CVE-2021-45083

An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobble...

SUSE CVE-2022-1348

A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an...

SUSE CVE-2022-23952

In Keylime before 6.3.0, current keylime installer installs the keylime.conf file, which can contain sensitive data, as world-readable...

SUSE CVE-2022-48258

In Eternal Terminal 6.2.1, etserver and etclient have world-readable logfiles...

openSUSE 15 Security Update : EternalTerminal (openSUSE-SU-2023:0041-1)

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0041-1 advisory. - In Eternal Terminal 6.2.1, etserver and etclient have predictable logfile names in /tmp. CVE-2022-48257 - In Eternal Terminal 6.2.1, etserver a...

PT-2023-2974 · Faronics · Faronics Insight

Name of the Vulnerable Software and Affected Versions: Faronics Insight version 10.0.19045 Description: An issue in Faronics Insight allows every keystroke made by any user on a computer with the Student application installed to be logged to a world-readable directory. This enables a local attack...

IBM Cloud Pak for Business Automation 安全漏洞

IBM Cloud Pak for Business Automation is a modular set of integrated software components from International Business Machines IBM, built for any hybrid cloud, designed to automate work and accelerate business growth. A security vulnerability exists in IBM Cloud Pak for Business Automation that...

RHEL 7 : OCS 3.11.z async (RHSA-2020:4143)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4143 advisory. Red Hat OpenShift Container StorageOCS is a provider of agnostic persistent storage for OpenShift Container Platform either in-house or in a...

CVE-2022-48258

In Eternal Terminal 6.2.1, etserver and etclient have world-readable logfiles...

CVE-2022-48258

In Eternal Terminal 6.2.1, etserver and etclient have world-readable logfiles...