Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2193 matches found

OSV
OSVadded 2022/02/15 12:40 a.m.27 views

GHSA-WXJ3-QWV4-CVFM Privilege Escalation in Docker

Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors...

8.4CVSS8.2AI score0.00032EPSS
Exploits1References6
OSV
OSVadded 2022/02/09 9:59 p.m.2 views

GHSA-X7JH-595Q-WQ82 Incorrect Permission Assignment for Critical Resource in Ansible

A flaw was found in Ansible Engine when a file is moved using atomicmove primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions...

4.8CVSS6.7AI score0.00059EPSS
Exploits1References9
OpenVAS
OpenVASadded 2022/01/28 12:0 a.m.15 views

Mageia: Security Advisory (MGASA-2013-0286)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

2.1CVSS6.6AI score0.00043EPSS
Exploits0References5
OpenVAS
OpenVASadded 2022/01/28 12:0 a.m.15 views

Mageia: Security Advisory (MGASA-2016-0295)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

3.3CVSS4AI score0.00033EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2022/01/21 6:53 p.m.74 views

Incorrect Default Permissions in log4js

Impact Default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable in unix. This could cause problems if log files contain sensitive information. This would affect any users that have not supplied their own permissions for the files via the mode...

5.5CVSS0.3AI score0.00143EPSS
Exploits0References7Affected Software1
OSV
OSVadded 2022/01/19 11:15 p.m.3 views

AZL-45261 CVE-2022-21704 affecting package js-jquery 3.5.0-4

log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable in unix. This could cause problems if log files contain sensitive information. This would affect any users that have not...

5.5CVSS6.5AI score0.00143EPSS
Exploits0References1
OSV
OSVadded 2022/01/19 11:15 p.m.1 views

DEBIAN-CVE-2022-21704

log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable in unix. This could cause problems if log files contain sensitive information. This would affect any users that have not...

5.5CVSS5.8AI score0.00143EPSS
Exploits0References1
UbuntuCve
UbuntuCveadded 2022/01/19 11:15 p.m.26 views

CVE-2022-21704

log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable in unix. This could cause problems if log files contain sensitive information. This would affect any users that have not...

5.5CVSS6.5AI score0.00143EPSS
Exploits0References5
OSV
OSVadded 2022/01/19 11:15 p.m.0 views

UBUNTU-CVE-2022-21704

log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable in unix. This could cause problems if log files contain sensitive information. This would affect any users that have not...

5.5CVSS7AI score0.00143EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2022/01/19 12:0 a.m.2 views

PT-2022-1771 · Unknown · Log4Js-Node

Name of the Vulnerable Software and Affected Versions: log4js-node versions prior to 6.4.0 Description: The issue is related to the default file permissions for log files created by the file, fileSync, and dateFile appenders in log4js-node, which are world-readable in Unix. This could cause...

5.5CVSS5.5AI score0.00143EPSS
Exploits0References21
Cvelist
Cvelistadded 2022/01/19 12:0 a.m.18 views

CVE-2022-21704 Incorrect Default Permissions in log4js-node

log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable in unix. This could cause problems if log files contain sensitive information. This would affect any users that have not...

5.5CVSS5.6AI score0.00143EPSS
Exploits0References5
CVE
CVEadded 2022/01/19 12:0 a.m.145 views

CVE-2022-21704

CVE-2022-21704 affects log4js-node (Node.js): in affected versions, default log file permissions for file, fileSync, and dateFile appenders are world-readable on Unix, risking exposure of sensitive data in logs if not overridden by the mode setting. Public-details confirm the impact on log4js-nod...

5.5CVSS5.6AI score0.00143EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVEadded 2022/01/19 12:0 a.m.19 views

CVE-2022-21704

log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable in unix. This could cause problems if log files contain sensitive information. This would affect any users that have not...

5.5CVSS5.8AI score0.00143EPSS
Exploits0
CNNVD
CNNVDadded 2022/01/14 12:0 a.m.2 views

IBM Sterling Gentran 日志信息泄露漏洞

IBM Sterling Gentran is a versatile, high-performance solution from IBM USA designed to help exchange EDI and other types of data. A log information disclosure vulnerability exists in IBM Sterling Gentran that stems from storing potentially sensitive information in log files that can be read by...

5.5CVSS5.2AI score0.00038EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2022/01/12 12:0 a.m.2 views

PT-2022-12304 · Cobbler +2 · Cobbler +2

Name of the Vulnerable Software and Affected Versions: Cobbler versions prior to 3.3.1 Description: An issue was discovered where files in /etc/cobbler are world readable, exposing sensitive information to local users with non-privileged access. The users.digest file contains the sha2-512 digest ...

10CVSS7.6AI score0.93171EPSS
Exploits6References89
RedHat Linux
RedHat Linuxadded 2021/11/30 9:11 a.m.0 views

coreos-installer: restrict access permissions on /boot/ignition{,/config.ign}

A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local attacker to have read access to potentially sensitive data. The highest threat from this vulnerability is to confidentiality...

5.5CVSS5.8AI score0.00106EPSS
Exploits0References5
OpenVAS
OpenVASadded 2021/11/11 12:0 a.m.23 views

Mozilla Firefox Security Advisory (MFSA2012-09) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

2.1CVSS9.5AI score0.00071EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2021/11/08 6:1 p.m.36 views

coreos-installer < 0.10.0 writes world-readable Ignition config to installed system

Impact On systems installed with coreos-installer before 0.10.0, the user-provided Ignition config was written to /boot/ignition/config.ign with world-readable permissions, granting unprivileged users access to any secrets included in the config. Default configurations of Fedora CoreOS and RHEL...

5.5CVSS6.3AI score0.00106EPSS
Exploits0References8Affected Software1
Positive Technologies
Positive Technologiesadded 2021/11/08 12:0 a.m.2 views

PT-2021-22427 · Unknown · Coreos-Installer

Name of the Vulnerable Software and Affected Versions: coreos-installer versions prior to 0.10.0 Description: A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local attacker to have read...

5.5CVSS6AI score0.00106EPSS
Exploits0References11
RedhatCVE
RedhatCVEadded 2021/11/01 10:12 a.m.39 views

CVE-2021-3917

A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local attacker to have read access to potentially sensitive data. The highest threat from this vulnerability is to confidentiality...

5.5CVSS3.7AI score0.00106EPSS
Exploits0References4
Rows per page
Query Builder