CVE-2020-1620 Junos OS Evolved: Configd leaks hashes via log file and is world readable

A local, authenticated user with shell can obtain the hashed values of login passwords via configd streamer log. This issue affects all versions of Junos OS Evolved prior to 19.3R1...

Mozilla: Use-after-free when handling a ReadableStream

A flaw was found in Mozilla's Firefox. A race condition can occur when handling a ReadableStream causing a use-after-free memory issue. The highest threat from this vulnerability are to data confidentiality and integrity as well as system availability...

Mozilla: Use-after-free when handling a ReadableStream

A flaw was found in Mozilla's Firefox. A race condition can occur when handling a ReadableStream causing a use-after-free memory issue. The highest threat from this vulnerability are to data confidentiality and integrity as well as system availability...

CVE-2019-16061

A number of files on the NETSAS Enigma NMS server 65.0.0 and prior are granted weak world-readable and world-writable permissions, allowing any low privileged user with access to the system to read sensitive data e.g., .htpasswd and create/modify/delete content e.g., under /var/www/html/docs with...

CVE-2019-16061

A number of files on the NETSAS Enigma NMS server 65.0.0 and prior are granted weak world-readable and world-writable permissions, allowing any low privileged user with access to the system to read sensitive data e.g., .htpasswd and create/modify/delete content e.g., under /var/www/html/docs with...

CVE-2019-19335

During installation of an OpenShift 4 cluster, the openshift-install command line tool creates an auth directory, with kubeconfig and kubeadmin-password files. Both files contain credentials used to authenticate to the OpenShift API server, and are incorrectly assigned word-readable permissions...

PT-2020-10138 · Red Hat · Openshift

Name of the Vulnerable Software and Affected Versions: OpenShift versions 4.2 Description: The issue arises during the installation of an OpenShift 4 cluster, where the openshift-install command line tool creates an auth directory. This directory contains kubeconfig and kubeadmin-password files,...

CVE-2020-1736

A flaw was found in Ansible Engine when a file is moved using atomicmove primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions...

PYSEC-2020-8

A flaw was found in Ansible Engine when a file is moved using atomicmove primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions...

UBUNTU-CVE-2020-1736

A flaw was found in Ansible Engine when a file is moved using atomicmove primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions...

PYSEC-2020-8

A flaw was found in Ansible Engine when a file is moved using atomicmove primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions...

GHSA-8867-VPM3-G98G Incorrect Default Permissions in keyring

Python keyring has insecure permissions on new databases, allowing world-readable files to be created...

Incorrect Default Permissions in keyring

Python keyring has insecure permissions on new databases, allowing world-readable files to be created...

CVE-2020-8634

Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on files modified within the HTTP file management interface, resulting in files being saved with world-readable and world-writable permissions. If a sensitive system file were edited this way, a low-privilege user may...

CVE-2020-8634

Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on files modified within the HTTP file management interface, resulting in files being saved with world-readable and world-writable permissions. If a sensitive system file were edited this way, a low-privilege user may...

World Readable File

ansible is vulnerable to World Readable File. When the function atomicmove is invoked for moving files without a mode, it leads to a file creattion with default 0666 permissions if the destination file does not exists, creating world readable files depending on the default umask as well as the...

openSUSE Security Update : libsolv / libzypp / zypper (openSUSE-2020-255)

This update for libsolv, libzypp, zypper fixes the following issues : Security issue fixed : - CVE-2019-18900: Fixed assert cookie file that was world readable bsc1158763. Bug fixes - Fixed removing orphaned packages dropped by to-be-installed products bsc1155819. - Adds libzypp API to mark all...

openSUSE: Security Advisory for libsolv, (openSUSE-SU-2020:0255-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for libsolv, libzypp, zypper (moderate)

openSUSE Security Update: Security update for libsolv, libzypp, zypper Announcement ID: openSUSE-SU-2020:0255-1 Rating: moderate References: 1135114 1154804 1154805 1155198 1155205 1155298 1155678 1155819 1156158 1157377 1158763 Cross-References: CVE-2019-18900 Affected Products: openSUSE Leap 15...

DEBIAN-CVE-2012-0844

Information-disclosure vulnerability in Netsurf through 2.8 due to a world-readable cookie jar...