2198 matches found
CVE-2013-1771
The web server Monkeyd produces a world-readable log /var/log/monkeyd/master.log on gentoo...
CVE-2010-2450
The keygen.sh script in Shibboleth SP 2.0 located in /usr/local/etc/shibboleth by default uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask default 22 instead of chmoding the resulting file itself, so the generated private key is world readable by...
CVE-2010-2450
The keygen.sh script in Shibboleth SP 2.0 located in /usr/local/etc/shibboleth by default uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask default 22 instead of chmoding the resulting file itself, so the generated private key is world readable by...
CVE-2010-2450
The keygen.sh script in Shibboleth SP 2.0 located in /usr/local/etc/shibboleth by default uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask default 22 instead of chmoding the resulting file itself, so the generated private key is world readable by...
CVE-2010-2450
CVE-2010-2450 affects Shibboleth SP 2.0. The keygen.sh utility (in /usr/local/etc/shibboleth by default) uses OpenSSL to generate a DES private key and saves it to sp-key.pm with the process’s root umask (default 022). This results in the private key file being world-readable by default, exposing...
CVE-2010-2450
The keygen.sh script in Shibboleth SP 2.0 located in /usr/local/etc/shibboleth by default uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask default 22 instead of chmoding the resulting file itself, so the generated private key is world readable by...
CVE-2019-5642
Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to...
CVE-2019-5642
Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to...
Design/Logic Flaw
Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to...
CVE-2013-4518
RHUI Red Hat Update Infrastructure 2.1.3 has world readable PKI entitlement certificates...
CVE-2012-5577
Python keyring lib before 0.10 created keyring files with world-readable permissions...
DEBIAN-CVE-2012-5577
Python keyring lib before 0.10 created keyring files with world-readable permissions...
CVE-2012-5577
Python keyring lib before 0.10 created keyring files with world-readable permissions...
Code injection
Python keyring lib before 0.10 created keyring files with world-readable permissions...
PYSEC-2019-181
Python keyring lib before 0.10 created keyring files with world-readable permissions...
PYSEC-2019-181
Python keyring lib before 0.10 created keyring files with world-readable permissions...
CVE-2012-5577
Python keyring lib before 0.10 created keyring files with world-readable permissions...
CVE-2012-5577
CVE-2012-5577 affects the Python keyring library prior to 0.10, where keyring files were created with world-readable permissions. This is the concrete detail available across the connected sources; no additional exploit vectors, systems, or remediation steps are specified in the provided document...
CVE-2012-5577
Python keyring lib before 0.10 created keyring files with world-readable permissions...
CVE-2019-14925
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an attacker to read sensitive configuration settings such as usernames,...