CVE-2016-10819

In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd SEC-125...

Cross site scripting

In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd SEC-125...

CVE-2016-10819

In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd SEC-125...

CVE-2016-10819

CVE-2016-10819 affects cPanel before 57.9999.54. When cpanellogd rotates user log files, they become world-readable, exposing user logs (classified as a confidentiality impact). The vulnerability is described consistently across multiple sources (NVD, Red Hat, CNVD, CVE listings). Remediation is ...

CVE-2018-20952

cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor SEC-388...

CVE-2018-20952

cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor SEC-388...

CVE-2018-20946

cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archivesynczones script SEC-355...

Code injection

cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor SEC-388...

CVE-2018-20952

cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor SEC-388...

CVE-2018-20952

CVE-2018-20952 affects cPanel prior to 68.0.27. The issue involves world-readable files created during use of the WHM Apache Includes Editor (SEC-388). The public description confirms the vulnerable state; no exploitation details are provided in the supplied documents. Remediation appears to be u...

CVE-2018-20946

cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archivesynczones script SEC-355...

CVE-2018-20946

cPanel before 68.0.27 exposes zone information because the archive_sync_zones script creates a world‑readable archive. This info disclosure vulnerability is documented across CVE‑2018‑20946 entries (NVD, RH, CNVD, etc.). Impact is information exposure of zones; CVSS v3 score is Low (3.3) with loc...

CVE-2019-14395

cPanel before 80.0.5 uses world-readable permissions for the Queueprocd log SEC-494...

CVE-2019-14395

CVE-2019-14395 affects cPanel before 80.0.5, where the Queueprocd log used world-readable permissions, enabling potential information disclosure. Root cause: improper file permissions on the log, leading to exposure of sensitive data. Remediation: upgrade to cPanel 80.0.5 or later (as per vendor ...

CVE-2019-13179

Calamares versions 3.1 through 3.2.10 copies a LUKS encryption keyfile from /cryptokeyfile.bin mode 0600 owned by root to /boot within a globally readable initramfs image with insecure permissions, which allows this originally protected file to be read by any user, thereby disclosing decryption...

CVE-2019-12763

The Security Camera CZ application through 1.6.8 for Android stores potentially sensitive recorded video in external data storage, which is readable by any application...

Sensitive Data Exposure in pem

Versions of pem before 1.13.2 expose sensitive data when the readPkcs12 is used. The readPkcs12 function reads the certificate and key data from a pkcs12 file using the encryption password. As part of this process it creates a globally readable file with a filename of 20 random 0-f characters in...

Information Disclosure

Red Hat Satellite is vulnerable to information disclosure. This is because the pulp-qpid-ssl-cfg script creates certificate files and NSS database files in a world-readable temporary directory rather than permanent installation directory with wrongly assigned permissions which will be corrected...

CVE-2019-3684

SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade created world-readable swap files on systems that don't have a swap already configured and don't have btrfs as filesystem...

CVE-2019-3684

SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade created world-readable swap files on systems that don't have a swap already configured and don't have btrfs as filesystem...