openhpi: world writable /var/lib/openhpi directory

It was found that the "/var/lib/openhpi" directory provided by OpenHPI used world-writeable and world-readable permissions. A local user could use this flaw to view, modify, and delete OpenHPI-related data, or even fill up the storage device hosting the /var/lib directory...

open-vm-tools: vm-support's diagnostics archive created with world-readable permissions

vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain sensitive information by extracting files from this archive...

Ubuntu lxd package mode error vulnerability

The Ubuntu lxd package is a Linux Container Daemon OpenStack working environment package developed by Canonical UK and the Ubuntu Foundation. A security vulnerability exists in the lxd-unix.socket systemd unit file in versions of the Ubuntu lxd package prior to 0.20-0ubuntu4.1. Since the program...

CVE-2015-8222

The lxd-unix.socket systemd unit file in the Ubuntu lxd package before 0.20-0ubuntu4.1 uses world-readable permissions for /var/lib/lxd/unix.socket, which allows local users to gain privileges via unspecified vectors...

CVE-2015-8222

The lxd-unix.socket systemd unit file in the Ubuntu lxd package before 0.20-0ubuntu4.1 uses world-readable permissions for /var/lib/lxd/unix.socket, which allows local users to gain privileges via unspecified vectors...

CVE-2015-8222

The lxd-unix.socket systemd unit file in the Ubuntu lxd package before 0.20-0ubuntu4.1 uses world-readable permissions for /var/lib/lxd/unix.socket, which allows local users to gain privileges via unspecified vectors...

CVE-2015-8222

The lxd-unix.socket systemd unit file in the Ubuntu lxd package before 0.20-0ubuntu4.1 uses world-readable permissions for /var/lib/lxd/unix.socket, which allows local users to gain privileges via unspecified vectors...

CVE-2013-4577

A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the passwordpbkdf2 directive in the file...

Shopify: Some S3 Buckets are world readable (and one is world writeable)

The researcher reported that several s3 bucket containing the name "shopify" were world-readable. Out of the reported buckets, two belonged to us and were not intended to be public and may have contained sensitive data. We changed the bucket options to disable file listing on the affected buckets...

Authorization

VeeamVixProxy in Veeam Backup & Replication B&R before 8.0 update 3 stores local administrator credentials in log files with world-readable permissions, which allows local users to obtain sensitive information by reading the files...

CVE-2015-5742

VeeamVixProxy in Veeam Backup & Replication B&R before 8.0 update 3 stores local administrator credentials in log files with world-readable permissions, which allows local users to obtain sensitive information by reading the files...

PT-2015-7061 · Veeam · Veeam Backup & Replication

Name of the Vulnerable Software and Affected Versions: Veeam Backup & Replication versions prior to 8.0 update 3 Description: The issue allows local users to obtain sensitive information by reading log files with world-readable permissions, where local administrator credentials are stored. This i...

QARK - Tool to look for several security related Android application vulnerabilities

Q uick A ndroid R eview K it - This tool is designed to look for several security related Android application vulnerabilities, either in source code or packaged APKs. The tool is also capable of creating "Proof-of-Concept" deployable APKs and/or ADB commands, capable of exploiting many of the...

CVE-2013-0266

manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the 1 cinder.conf and 2 api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files...

Cisco Sourcefire User Agent 2.2 - Insecure File Permissions

/ Cisco Sourcefire User Agent Insecure File Permissions Vulnerability Vendor: Cisco Product webpage: http://www.cisco.com Affected versions: Cisco SF User Agent 2.2 Fixed versions: Cisco SF User Agent 2.2-25 Date: 08/09/2015 Credits: Glafkos Charalambous CVE: Not assigned by Cisco BugId: CSCut448...

ceph-deploy: keyring permissions are world readable in ~ceph

It was discovered that ceph-deploy, a utility for deploying Red Hat Ceph Storage, would create the keyring file with world readable permissions, which could possibly allow a local user to obtain authentication credentials from the keyring file...

ceph-deploy admin command copies keyring file to /etc/ceph which is world readable

It was discovered that ceph-deploy, a utility for deploying Red Hat Ceph Storage, would create the keyring file with world readable permissions, which could possibly allow a local user to obtain authentication credentials from the keyring file...

Moderate: Red Hat Security Advisory: ceph-deploy security update

An updated ceph-deploy package that fixes two security issues is now available in Red Hat Ceph Storage 1.2 for CentOS 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, a...

ceph-deploy: keyring permissions are world readable in ~ceph

It was discovered that ceph-deploy, a utility for deploying Red Hat Ceph Storage, would create the keyring file with world readable permissions, which could possibly allow a local user to obtain authentication credentials from the keyring file...

Moderate: Red Hat Security Advisory: ceph-deploy security update

An updated ceph-deploy package that fixes two security issues is now available in Red Hat Ceph Storage for Ubuntu 12.04 and Ubuntu 14.04. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...