Design/Logic Flaw

The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile /boot/encryption.key, which allows local users to obtain sensitive key information by reading the file...

CVE-2015-1415

The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile /boot/encryption.key, which allows local users to obtain sensitive key information by reading the file...

CVE-2015-1415

The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile /boot/encryption.key, which allows local users to obtain sensitive key information by reading the file...

Updated setup package fixes security vulnerability

An issue has been identified in Mageia 4's setup package where the /etc/shadow and /etc/gshadow files containing password hashes were created with incorrect permissions, making them world-readable mga14516. This update fixes this issue by enforcing that those files are owned by the root user and...

Debian DLA-136-1 : websvn security update

James Clawson discovered that websvn, a web viewer for Subversion repositories, would follow symlinks in a repository when presenting a file for download. An attacker with repository write access could thereby access any file on disk readable by the user the webserver runs as. NOTE: Tenable Netwo...

virt-who: plaintext hypervisor passwords in world-readable /etc/sysconfig/virt-who configuration file

It was discovered that the /etc/sysconfig/virt-who configuration file, which may contain hypervisor authentication credentials, was world-readable. A local user could use this flaw to obtain authentication credentials from this file...

cups: world-readable permissions

It was discovered that CUPS allowed certain users to create symbolic links in certain directories under /var/cache/cups/. A local user with the 'lp' group privileges could use this flaw to read the contents of arbitrary files on the system or, potentially, escalate their privileges on the system...

CVE-2014-8733

Cloudera Manager 5.2.0, 5.2.1, and 5.3.0 stores the LDAP bind password in plaintext in unspecified world-readable files under /etc/hadoop, which allows local users to obtain this password...

pxz Insecure File Permissions Vulnerability

pxz is a compression tool for linux. An insecure file permission vulnerability exists in pxz, which allows local attackers to exploit the vulnerability to access globally readable files and obtain sensitive information...

JBossSX/PicketBox: World readable audit.log file

It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information. A local user could possibly use this flaw to gain access to the sensitive information in t...

Important: Red Hat Security Advisory: Red Hat JBoss Operations Network 3.3.0 update

Red Hat JBoss Operations Network 3.2.3, which fixes multiple security issues and several bugs, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give...

CVE-2014-0059

JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform EAP before 6.2.3, use world-readable permissions on audit.log, which allows local users to obtain sensitive information by reading this file...

CVE-2014-0059

JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform EAP before 6.2.3, use world-readable permissions on audit.log, which allows local users to obtain sensitive information by reading this file...

CVE-2013-0347

The Gentoo init script for webfs uses world-readable permissions for /var/log/webfsd.log, which allows local users to have unspecified impact by reading the file...

DEBIAN-CVE-2013-0347

The Gentoo init script for webfs uses world-readable permissions for /var/log/webfsd.log, which allows local users to have unspecified impact by reading the file...

CVE-2013-0347

The Gentoo init script for webfs uses world-readable permissions for /var/log/webfsd.log, which allows local users to have unspecified impact by reading the file...

CVE-2013-0347

The Gentoo init script for webfs uses world-readable permissions for /var/log/webfsd.log, which allows local users to have unspecified impact by reading the file...

CVE-2013-0347

The CVE-2013-0347 entry concerns the Gentoo init script for webfs, where /var/log/webfsd.log is world-readable. This permission setting allows local users to read the log file, with unspecified impact described in the public description. Connected sources (NVD, OSV, OSV UBUNTU/DEBIAN/UBUNTU entri...

CVE-2013-0347

The Gentoo init script for webfs uses world-readable permissions for /var/log/webfsd.log, which allows local users to have unspecified impact by reading the file...

RHEL 6 : rhevm-reports 3.3.3 (RHSA-2014:0558)

An updated rhevm-reports package that fixes three security issues and one bug is now available. The Red Hat Security Response Team has rated this update as having Low security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for eac...