UBUNTU-CVE-2022-1348

A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an...

Ansible Sensitive Files Are Locally Readable

The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file...

Kafo allows local users to obtain passwords and other sensitive information by reading default_values.yaml

Kafo before 0.3.17 and 0.4.x before 0.5.2, as used by Foreman, uses world-readable permissions for defaultvalues.yaml, which allows local users to obtain passwords and other sensitive information by reading the file...

GHSA-HXVP-655X-XXQV Kafo allows local users to obtain passwords and other sensitive information by reading default_values.yaml

Kafo before 0.3.17 and 0.4.x before 0.5.2, as used by Foreman, uses world-readable permissions for defaultvalues.yaml, which allows local users to obtain passwords and other sensitive information by reading the file...

GHSA-JPMF-8CJ2-595G Improper Link Resolution Before File Access in Apache Hadoop

The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which is not properly handled during...

GHSA-79JF-CCM8-43W7 ceph-deploy uses world-readable permissions on client.admin key

The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file...

GHSA-92MR-4W2Q-4578 Exposure of Sensitive Information to an Unauthorized Actor in Jenkins

The re-key admin monitor was introduced in Jenkins 1.498 and re-encrypted all secrets in JENKINSHOME with a new key. It also created a backup directory with all old secrets, and the key used to encrypt them. These backups were world-readable and not removed afterwards. Jenkins now deletes the...

NanoHTTPD 安全漏洞

NanoHTTPD is a lightweight HTTP server designed to be embedded in other applications, released under a modified BSD license. An information disclosure vulnerability exists in all versions of the NanoHTTPD package. The vulnerability stems from the fact that when an HTTP request body is parsed in a...

CVE-2021-22572

On unix-like systems, the system temporary directory is shared between all users on that system. The root cause is File.createTempFile creates files in the the system temporary directory with world readable permissions. Any sensitive information written to theses files is visible to all other loc...

CVE-2021-22572

On unix-like systems, the system temporary directory is shared between all users on that system. The root cause is File.createTempFile creates files in the the system temporary directory with world readable permissions. Any sensitive information written to theses files is visible to all other loc...

Design/Logic Flaw

On unix-like systems, the system temporary directory is shared between all users on that system. The root cause is File.createTempFile creates files in the the system temporary directory with world readable permissions. Any sensitive information written to theses files is visible to all other loc...

CVE-2021-22572 Data-transfer-project information disclosure via tmp directory

On unix-like systems, the system temporary directory is shared between all users on that system. The root cause is File.createTempFile creates files in the the system temporary directory with world readable permissions. Any sensitive information written to theses files is visible to all other loc...

Socid-Extractor - Extract Accounts Info From Personal Pages On Various Sites For OSINT Purpose

Extract information about a user from profile webpages / API responses and save it in machine-readable format. Usage As a command-line tool: $ socidextractor --url https://www.deviantart.com/muse1908 country: France createdat: 2005-06-16 18:17:41 gender: female username: Muse1908 website:...

Data Transfer Project 安全漏洞

Google Data Transfer Project is an open source data transfer project of the U.S. company Google Google. It enables people to easily transfer data between online service providers. A security vulnerability exists in data-transfer-project that originates on Unix-like systems where the system...

USN-5311-1 containerd vulnerability

It was discovered that containerd allows attackers to gain access to read- only copies of arbitrary files and directories on the host via a specially- crafted image configuration. An attacker could possibly use this issue to obtain sensitive information...

PYSEC-2022-32

B2 Command Line Tool is the official command line tool for the backblaze cloud storage service. Linux and Mac releases of the B2 command-line tool version 3.2.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a...

Incorrect Default Permissions in Cobbler

An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobble...

CVE-2021-45083

An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobble...

CVE-2021-45083

An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobble...

PYSEC-2022-38

An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobble...