UBUNTU-CVE-2021-45083

An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobble...

Cobbler 安全漏洞

Cobbler is a network installation server suite that is primarily used to quickly set up Linux network installation environments. security vulnerabilities exist in versions of Cobbler prior to 3.3.1, stemming from files in /etc/cobbler that are publicly readable, two of which contain some sensitiv...

snapd 安全漏洞

Snapd is an open source, cross-platform package management tool. A security vulnerability exists in snapd 2.54.2 and earlier versions, which stems from the software creating the snap directory in a user's home directory without specifying owner-only permissions. This may allow a local attacker to...

Information Exposure in Heketi

An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file...

GHSA-Q9VW-WR57-XJV3 Information Exposure in Heketi

An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file...

GHSA-WXJ3-QWV4-CVFM Privilege Escalation in Docker

Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors...

GHSA-X7JH-595Q-WQ82 Incorrect Permission Assignment for Critical Resource in Ansible

A flaw was found in Ansible Engine when a file is moved using atomicmove primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions...

Mageia: Security Advisory (MGASA-2013-0286)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2016-0295)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Incorrect Default Permissions in log4js

Impact Default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable in unix. This could cause problems if log files contain sensitive information. This would affect any users that have not supplied their own permissions for the files via the mode...

DEBIAN-CVE-2022-21704

log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable in unix. This could cause problems if log files contain sensitive information. This would affect any users that have not...

AZL-45261 CVE-2022-21704 affecting package js-jquery 3.5.0-4

log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable in unix. This could cause problems if log files contain sensitive information. This would affect any users that have not...

CVE-2022-21704

log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable in unix. This could cause problems if log files contain sensitive information. This would affect any users that have not...

UBUNTU-CVE-2022-21704

log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable in unix. This could cause problems if log files contain sensitive information. This would affect any users that have not...

CVE-2022-21704

CVE-2022-21704 affects log4js-node (Node.js): in affected versions, default log file permissions for file, fileSync, and dateFile appenders are world-readable on Unix, risking exposure of sensitive data in logs if not overridden by the mode setting. Public-details confirm the impact on log4js-nod...

CVE-2022-21704 Incorrect Default Permissions in log4js-node

log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable in unix. This could cause problems if log files contain sensitive information. This would affect any users that have not...

PT-2022-1771 · Unknown · Log4Js-Node

Name of the Vulnerable Software and Affected Versions: log4js-node versions prior to 6.4.0 Description: The issue is related to the default file permissions for log files created by the file, fileSync, and dateFile appenders in log4js-node, which are world-readable in Unix. This could cause...

CVE-2022-21704

log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable in unix. This could cause problems if log files contain sensitive information. This would affect any users that have not...

IBM Sterling Gentran 日志信息泄露漏洞

IBM Sterling Gentran is a versatile, high-performance solution from IBM USA designed to help exchange EDI and other types of data. A log information disclosure vulnerability exists in IBM Sterling Gentran that stems from storing potentially sensitive information in log files that can be read by...

PT-2022-12304 · Cobbler +2 · Cobbler +2

Name of the Vulnerable Software and Affected Versions: Cobbler versions prior to 3.3.1 Description: An issue was discovered where files in /etc/cobbler are world readable, exposing sensitive information to local users with non-privileged access. The users.digest file contains the sha2-512 digest ...