GHSA-VR7J-G7JV-H5MP OpenClaw session transcript files were created without forced user-only permissions

openclaw created new session transcript JSONL files with overly broad default permissions in affected releases. On multi-user hosts, other local users or processes could read transcript contents, including secrets that might appear in tool output. Affected Packages / Versions - Package: openclaw...

CLSA-2026-1768570231 git: Fix of CVE-2024-32021

CVE-2024-32021: fix issue where cloning local source repository with symlinks may create hardlinks to arbitrary user-readable files in the objects/ directory...

EUVD-2017-12859

Malware in sbrugna...

EUVD-2025-25832

Malicious code in bioql PyPI...

EUVD-2024-29859

Malicious code in bioql PyPI...

CVE-2024-32021

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target reposito...

CVE-2024-32021

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target reposito...

CVE-2020-26261 user-readable api tokens in systemd units

jupyterhub-systemdspawner enables JupyterHub to spawn single-user notebook servers using systemd. In jupyterhub-systemdspawner before version 0.15 user API tokens issued to single-user servers are specified in the environment of systemd units. These tokens are incorrectly accessible to all users...

CVE-2019-4465

IBM Cloud Pak System 2.3 and 2.3.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 163774...

Lenovo Connect2 Information Disclosure Vulnerability

Lenovo Connect2 is a free management tool for transferring content between computers and cell phones from the Chinese company Lenovo. A security vulnerability exists in Lenovo Connect2 that stems from the program storing ad-hoc connection passwords in a user-readable location. An attacker could u...

CVE-2017-3742

In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for this ad-hoc connection will be stored in a user-readable location. An attacker with read access to t...

Lenovo Connect2 Ad-hoc Wifi Network Key Stored in User-readable Location - Lenovo Support US

No description provided...

CVE-2012-6140

pamgoogleauthenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different vulnerability than...

CVE-2012-6140

pamgoogleauthenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different vulnerability than...

CVE-2012-6140

pamgoogleauthenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different vulnerability than...

Safend Data Protector information leakage

Private key is logged into user readable file...

EMC Data Protection Advisor information leakage

Cleartext passwords are stored in user readable files...

vixie cron...

Attached shell-script exploits fopen + preserved umask vulnerability in Paul Vixie's cron code. It will work on systems where /var/spool/cron is user-readable eg. 0755 - AFAIR Debian does so. RedHat at least 6.1 and previous have mode 0700 on /var/spool/cron, and thus it isn't exploitable in its...

KNapster Vulnerability Compromises User-readable Files

KNapster Vulnerability Compromises User-readable Files This vulnerability was discovered at the Center for Education and Research in Information Assurance and Security CERIAS at Purdue University http://www.cerias.purdue.edu by: Tom Daniels [email protected] Florian Buchholz...

Gnapster Vulnerability Compromises User-readable Files

Gnapster Vulnerability Compromises User-readable Files This vulnerability was discovered at the Center for Education and Research in Information Assurance and Security CERIAS at Purdue University http://www.cerias.purdue.edu by: Tom Daniels [email protected] Florian Buchholz...