CVE-2012-5476

Within the RHOS Essex Preview 2012.2 of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value...

CVE-2018-11752

Previous releases of the Puppet ciscoios module output SSH session debug information including login credentials to a world readable file on every run. These issues have been resolved in the 0.4.0 release...

CVE-2018-11752

Previous releases of the Puppet ciscoios module output SSH session debug information including login credentials to a world readable file on every run. These issues have been resolved in the 0.4.0 release...

CVE-2018-0335

A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to improper logging of authentication data. An attacker could exploit this vulnerability by monitoring...

heketi: Information disclosure through world readable file

An access flaw was found in heketi, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file...

CVE-2017-9615

Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-readable file...

Arbitrary file deletion

Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-readable file...

CVE-2017-9615

Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-readable file...

DEBIAN-CVE-2017-9868

In Mosquitto through 1.4.12, mosquitto.db aka the persistence file is world readable, which allows local users to obtain sensitive MQTT topic information...

Design/Logic Flaw

The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/pulp/nodes/" directory, which allows local users to gain access to sensitive data...

CVE-2016-3107

The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/pulp/nodes/" directory, which allows local users to gain access to sensitive data...

Plaintext Credentials Logged

presto-main logs plaintext database credentials on startup. It loads the credentials stored in a properties file and logs it to a world readable file, server.log...

glusterfs: glusterfs-server %pretrans rpm script temporary file issue

It was found that glusterfs-server RPM package would write file with predictable name into world readable /tmp directory. A local attacker could potentially use this flaw to escalate their privileges to root by modifying the shell script during the installation of the glusterfs-server package...

Information Disclosure

salt is vulnerable to information disclosures. The library stores it secrets in a file called highstate.cache.p that is world readable, allowing a malicious user to access sensitive information...

pulp: Node certificate containing private key stored in world-readable file

It was found that the private key for the node certificate was contained in a world-readable file. A local user could possibly use this flaw to gain access to the private key information in the file...

pulp: Agent certificate containing private key is stored in world-readable file

It was found that the private key for the agent certificate was contained in a world-readable file. A local user could possibly use this flaw to gain access to the private key information in the file...

CVE-2016-0910

EMC Data Domain OS 5.5 before 5.5.4.0, 5.6 before 5.6.1.004, and 5.7 before 5.7.2.0 stores session identifiers of GUI users in a world-readable file, which allows local users to hijack arbitrary accounts via unspecified vectors...

CVE-2016-0910

EMC Data Domain OS 5.5 before 5.5.4.0, 5.6 before 5.6.1.004, and 5.7 before 5.7.2.0 stores session identifiers of GUI users in a world-readable file, which allows local users to hijack arbitrary accounts via unspecified vectors...

Important: Red Hat Security Advisory: Red Hat JBoss Operations Network 3.3.0 update

Red Hat JBoss Operations Network 3.2.3, which fixes multiple security issues and several bugs, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give...

virt-who: plaintext hypervisor passwords in world-readable /etc/sysconfig/virt-who configuration file

It was discovered that the /etc/sysconfig/virt-who configuration file, which may contain hypervisor authentication credentials, was world-readable. A local user could use this flaw to obtain authentication credentials from this file...