21 matches found
EUVD-1999-1526
Malware in sbrugna...
EUVD-2004-2389
Malware in sbrugna...
EUVD-2015-1976
Malware in sbrugna...
EUVD-2024-34434
Malicious code in bioql PyPI...
CVE-2024-28955
Affected devices create coredump files when crashed, storing them with world-readable permission. Any local user of the device can examine the coredump files, and research the memory contents. As for the details of affected product names, model numbers, and versions, refer to the information...
CVE-2024-28955
CVE-2024-28955 affects Sharp/Toshiba TEC MFPs. The issue arises from incorrect permission assignment, causing crash coredump files to be world-readable; any local user can inspect memory contents. Public details cover affected models/versions through vendor notices and related advisories. Remedia...
CVE-2024-28955
Affected devices create coredump files when crashed, storing them with world-readable permission. Any local user of the device can examine the coredump files, and research the memory contents. As for the details of affected product names, model numbers, and versions, refer to the information...
SUSE CVE-2012-0421
The SUSE Audit Log Keeper daemon before 0.2.1-0.4.6.1 for SUSE Manager and Spacewalk uses world-readable permissions for /etc/auditlog-keeper.conf, which allows local users to obtain passwords by reading this file...
Oracle Linux 9 : logrotate (ELSA-2022-8393)
The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2022-8393 advisory. - fix potential DoS from unprivileged users via the state file CVE-2022-1348 Mon Aug 09 2021 Mohan Boddu Tenable has extracted the preceding description block...
AlmaLinux 9 : logrotate (ALSA-2022:8393)
The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2022:8393 advisory. - A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate...
Amazon Linux 2022 : logrotate (ALAS2022-2022-095)
It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-095 advisory. A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock...
CVE-2022-1348
A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an...
CVE-2022-1348
A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an...
CVE-2022-1348
A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an...
Information disclosure
Zarafa Collaboration Platform 4.1 uses world-readable permissions for /etc/zarafa/license, which allows local users to obtain sensitive information by reading license files...
CVE-2015-1870
The event scripts in Automatic Bug Reporting Tool ABRT uses world-readable permission on a copy of sosreport file in problem directories, which allows local users to obtain sensitive information from /var/log/messages via unspecified vectors...
CVE-2015-1870
Mode C: The connected MiracleLinux 4 advisory references CVE-2015-1870 affecting abrt (Automatic Bug Reporting Tool) and libreport (abrt-2.0.8-26.1.0.1.AXS4, libreport-2.0.9-21.1.0.1.AXS4). The vulnerability arises from event scripts using world-readable permissions on a copy of sosreport files i...
CVE-2009-1214
GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with world-readable permissions, which might allow local users to obtain sensitive session information...
CVE-2005-2945
CVE-2005-2945 affects the ARC archive utility (and ARC-derived ARC/ARCC variants) in Unix-like systems: ARC creates temporary files with world-readable permissions, allowing local users to read sensitive information. Related CVE-2005-2992 describes a symlink-based flaw that also involves insecure...
CVE-1999-1545
Joe's Own Editor joe 2.8 sets the world-readable permission on its crash-save file, DEADJOE, which could allow local users to read files that were being edited by other users...