Total
1579 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-3586 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Enterprise Portal Platform | 2025-04-12 | N/A |
The default configuration for the Command Line Interface in Red Hat Enterprise Application Platform before 6.4.0 and WildFly (formerly JBoss Application Server) uses weak permissions for .jboss-cli-history, which allows local users to obtain sensitive information via unspecified vectors. | ||||
CVE-2014-3499 | 3 Docker, Fedoraproject, Redhat | 3 Docker, Fedora, Rhel Extras Other | 2025-04-12 | N/A |
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors. | ||||
CVE-2014-2893 | 2 Llvm, Opensuse | 2 Clang, Opensuse | 2025-04-12 | N/A |
The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary directories with predictable names. | ||||
CVE-2014-1875 | 1 Cspan | 1 Capture-tiny | 2025-04-12 | N/A |
The Capture::Tiny module before 0.24 for Perl allows local users to write to arbitrary files via a symlink attack on a temporary file. | ||||
CVE-2016-6494 | 2 Fedoraproject, Mongodb | 2 Fedora, Mongodb | 2025-04-12 | N/A |
The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files. | ||||
CVE-2014-3209 | 1 Nlnetlabs | 1 Ldns | 2025-04-12 | N/A |
The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file. | ||||
CVE-2014-0199 | 1 Redhat | 2 Rhev Manager, Rhevm-reports | 2025-04-12 | N/A |
The setup script in ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports (rhevm-reports) package before 3.3.3, stores the reports database password in cleartext, which allows local users to obtain sensitive information by reading an unspecified file. | ||||
CVE-2014-0200 | 1 Redhat | 2 Rhev Manager, Rhevm-reports | 2025-04-12 | N/A |
The Red Hat Enterprise Virtualization Manager reports (rhevm-reports) package before 3.3.3-1 uses world-readable permissions on the datasource configuration file (js-jboss7-ds.xml), which allows local users to obtain sensitive information by reading the file. | ||||
CVE-2014-2068 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump. | ||||
CVE-2014-0164 | 1 Redhat | 1 Openshift | 2025-04-12 | N/A |
openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by reading the file. | ||||
CVE-2014-0135 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Kafo | 2025-04-12 | N/A |
Kafo before 0.3.17 and 0.4.x before 0.5.2, as used by Foreman, uses world-readable permissions for default_values.yaml, which allows local users to obtain passwords and other sensitive information by reading the file. | ||||
CVE-2016-4036 | 1 Opensuse | 2 Leap, Opensuse | 2025-04-12 | N/A |
The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE Linux Enterprise Server 11 SP 1 uses weak permissions for /etc/quagga, which allows local users to obtain sensitive information by reading files in the directory. | ||||
CVE-2015-0257 | 1 Redhat | 2 Enterprise Virtualization Manager, Rhev Manager | 2025-04-12 | N/A |
Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files in the directory. | ||||
CVE-2016-1233 | 1 Debian | 2 Debian Linux, Fuse | 2025-04-12 | N/A |
An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an ioctl. | ||||
CVE-2013-4455 | 1 Katello | 1 Katello Installer | 2025-04-12 | N/A |
Katello Installer before 0.0.18 uses world-readable permissions for /etc/pki/tls/private/katello-node.key when deploying a child Pulp node, which allows local users to obtain the private key by reading the file. | ||||
CVE-2016-6322 | 1 Redhat | 2 Enterprise Linux, Quickstart Cloud Installer | 2025-04-12 | N/A |
Red Hat QuickStart Cloud Installer (QCI) uses world-readable permissions for /etc/qci/answers, which allows local users to obtain the root password for the deployed system by reading the file. | ||||
CVE-2016-2142 | 1 Redhat | 1 Openshift | 2025-04-12 | N/A |
Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file. | ||||
CVE-2014-0201 | 1 Redhat | 2 Rhev Manager, Rhevm-reports | 2025-04-12 | N/A |
ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports package (rhevm-reports) before 3.3.3, uses world-readable permissions on configuration files, which allows local users to obtain sensitive information by reading the files. | ||||
CVE-2024-57547 | 1 Cmsimple | 1 Cmsimple | 2025-04-11 | 7.5 High |
Insecure Permissions vulnerability in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the Functionality of downloading php backup files. | ||||
CVE-2024-27294 | 1 Danielparks | 1 Dp-golang | 2025-04-11 | 7.3 High |
dp-golang is a Puppet module for Go installations. Prior to 1.2.7, dp-golang could install files — including the compiler binary — with the wrong ownership when Puppet was run as root and the installed package was On macOS: Go version 1.4.3 through 1.21rc3, inclusive, go1.4-bootstrap-20170518.tar.gz, or go1.4-bootstrap-20170531.tar.gz. The user and group specified in Puppet code were ignored for files within the archive. dp-puppet version 1.2.7 will recreate installations if the owner or group of any file or directory within that installation does not match the requested owner or group |