CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2016-8637
https://notcve.org/view.php?id=CVE-2016-8637
01 Aug 2018 — A local information disclosure issue was found in dracut before 045 when generating initramfs images with world-readable permissions when 'early cpio' is used, such as when including microcode updates. Local attacker can use this to obtain sensitive information from these files, such as encryption keys or credentials. Se ha encontrado un problema de divulgación de información local en dracut en versiones anteriores a la 045 al generar imágenes initramfs con permisos de lectura globales al emplear "early cpi... • http://seclists.org/oss-sec/2016/q4/352 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-0794
https://notcve.org/view.php?id=CVE-2015-0794
19 Nov 2015 — modules.d/90crypt/module-setup.sh in the dracut package before 037-17.30.1 in openSUSE 13.2 allows local users to have unspecified impact via a symlink attack on /tmp/dracut_block_uuid.map. modules.d/90crypt/module-setup.sh en el paquete dracut en versiones anteriores a 037-17.30.1 en openSUSE 13.2 permite a usuarios locales tener un impacto no especificado a través de un ataque de enlace simbólico en /tmp/dracut_block_uuid.map. • http://lists.opensuse.org/opensuse-bugs/2015-06/msg02580.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2012-4453 – dracut: Creates initramfs images with world-readable permissions (information disclosure)
https://notcve.org/view.php?id=CVE-2012-4453
09 Oct 2012 — dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information. dracut.sh en dracut, como se usa en Red Hat Enterprise Linux 6, Fedora 16 y 17 y posiblemente otros productos, crea imágenes initramfs con permisos de lectura en todo el mundo, lo que podría permitir a usuarios locales obtener información sensible. It was discovered that dracut creat... • http://git.kernel.org/?p=boot/dracut/dracut.git%3Ba=commit%3Bh=e1b48995c26c4f06d1a71 • CWE-276: Incorrect Default Permissions •