iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by (1) configure or (2) examples/dhcp-client-script. Rated low severity (CVSS 3.3). No vendor patch available.
Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
HP Linux Imaging and Printing (HPLIP) before 3.13.2 uses world-writable permissions for /var/log/hp and /var/log/hp/tmp, which allows local users to delete log files via standard filesystem. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.