Apache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for (1) import and (2) export statements, which allows remote authenticated. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.
Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file. Rated low severity (CVSS 3.3). No vendor patch available.
The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.