217 matches found
SUSE-SU-2023:2126-1 Security update for cfengine, cfengine-masterfiles
This update for cfengine, cfengine-masterfiles fixes the following issues: Changes in cfengine: - cfengine3.target: removed, replaced by upstream cfengine3.service - In version 3.15.0, cfengine core split off libutils and libcompat directories as libntech. We include both together as we do not us...
CVE-2023-26560
Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials...
CVE-2023-26560
Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials...
CVE-2023-26560
Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials...
Design/Logic Flaw
Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials...
CVE-2023-26560
Northern.tech CFEngine Enterprise before 3.21.1 is affected. A subset of authenticated users can abuse the Scheduled Reports feature to read arbitrary files and potentially discover credentials, impacting confidentiality. The issue is acknowledged across multiple sources; remediation available vi...
Northern.tech CFEngine 安全漏洞
Northern.tech CFEngine is an IT infrastructure configuration management and automation framework. A security vulnerability exists in Northern.tech CFEngine Enterprise versions prior to 3.21.1. An attacker can exploit this vulnerability to read arbitrary files and obtain sensitive information from...
CVE-2023-26560
Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials...
SUSE CVE-2005-2960
cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137...
SUSE CVE-2019-9929
Northern.tech CFEngine Enterprise 3.12.1 has Insecure Permissions...
SUSE CVE-2021-36756
CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL Certificate Validation...
SUSE CVE-2021-38379
The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has Insecure Permissions that allow local Information Disclosure...
SUSE CVE-2021-44216
Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18.1 has Insecure Permissions that may allow unauthorized local users to access the Apache and Mission Portal log files...
SUSE CVE-2021-44215
Northern.tech CFEngine Enterprise 3.15.4 before 3.15.5 has Insecure Permissions that may allow unauthorized local users to have an unspecified impact...
CVE-2021-44216
Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18.1 has Insecure Permissions that may allow unauthorized local users to access the Apache and Mission Portal log files...
CVE-2021-44216
Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18.1 has Insecure Permissions that may allow unauthorized local users to access the Apache and Mission Portal log files...
CVE-2021-44215
Northern.tech CFEngine Enterprise 3.15.4 before 3.15.5 has Insecure Permissions that may allow unauthorized local users to have an unspecified impact...
Code injection
Northern.tech CFEngine Enterprise 3.15.4 before 3.15.5 has Insecure Permissions that may allow unauthorized local users to have an unspecified impact...
Code injection
Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18.1 has Insecure Permissions that may allow unauthorized local users to access the Apache and Mission Portal log files...
CVE-2021-44216
Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18.1 has Insecure Permissions that may allow unauthorized local users to access the Apache and Mission Portal log files...