69 matches found
CVE-2017-7237
The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks data\configurations directory by leveraging the unauthenticated nature of the TFTP service for all clients who can reach UDP port 69, as demonstrated by a WRQ aka Write reque...
Design/Logic Flaw
Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for files in its configuration directory when starting YARN NodeManager, which allows local users to obtain sensitive information by reading the files, as...
CVE-2015-2263
Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for files in its configuration directory when starting YARN NodeManager, which allows local users to obtain sensitive information by reading the files, as...
Ubuntu: Security Advisory (USN-3102-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-3102-1: Quagga vulnerabilities
It was discovered that Quagga incorrectly handled dumping data. A remote attacker could possibly use a large BGP packet to cause Quagga to crash, resulting in a denial of service. CVE-2016-4049 It was discovered that the Quagga package incorrectly set permissions on the configuration directory. A...
The vulnerability of the Debian GNU/Linux operating system allows a perpetrator to read arbitrary files in the configuration directory.
The vulnerability in the xymond component of the Debian GNU/Linux operating system is related to the lack of protection for configuration data. Exploiting this vulnerability allows a malicious actor to read arbitrary files from the configuration directory using the “config” command...
CVE-2016-2055
xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command...
Command injection
xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command...
CVE-2016-2055
CVE-2016-2055 affects Xymon (formerly Hobbit) 4.1.x–4.3.x prior to 4.3.25. The vulnerability arises from improper handling of user-supplied input in the config command, allowing remote attackers to read arbitrary files in the configuration directory (information disclosure). Multiple connected so...
CVE-2016-2055
xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command...
SUSE-SU-2016:0954-1 Security update for quagga
This update for quagga fixes one security issue: - bsc770619: Disallow unprivileged users to enter config directory /etc/quagga group: quagga, mode: 750 and read configuration files installed there group: quagga, mode: 640...
[SECURITY] Fedora 20 Update: mediawiki-1.23.9-1.fc20
MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances...
[SECURITY] Fedora 20 Update: mediawiki-1.23.2-1.fc20
MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances...
[SECURITY] Fedora 20 Update: mediawiki-1.21.10-1.fc20
MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances...
SuSE Update for percona-toolkit,xtrabackup openSUSE-SU-2014:0333-1 (percona-toolkit,xtrabackup)
Check for the Version of percona-toolkit,xtrabackup OpenVAS Vulnerability Test $Id: gbsuse201403331.nasl 8044 2017-12-08 08:32:49Z santu $ SuSE Update for percona-toolkit,xtrabackup openSUSE-SU-2014:0333-1 percona-toolkit,xtrabackup Authors: System Generated Check Copyright: Copyright C 2014...
percona-toolkit,xtrabackup: disable remote version check (important)
percona-toolkit and xtrabackup were updated: - disable automatic version check for all tools bnc864194 Prevents transmission of version information to an external host in the default configuration. CVE-2014-2029 Can be used by owner of a Percona Server or an attacker who can control this...
[SECURITY] Fedora 19 Update: mediawiki-1.20.4-1.fc19
MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki i nstance...
Moderate: Red Hat Security Advisory: rsyslog security, bug fix, and enhancement update
Updated rsyslog packages that fix one security issue, multiple bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which...
XSS in setup.
PMASA-2011-19 Announcement-ID: PMASA-2011-19 Date: 2011-12-21 Summary XSS in setup. Description Crafted values entered in the setup interface can produce XSS; also, if the config directory exists and is writeable, the XSS payload can be saved to this directory. Severity We consider this...
MDVA-2009:114 : logcheck
The logcheck package shipped in mandriva 2009.1 had two issues, preventing it to run properly: - its configuration directory /etc/logcheck is not readable with the identity used for running logcheck - it uses run-parts utility with unsupported --list option %NASLMINLEVEL 70300 @DEPRECATED@ This...