Lucene search
K

69 matches found

Cvelist
Cvelist
added 2017/04/06 3:0 p.m.25 views

CVE-2017-7237

The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks data\configurations directory by leveraging the unauthenticated nature of the TFTP service for all clients who can reach UDP port 69, as demonstrated by a WRQ aka Write reque...

9.5AI score0.06724EPSS
Exploits5References3
Prion
Prion
added 2017/03/23 8:59 p.m.12 views

Design/Logic Flaw

Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for files in its configuration directory when starting YARN NodeManager, which allows local users to obtain sensitive information by reading the files, as...

2.1CVSS6.3AI score0.00279EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2017/03/23 8:0 p.m.19 views

CVE-2015-2263

Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for files in its configuration directory when starting YARN NodeManager, which allows local users to obtain sensitive information by reading the files, as...

3.5AI score0.00279EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2016/10/14 12:0 a.m.27 views

Ubuntu: Security Advisory (USN-3102-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.04642EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2016/10/13 12:41 p.m.56 views

USN-3102-1: Quagga vulnerabilities

It was discovered that Quagga incorrectly handled dumping data. A remote attacker could possibly use a large BGP packet to cause Quagga to crash, resulting in a denial of service. CVE-2016-4049 It was discovered that the Quagga package incorrectly set permissions on the configuration directory. A...

7.5CVSS6.7AI score0.04642EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2016/05/05 12:0 a.m.5 views

The vulnerability of the Debian GNU/Linux operating system allows a perpetrator to read arbitrary files in the configuration directory.

The vulnerability in the xymond component of the Debian GNU/Linux operating system is related to the lack of protection for configuration data. Exploiting this vulnerability allows a malicious actor to read arbitrary files from the configuration directory using the “config” command...

5CVSS7.5AI score0.17852EPSS
Exploits3References8Affected Software3
UbuntuCve
UbuntuCve
added 2016/04/13 4:59 p.m.25 views

CVE-2016-2055

xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command...

7.5CVSS7.3AI score0.17852EPSS
Exploits3References2
Prion
Prion
added 2016/04/13 4:59 p.m.19 views

Command injection

xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command...

5CVSS7AI score0.17852EPSS
Exploits3References4Affected Software2
CVE
CVE
added 2016/04/13 4:0 p.m.69 views

CVE-2016-2055

CVE-2016-2055 affects Xymon (formerly Hobbit) 4.1.x–4.3.x prior to 4.3.25. The vulnerability arises from improper handling of user-supplied input in the config command, allowing remote attackers to read arbitrary files in the configuration directory (information disclosure). Multiple connected so...

7.5CVSS8.2AI score0.17852EPSS
Exploits3References4Affected Software1
Debian CVE
Debian CVE
added 2016/04/13 4:0 p.m.25 views

CVE-2016-2055

xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command...

7.5CVSS5.7AI score0.17852EPSS
Exploits3
OSV
OSV
added 2016/04/05 10:26 a.m.3 views

SUSE-SU-2016:0954-1 Security update for quagga

This update for quagga fixes one security issue: - bsc770619: Disallow unprivileged users to enter config directory /etc/quagga group: quagga, mode: 750 and read configuration files installed there group: quagga, mode: 640...

7.1AI score
Exploits0References2
Fedora
Fedora
added 2015/04/18 9:37 a.m.36 views

[SECURITY] Fedora 20 Update: mediawiki-1.23.9-1.fc20

MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances...

7.5CVSS3.2AI score0.42777EPSS
Exploits12
Fedora
Fedora
added 2014/08/27 1:34 a.m.48 views

[SECURITY] Fedora 20 Update: mediawiki-1.23.2-1.fc20

MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances...

7.5CVSS3.2AI score0.42777EPSS
Exploits15
Fedora
Fedora
added 2014/06/10 3:2 a.m.34 views

[SECURITY] Fedora 20 Update: mediawiki-1.21.10-1.fc20

MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances...

7.5CVSS3.2AI score0.42777EPSS
Exploits12
OpenVAS
OpenVAS
added 2014/03/12 12:0 a.m.20 views

SuSE Update for percona-toolkit,xtrabackup openSUSE-SU-2014:0333-1 (percona-toolkit,xtrabackup)

Check for the Version of percona-toolkit,xtrabackup OpenVAS Vulnerability Test $Id: gbsuse201403331.nasl 8044 2017-12-08 08:32:49Z santu $ SuSE Update for percona-toolkit,xtrabackup openSUSE-SU-2014:0333-1 percona-toolkit,xtrabackup Authors: System Generated Check Copyright: Copyright C 2014...

6.8CVSS0.01964EPSS
Exploits0References1
OPENSUSE Linux
OPENSUSE Linux
added 2014/03/06 10:4 a.m.25 views

percona-toolkit,xtrabackup: disable remote version check (important)

percona-toolkit and xtrabackup were updated: - disable automatic version check for all tools bnc864194 Prevents transmission of version information to an external host in the default configuration. CVE-2014-2029 Can be used by owner of a Percona Server or an attacker who can control this...

5.5CVSS3.6AI score0.01964EPSS
Exploits0References1
Fedora
Fedora
added 2013/04/25 2:4 p.m.13 views

[SECURITY] Fedora 19 Update: mediawiki-1.20.4-1.fc19

MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki i nstance...

3.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 2012/06/19 3:22 p.m.39 views

Moderate: Red Hat Security Advisory: rsyslog security, bug fix, and enhancement update

Updated rsyslog packages that fix one security issue, multiple bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which...

2.1CVSS6.3AI score0.0042EPSS
Exploits0References8
phpMyAdmin
phpMyAdmin
added 2011/12/21 12:0 a.m.34 views

XSS in setup.

PMASA-2011-19 Announcement-ID: PMASA-2011-19 Date: 2011-12-21 Summary XSS in setup. Description Crafted values entered in the setup interface can produce XSS; also, if the config directory exists and is writeable, the XSS payload can be saved to this directory. Severity We consider this...

4.3CVSS7.2AI score0.01297EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2010/07/30 12:0 a.m.12 views

MDVA-2009:114 : logcheck

The logcheck package shipped in mandriva 2009.1 had two issues, preventing it to run properly: - its configuration directory /etc/logcheck is not readable with the identity used for running logcheck - it uses run-parts utility with unsupported --list option %NASLMINLEVEL 70300 @DEPRECATED@ This...

6.9AI score
Exploits0References1
Rows per page
Query Builder