Scientific Linux Security Update : keycloak-httpd-client-install on SL7.x x86_64 (20190806)

Security Fixes : - keycloak-httpd-client-install: unsafe /tmp log file in --log-file option in keycloakcli.py CVE-2017-15111 - keycloak-httpd-client-install: unsafe use of -p/--admin-password on command line CVE-2017-15112 C Tenable Network Security, Inc. The descriptive text is C Scientific Linu...

CVE-2019-6177

A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standard locations, potentially leading to privilege escalation. Lenovo ended support for Lenovo Solution Center and recommended that customers migrate to...

keycloak-httpd-client-install security, bug fix, and enhancement update

0.8-1 - Resolves: rhbz1673716 - Rebase k-h-c-i to version 0.8 - The rebase also includes fixes for: - rhbz1533190 - CVE-2017-15111 keycloak-httpd-client-install: unsafe /tmp log file in --log-file option in keycloakcli.py - rhbz1533202 - CVE-2017-15112 keycloak-httpd-client-install: unsafe use of...

undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed

A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUESTLOGGER.undertowRequestFailedt, exchange...

F5 Container Ingress Services Log Message Disclosure Vulnerability

F5 Container Ingress Services is a product from F5 USA that provides application services for container deployments. The product focuses on providing Ingress control of HTTP routing, load balancing and application delivery. An information disclosure vulnerability exists in version...

RHEL 7 : keycloak-httpd-client-install (RHSA-2019:2137)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2137 advisory. The keycloak-httpd-client-install packages provide various libraries and tools that can automate and simplify the configuration of Apache...

CVE-2019-1973

A vulnerability in the web portal framework of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to improper input validation of log file...

CVE-2019-1973

A vulnerability in the web portal framework of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to improper input validation of log file...

Cross site scripting

A vulnerability in the web portal framework of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to improper input validation of log file...

CVE-2019-1973 Cisco Enterprise NFV Infrastructure Software Cross-site Scripting Vulnerability

A vulnerability in the web portal framework of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to improper input validation of log file...

Unauthorized File Overwrite

keycloak-httpd-client-install is vulnerable to unauthorized file overwrite. Unsafe creation of log file in /tmp via the --log-file option in keycloakcli.py allows local attackers to overwrite other files via symbolic link...

Cisco Enterprise NFV Infrastructure Software Cross-Site Scripting Vulnerability

Cisco Enterprise NFV Infrastructure Software is a lightweight virtualization platform that integrates complete VM lifecycle management, monitoring, device programmability, and service chaining in one installable package. A cross-site scripting vulnerability exists in the Web portal framework of...

Cisco Enterprise NFV Infrastructure Software Cross-site Scripting Vulnerability

A vulnerability in the web portal framework of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to improper input validation of log file...

libcgroup: cgrulesengd creates log files with insecure permissions

libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information...

keycloak-httpd-client-install: unsafe /tmp log file in --log-file option in keycloak_cli.py

It was discovered that keycloak-httpd-client-install uses a predictable log file name in /tmp. A local attacker could create a symbolic link to a sensitive location, possibly causing data corruption or denial of service...

cPanel Information Disclosure Vulnerability (CNVD-2019-29721)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A security vulnerability exists in versions prior to cPanel 57.9999.54. An attacker can exploit the vulnerability to read user lo...

PT-2019-17014 · Ibm · Ibm Cloud Private

Name of the Vulnerable Software and Affected Versions: IBM Cloud Private versions 2.1.0, 3.1.0, 3.1.1, 3.1.2 Description: A local privileged user could obtain sensitive OIDC token that is printed to log files, which could be used to log in to the system as another user. Recommendations: For IBM...

McAfee DLPe Agent < 11.1.200 / 11.2.x Multiple Vulnerabilities (SB10289) (SB10290)

The version of the McAfee Data Loss Prevention Endpoint DLPe Agent installed on the remote Windows host is prior to 11.1.200 or 11.2.x. It is, therefore, affected by multiple vulnerabilities: - Stored XSS in the ePO extension UI. CVE-2019-3591 - Authenticated command injection in the ePO extensio...

CVE-2017-18427

In cPanel before 66.0.2, weak log-file permissions can occur after account modification SEC-289...

CVE-2017-18427

In cPanel before 66.0.2, weak log-file permissions can occur after account modification SEC-289...