EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1488)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way the Linux kernel handled IRET faults during the processing of NMIs. An unprivileged, local user could...

SUSE-SU-2019:1166-1 Security update for audit

This update for audit fixes the following issues: Audit on SUSE Linux Enterprise 12 SP3 was updated to 2.8.1 to bring new features and bugfixes. bsc1125535 FATE326346 Many features were added to auparsenormalize cli option added to auditd and audispd for setting config dir In auditd, restore the...

CVE-2019-6158

An internal product security audit of Lenovo XClarity Administrator LXCA discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA versions 2.0.0 to 2.3.x...

CVE-2019-6158

The CVE-2019-6158 case affects Lenovo XClarity Administrator (LXCA). Concrete details in the connected sources show that HTTP proxy credentials were written to a log file in clear text, impacting LXCA versions 2.0.0 to 2.3.x when proxy credentials are configured. The practical impact is informati...

XClarity Administrator (LXCA) Service Data May Include Proxy Credentials - Lenovo Support US

No description provided...

Improper Access Control

Oracle MySQL is vulnerable to improper access control. MySQL init script mishandles initialization of the database data directory and permission setting on the error log file allowing local attackers to escalate their privileges to root or cause a system crash...

DEBIAN-CVE-2019-11675

The groonga-httpd package 6.1.5-1 for Debian sets the /var/log/groonga ownership to the groonga account, which might let local users obtain root access because of unsafe interaction with logrotate. For example, an attacker can exploit a race condition to insert a symlink from /var/log/groonga/htt...

IBM Jazz Reporting Service Information Disclosure Vulnerability (CNVD-2019-14395)

IBM Jazz Reporting Service JRS is a suite of applications for discovering cross-project reports from IBM USA. The program can be used in integration with IBM RationalCLM's Rational solution for managing all lifecycles of development projects. CLM users can access the reports provided by JRS in a...

CVE-2019-9734

Aquarius CMS through 4.3.5 writes POST and GET parameters including passwords to a log file due to an overwriting of configuration parameters under certain circumstances...

CVE-2019-9734

Aquarius CMS through 4.3.5 writes POST and GET parameters including passwords to a log file due to an overwriting of configuration parameters under certain circumstances...

Design/Logic Flaw

Aquarius CMS through 4.3.5 writes POST and GET parameters including passwords to a log file due to an overwriting of configuration parameters under certain circumstances...

Information disclosure

aquaverde Aquarius CMS through 4.3.5 allows Information Exposure through Log Files because of an error in the Log-File writer component...

CVE-2019-9734

Aquarius CMS through 4.3.5 writes POST and GET parameters including passwords to a log file due to an overwriting of configuration parameters under certain circumstances...

CVE-2019-9724

aquaverde Aquarius CMS through 4.3.5 allows Information Exposure through Log Files because of an error in the Log-File writer component...

'Karkoff' Is the New 'DNSpionage' With Selective Targeting Strategy

The cybercriminal group behind the infamous DNSpionage malware campaign has been found running a new sophisticated operation that infects selected victims with a new variant of the DNSpionage malware. First uncovered in November last year, the DNSpionage attacks used compromised sites and crafted...

Multiple Lenovo Products Information Disclosure Vulnerability

The Lenovo Flex System x240 M4, among others, is a server from the Chinese company Lenovo. A security vulnerability exists in a number of Lenovo products, which stems from FFDC recording the private key of a web server in a log file. An attacker could exploit the vulnerability to disclose...

IMM2 FFDC includes Private Key - US

Lenovo Security Advisory: LEN-25667 Potential Impact: Information disclosure Severity: Medium Scope of Impact: Lenovo-specific CVE Identifier: CVE-2019-6157 Summary Description: In Lenovo System x, the integrated management module II IMM2's first failure data capture FFDC includes the web server'...

CVE-2019-8455

A hard-link created from the log file of Check Point ZoneAlarm up to 15.4.062 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file...

BSA-2019-783

Security Advisory ID : BSA-2019-783 Component : VPN Revision : 1.0: Final Virtual Private Networks VPNs are used to create a secure connection with another network over the internet. Multiple VPN applications store the authentication and/or session cookies insecurely in memory and/or log files...

CVE-2019-3891

It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify the database and prevent Satellite from fetching...