openSUSE Security Update : shadow (openSUSE-2019-721)

This update for shadow fixes the following security issue : - CVE-2018-16588: Prevent useradd from creating intermediate directories with mode 0777 bsc1106914 This update was imported from the SUSE:SLE-15:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...

Linux: Disable account when password expires

A user without activity can be locked after a specific period of time. When creating a new user with SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

SUSE SLED15 / SLES15 Security Update : shadow (SUSE-SU-2018:2834-1)

This update for shadow fixes the following security issue : Prevent useradd from creating intermediate directories with mode 0777 bsc1106914 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to...

The vulnerability of the useradd function in the SUSE shadow account management tool allows a hacker to escalate their privileges.

The vulnerability of the useradd function useradd.c in the SUSE shadow account management tool is related to access control errors. Exploiting this vulnerability can allow an attacker to increase their privileges...

Cross site request forgery (csrf)

sikcms 1.1 has CSRF via admin.php?m=Admin&c=Users&a=userAdd to add an administrator account...

CVE-2018-19557

An issue was discovered in arcms through 2018-03-19. No authentication is required for index/main, user/useradd, or img/images...

CVE-2018-19561

sikcms 1.1 has CSRF via admin.php?m=Admin&c=Users&a=userAdd to add an administrator account...

sikcms Cross-Site Request Forgery Vulnerability

sikcms Cisco CMS is a backend content management system. A cross-site request forgery vulnerability exists in sikcms version 1.1. A remote attacker can add an administrator account with the help of the /sikcms/admin.php?m=Admin&c=Users&a=userAdd URL...

Micro Focus SUSE shadow package elevation of privilege vulnerability

The Micro Focus SUSE shadow package is an encryption-enabled software package for use on Linux systems from Micro Focus, a British company. A security vulnerability exists in the SUSE useradd.c code for useradd in the Micro Focus SUSE shadow package. A local attacker could exploit the vulnerabili...

openSUSE Security Update : shadow (openSUSE-2018-1055)

This update for shadow fixes the following security issue : - CVE-2018-16588: Prevent useradd from creating intermediate directories with mode 0777 bsc1106914 This update was imported from the SUSE:SLE-12-SP2:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

CVE-2018-16588

CVE-2018-16588 affects the SUSE shadow package’s useradd.c code. Local attackers could exploit it by triggering creation of non-existing intermediate directories with world-writable mode 0777 during user creation, enabling privilege escalation. The impact is local, with high secrecy/ integrity/ a...

Security update for shadow (moderate)

This update for shadow fixes the following security issue: - CVE-2018-16588: Prevent useradd from creating intermediate directories with mode 0777 bsc1106914 This update was imported from the SUSE:SLE-12-SP2:Update update project...

Security update for shadow (moderate)

This update for shadow fixes the following security issue: - CVE-2018-16588: Prevent useradd from creating intermediate directories with mode 0777 bsc1106914 This update was imported from the SUSE:SLE-15:Update update project...

SUSE-SU-2018:2835-1 Security update for shadow

This update for shadow fixes the following security issue: - Prevent useradd from creating intermediate directories with mode 0777 bsc1106914...

SUSE-SU-2018:2834-1 Security update for shadow

This update for shadow fixes the following security issue: - Prevent useradd from creating intermediate directories with mode 0777 bsc1106914...

GHSA-PCM6-G2QP-9GW8 Cap-Strap gem for Ruby places credentials on the useradd command line

lib/cap-strap/helpers.rb in the cap-strap gem 0.1.5 for Ruby places credentials on the useradd command line, which allows local users to obtain sensitive information by listing the process...

Cap-Strap gem for Ruby places credentials on the useradd command line

lib/cap-strap/helpers.rb in the cap-strap gem 0.1.5 for Ruby places credentials on the useradd command line, which allows local users to obtain sensitive information by listing the process...

CVE-2014-4992

lib/cap-strap/helpers.rb in the cap-strap gem 0.1.5 for Ruby places credentials on the useradd command line, which allows local users to obtain sensitive information by listing the process...

CVE-2014-4992

lib/cap-strap/helpers.rb in the cap-strap gem 0.1.5 for Ruby places credentials on the useradd command line, which allows local users to obtain sensitive information by listing the process...

CVE-2014-4992

The CVE-2014-4992 issue affects the Cap-Strap gem for Ruby (version 0.1.5). The underlying flaw is that lib/cap-strap/helpers.rb places credentials on the useradd command line, making them observable in the process list by local users. This yields a local plaintext credential disclosure vulnerabi...