CVE-2026-24414 Icinga for Windows certificate can have too-open permissions

The Icinga PowerShell Framework provides configuration and check possibilities to ensure integration and monitoring of Windows environments. In versions prior to 1.13.4, 1.12.4, and 1.11.2, permissions of the Icinga for Windows certificate directory grant every user read access, which results in...

CVE-2026-24414 Icinga for Windows certificate can have too-open permissions

The Icinga PowerShell Framework provides configuration and check possibilities to ensure integration and monitoring of Windows environments. In versions prior to 1.13.4, 1.12.4, and 1.11.2, permissions of the Icinga for Windows certificate directory grant every user read access, which results in...

CVE-2026-24414

The CVE-2026-24414 entry concerns the Icinga PowerShell Framework: prior to versions 1.13.4, 1.12.4, and 1.11.2, the certificate directory permissions grant read access to all users, exposing the host’s Icinga private key. A fix exists in those specific patch versions, and upgrading Icinga for Wi...

CVE-2026-24414 Icinga for Windows certificate can have too-open permissions

The Icinga PowerShell Framework provides configuration and check possibilities to ensure integration and monitoring of Windows environments. In versions prior to 1.13.4, 1.12.4, and 1.11.2, permissions of the Icinga for Windows certificate directory grant every user read access, which results in...

Fedora 43 : NetworkManager-l2tp (2026-4ba84b1f69)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-4ba84b1f69 advisory. Updated to 1.52.0 release CVE-2025-9615 Verify file permissions for private connections to prevent unprivileged user from using other user's certs...

EUVD-2016-5952

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-17490

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions. CVE-2020-17490 Note that Nessus relies on the presence of the...

USN-6948-1 salt vulnerabilities

It was discovered that Salt incorrectly handled crafted web requests. A remote attacker could possibly use this issue to run arbitrary commands. CVE-2020-16846 It was discovered that Salt incorrectly created certificates with weak file permissions. CVE-2020-17490 It was discovered that Salt...

SUSE CVE-2020-17490

The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions...

UBUNTU-CVE-2020-17490

The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions...

Pulp Private Key Read Vulnerability

Pulp is a free and open source repository platform for managing content. The platform supports pushing content from software packages to consumers. A private key read vulnerability exists in Pulp that stems from the program allowing the creation of certificates and private keys using 644...

Candlepin: bootstrap RPM deploys CA certificate file with mode 666

modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions 666 for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file...