224 matches found
PT-2023-29650
Name of the Vulnerable Software and Affected Versions CFEngine Enterprise versions 3.6.0 through 3.18.5 CFEngine Enterprise versions 3.21.0 through 3.21.2 Description The issue is a SQL Injection vulnerability in the Mission Portal login page of the CFEngine hub. This vulnerability allows for SQL...
CVE-2023-45684
The CVE-2023-45684 issue affects Northern.tech CFEngine Enterprise, specifically the Mission Portal login page. A SQL Injection vulnerability exists in CFEngine Hub’s Mission Portal, with earliest affected version 3.6.0 and a broad range up to 3.18.5 (for the 3.6.0–3.18.5 line) and 3.21.0–3.21.2 ...
CVE-2023-45684
Northern.tech CFEngine Enterprise before 3.21.3 allows SQL Injection. The fixed versions are 3.18.6 and 3.21.3. The earliest affected version is 3.6.0. The issue is in the Mission Portal login page in the CFEngine hub...
SUSE SLES12 Security Update : cfengine, cfengine-masterfiles (SUSE-SU-2023:2126-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2126-1 advisory. - Northern.tech CFEngine Enterprise 3.15.4 before 3.15.5 has Insecure Permissions that may allow unauthorized local users to have a...
SUSE-SU-2023:2126-1 Security update for cfengine, cfengine-masterfiles
This update for cfengine, cfengine-masterfiles fixes the following issues: Changes in cfengine: - cfengine3.target: removed, replaced by upstream cfengine3.service - In version 3.15.0, cfengine core split off libutils and libcompat directories as libntech. We include both together as we do not us...
CVE-2023-26560
Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials...
CVE-2023-26560
Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials...
CVE-2023-26560
Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials...
Design/Logic Flaw
Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials...
Northern.tech CFEngine 安全漏洞
Northern.tech CFEngine is an IT infrastructure configuration management and automation framework. A security vulnerability exists in Northern.tech CFEngine Enterprise versions prior to 3.21.1. An attacker can exploit this vulnerability to read arbitrary files and obtain sensitive information from...
CVE-2023-26560
Northern.tech CFEngine Enterprise before 3.21.1 is affected. A subset of authenticated users can abuse the Scheduled Reports feature to read arbitrary files and potentially discover credentials, impacting confidentiality. The issue is acknowledged across multiple sources; remediation available vi...
CVE-2023-26560
Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials...
SUSE CVE-2005-2960
cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137...
SUSE CVE-2019-9929
Northern.tech CFEngine Enterprise 3.12.1 has Insecure Permissions...
SUSE CVE-2021-36756
CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL Certificate Validation...
SUSE CVE-2021-38379
The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has Insecure Permissions that allow local Information Disclosure...
SUSE CVE-2021-44216
Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18.1 has Insecure Permissions that may allow unauthorized local users to access the Apache and Mission Portal log files...
SUSE CVE-2021-44215
Northern.tech CFEngine Enterprise 3.15.4 before 3.15.5 has Insecure Permissions that may allow unauthorized local users to have an unspecified impact...
CVE-2021-44216
Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18.1 has Insecure Permissions that may allow unauthorized local users to access the Apache and Mission Portal log files...
CVE-2021-44216
Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18.1 has Insecure Permissions that may allow unauthorized local users to access the Apache and Mission Portal log files...