EUVD-2020-6090

Malware in sbrugna...

EUVD-2019-4601

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-13882

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TOCTOU race condition. The routine to check the log and report file permissions was not...

Linux Distros Unpatched Vulnerability : CVE-2019-13033

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be use...

SUSE CVE-2019-13033

In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing the license key, it may be possible to upload th...

CVE-2020-13882

CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TOCTOU race condition. The routine to check the log and report file permissions was not working as intended and could be bypassed locally. Because of the race, an unprivileged attacker can set up a log and report file, and contro...

CVE-2019-13033

In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing the license key, it may be possible to upload th...

Amazon Linux AMI : lynis (ALAS-2020-1419)

The version of lynis installed on the remote host is prior to 3.0.0-1.17. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1419 advisory. In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is...

Medium: lynis

Issue Overview: In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing the license key, it may be...

CISOfy Lynis Competitive Conditions Issue Vulnerability

CISOfy Lynis is a system security auditing tool from CISOfy Netherlands that supports multiple platforms. A Competing Conditions Issue vulnerability exists in CISOfy Lynis versions prior to 3.0.0. An attacker could exploit the vulnerability to bypass symbolic link checks and manipulate data in lo...

CISOfy Lynis Information Disclosure Vulnerability

CISOfy Lynis is a system security auditing tool from CISOfy Netherlands that supports multiple platforms. A security vulnerability exists in CISOfy Lynis versions 2.x through 2.7.5. The vulnerability can be exploited by an attacker to obtain a license key by observing a list of processes...

CVE-2020-13882

CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TOCTOU race condition. The routine to check the log and report file permissions was not working as intended and could be bypassed locally. Because of the race, an unprivileged attacker can set up a log and report file, and contro...

CVE-2019-13033

In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing the license key, it may be possible to upload th...

CVE-2019-13033

In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing the license key, it may be possible to upload th...

CVE-2020-13882

CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TOCTOU race condition. The routine to check the log and report file permissions was not working as intended and could be bypassed locally. Because of the race, an unprivileged attacker can set up a log and report file, and contro...

Design/Logic Flaw

In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing the license key, it may be possible to upload th...

CVE-2020-13882

CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TOCTOU race condition. The routine to check the log and report file permissions was not working as intended and could be bypassed locally. Because of the race, an unprivileged attacker can set up a log and report file, and contro...

CVE-2019-13033

In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing the license key, it may be possible to upload th...

Race condition

CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TOCTOU race condition. The routine to check the log and report file permissions was not working as intended and could be bypassed locally. Because of the race, an unprivileged attacker can set up a log and report file, and contro...

UBUNTU-CVE-2019-13033

In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing the license key, it may be possible to upload th...