Lucene search
+L

7 matches found

Tenable Nessus
Tenable Nessus
added 2020/08/31 12:0 a.m.30 views

Amazon Linux AMI : lynis (ALAS-2020-1419)

The version of lynis installed on the remote host is prior to 3.0.0-1.17. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1419 advisory. In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is...

4.2CVSS5.6AI score0.00365EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2020/07/03 12:0 a.m.23 views

Fedora: Security Advisory for lynis (FEDORA-2020-f251753b0f)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

4.2AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/07/01 12:0 a.m.30 views

Fedora 31 : lynis (2020-059e1591d6)

Update to 3.0.0 rhbz 1848716, Fixes CVE-2020-13882 / CVE-2019-13033 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

4.2CVSS5.5AI score0.00365EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/07/01 12:0 a.m.32 views

Fedora 32 : lynis (2020-f251753b0f)

Update to 3.0.0 rhbz 1848716, fixes CVE-2020-13882 / CVE-2019-13033 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

4.2CVSS5.5AI score0.00365EPSS
Exploits0References3
NVD
NVD
added 2020/06/18 6:15 p.m.17 views

CVE-2020-13882

CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TOCTOU race condition. The routine to check the log and report file permissions was not working as intended and could be bypassed locally. Because of the race, an unprivileged attacker can set up a log and report file, and contro...

4.2CVSS0.00256EPSS
Exploits0References4
CVE
CVE
added 2020/06/18 5:35 p.m.88 views

CVE-2020-13882

CVE-2020-13882 affects CISOfy Lynis prior to 3.0.0, where an incorrect access control due to a TOCTOU race in log/report permission checks can be bypassed locally. An unprivileged attacker could set up a log/report file, manipulate it during the check, then recreate/remove it for follow-on attack...

4.2CVSS4.1AI score0.00256EPSS
Exploits0References4Affected Software1
FreeBSD
FreeBSD
added 2020/06/18 12:0 a.m.32 views

Several issues in Lynis

lynis update: This release resolves two security issues CVE-2020-13882 - Discovered by Sander Bos, code submission by Katarina Durechova CVE-2019-13033 - Discovered by Sander Bos...

4.2CVSS2.1AI score0.00365EPSS
Exploits0References1
Rows per page
Query Builder