UBUNTU-CVE-2019-13033

In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing the license key, it may be possible to upload th...

[oss-security] CVE request: PHP configure script and Lynis tool /tmp/ issues reported on full disclosure

Good morning, http://seclists.org/fulldisclosure/2014/Jun/21 reports two temporary file issues. The first is in PHP's configure script: char filename = "/tmp/phpglibccheck"; Red Hat bug: https://bugzilla.redhat.com/showbug.cgi?id=1104978 The second issue is Lynis writing a predictable file to...

[oss-security] Re: CVE request: PHP configure script and Lynis tool /tmp/ issues reported on full disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 39 if "$OS" = "AIX" ; then 40 TMPFILE=/tmp/lynis.$$ We can make a CVE assignment corresponding to your disclosure of this lynis.$$ issue on oss-security. Use CVE-2014-3982. A CVE for this most likely won't or shouldn't have a...