Design/Logic Flaw

Insecure permissions in Nakivo Backup & Replication Director version 9.4.0.r43656 on Linux allow local users to access the Nakivo Director web interface and gain root privileges. This occurs because the database containing the users of the web application and the password-recovery secret value is...

CVE-2020-4344

IBM Tivoli Business Service Manager 6.2.0.0 - 6.2.0.2 IF 1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 178247...

ansible: atomic_move primitive sets permissive permissions

A flaw was found in Ansible Engine when a file is moved using atomicmove primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions...

CVE-2020-4171

IBM Security Guardium Insights 2.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174407...

CVE-2019-4695

IBM Security Guardium Data Encryption GDE 3.0.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 171926...

Solana BBP: Buffer can be readable through Debug on metrics.solana.com

Summary: Buffer memory can be readable due to debug mode enable in one of the sub-domains. t Steps To Reproduce: 1.Open https://metrics.solana.com:8086/debug/pprof/goroutine?debug=1 2. Here you can also brute force the endpoint. Supporting Material/References: F955888 Impact Buffer over-reads can...

MGASA-2020-0326 Updated targetcli packages fix security vulnerability

An access flaw was found in targetcli, where the /etc/target and underneath backup directory/files were world-readable. This flaw allows a local attacker to access potentially sensitive information such as authentication credentials from the /etc/target/saveconfig.json and backup files. The highe...

Updated targetcli packages fix security vulnerability

An access flaw was found in targetcli, where the /etc/target and underneath backup directory/files were world-readable. This flaw allows a local attacker to access potentially sensitive information such as authentication credentials from the /etc/target/saveconfig.json and backup files. The highe...

CVE-2020-4405

IBM Verify Gateway IVG 1.0.0 and 1.0.1 could disclose potentially sensitive information to an authenticated user due to world readable log files. IBM X-Force ID: 179484...

CVE-2020-4405

IBM Verify Gateway IVG 1.0.0 and 1.0.1 could disclose potentially sensitive information to an authenticated user due to world readable log files. IBM X-Force ID: 179484...

Design/Logic Flaw

IBM Verify Gateway IVG 1.0.0 and 1.0.1 could disclose potentially sensitive information to an authenticated user due to world readable log files. IBM X-Force ID: 179484...

Airshare - Cross-platform Content Sharing In A Local Network

Airshare is a Python-based CLI tool and module that lets you transfer data between two machines in a local network, P2P, using Multicast-DNS. It also opens an HTTP gateway for other non-CLI external interfaces. It works completely offline! Built with aiohttp and zeroconf. Checkout the demo...

Exploit for Path Traversal in F5 Big-Ip_Access_Policy_Manager

cve-2020-5902 cve-2020-5902 POC exploit bash POC CVE-2020-...

CVE-2020-15324

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/opt/axXMPPHandler/config/xmppconfig.py file that stores hardcoded credentials...

CVE-2020-15324

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/opt/axXMPPHandler/config/xmppconfig.py file that stores hardcoded credentials...

Hardcoded credentials

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/opt/axXMPPHandler/config/xmppconfig.py file that stores hardcoded credentials...

CVE-2020-10782

An exposure of sensitive information flaw was found in Ansible version 3.7.0. Sensitive information, such tokens and other secrets could be readable and exposed from the rsyslog configuration file, which has set the wrong world-readable permissions. The highest threat from this vulnerability is t...

GaussDB: Restricting the Permission for the SSL Private Key

If SSL is used, you need to configure the SSL certificate on the database server. You are advised to set the permission for the private key file to owner-readable-only. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright...

Information Disclosure

apollo-server-cloudflare is vulnerable to information leakage. Lack of validation rules enforcement during the subscription server creation with NoInstrospection rule for websockets exposes GraphQL schema types, their relations, human-readable names and many More information on the references...

Information Exposure

Overview Versions of apollo-server-hapi prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, their relations...