2193 matches found
CVE-2020-12831
An issue was discovered in FRRouting FRR aka Free Range Routing through 7.3.1. When using the split-config feature, the init script creates an empty config file with world-readable default permissions, leading to a possible information leak via tools/frr.in and tools/frrcommon.sh.in. NOTE: some...
PT-2020-13279 · Frrouting +4 · Frrouting Frr +4
Name of the Vulnerable Software and Affected Versions: FRRouting FRR versions through 7.3.1 Description: An issue was discovered in FRRouting FRR when using the split-config feature. The init script creates an empty config file with world-readable default permissions, leading to a possible...
CVE-2020-5895
On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the socket. A local system attacker can make AVRD segmentation fault SIGSEGV by writing malformed...
Security Bulletin: Multiple Vulnerabilities in python 2.6.4 used in OS Image for AIX shipped with IBM Cloud Pak System
Summary Multiple vulnerabilities have been identified in python 2.6.4 used in OS Image for AIX Systems and OS Image for RedHat Enterprise Linux Systems shipped with IBM Cloud Pak System. OS Image for AIX for IBM Cloud Pak System has addressed vulnerabilities. OS Image for RedHat Enterprise Linux...
CVE-2020-1631
A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN DVPN, Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning ZTP allows an unauthenticated attacker to perform local file inclusion LFI or path traversal. Using this vulnerability...
Grafana Information Disclosure Vulnerability (CNVD-2020-27229)
Grafana is a set of open source monitoring tools from Grafana Labs that provide a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, among others. An information disclosure vulnerability exists in Grafana 6.7.3 and earlier versions,...
CVE-2020-12459
In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml which contain a secretkey and a bindpassword are world readable...
CVE-2020-12458
An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information e.g., cleartext or encrypted datasource passwords...
CVE-2020-12459
In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml which contain a secretkey and a bindpassword are world readable...
Information disclosure
An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information e.g., cleartext or encrypted datasource passwords...
CVE-2020-12458
An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information e.g., cleartext or encrypted datasource passwords...
Mozilla: Use-after-free when handling a ReadableStream
A flaw was found in Mozilla's Firefox. A race condition can occur when handling a ReadableStream causing a use-after-free memory issue. The highest threat from this vulnerability are to data confidentiality and integrity as well as system availability...
Information Disclosure
kexec-tools is vulnerable to information disclosure. mkdumprd included unneeded sensitive files such as all files from the "/root/.ssh/" directory and the host's private SSH keys in the resulting initrd. This could lead to an information leak when initrd files were previously created with...
Information Disclosure
kernel is vulnerable to information disclosure. The vulnerability exists as /proc/PID/io is world-readable by default. Previously, these files could be read without any further restrictions. A local, unprivileged user could read these files, belonging to other, possibly privileged processes to...
The vulnerability of the ReadableStream component in Firefox ESR and Firefox web browsers, as well as in the Thunderbird email client, relates to the reallocation of memory areas. This allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of the ReadableStream component in Firefox ESR and Firefox web browsers, as well as in the Thunderbird email client, is related to the reallocation of memory areas. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity,...
CVE-2020-1620 Junos OS Evolved: Configd leaks hashes via log file and is world readable
A local, authenticated user with shell can obtain the hashed values of login passwords via configd streamer log. This issue affects all versions of Junos OS Evolved prior to 19.3R1...
Mozilla: Use-after-free when handling a ReadableStream
A flaw was found in Mozilla's Firefox. A race condition can occur when handling a ReadableStream causing a use-after-free memory issue. The highest threat from this vulnerability are to data confidentiality and integrity as well as system availability...
Mozilla: Use-after-free when handling a ReadableStream
A flaw was found in Mozilla's Firefox. A race condition can occur when handling a ReadableStream causing a use-after-free memory issue. The highest threat from this vulnerability are to data confidentiality and integrity as well as system availability...
CVE-2019-16061
A number of files on the NETSAS Enigma NMS server 65.0.0 and prior are granted weak world-readable and world-writable permissions, allowing any low privileged user with access to the system to read sensitive data e.g., .htpasswd and create/modify/delete content e.g., under /var/www/html/docs with...
CVE-2019-16061
A number of files on the NETSAS Enigma NMS server 65.0.0 and prior are granted weak world-readable and world-writable permissions, allowing any low privileged user with access to the system to read sensitive data e.g., .htpasswd and create/modify/delete content e.g., under /var/www/html/docs with...