openSUSE Security Update : postgresql96 (openSUSE-2018-203)

This update for postgresql96 to version 9.6.7 fixes the following issues : - CVE-2018-1053: Ensure that all temporary files made by pgupgrade are non-world-readable. bsc1077983 A full changelog is available here : https://www.postgresql.org/docs/9.6/static/release-9-6-7.html This update was...

pulp: Leakage of CA key in pulp-qpid-ssl-cfg

It was found that the private CA key was created in a directory that is world-readable for a small amount of time. A local user could possibly use this flaw to gain access to the private key information in the file...

PostgreSQL vulnerabilities

The PostgreSQL project reports: CVE-2018-1052: Fix the processing of partition keys containing multiple expressions only for PostgreSQL-10.x CVE-2018-1053: Ensure that all temporary files made with "pgupgrade" are non-world-readable...

World Readable Data

tripleo-heat-templates contains a world readable data vulnerability. The library does not set the proper permissions during the creation of the ceph.client.openstack.keyring, allowing a local user to access the keyring to read or modify data. This vulnerability only affects setups with openstack...

EAP-7: Wrong privileges on multiple property files

It was found that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system...

EAP-7: Wrong privileges on multiple property files

It was found that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system...

EAP-7: Wrong privileges on multiple property files

It was found that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system...

EAP-7: Wrong privileges on multiple property files

It was found that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system...

Information Disclosure Through Insecure Defaults

github.com/heketi/heketi is vulnerable to information disclosure through insecure defaults. The application by default sets the /etc/heketi/heketi.json as world readable, allowing a malicious user to access sensitive information contained in it such as passwords...

Heketi Information Disclosure Vulnerability

Heketi is a REST-based GlusterFS management framework that provides a RESTful management interface that can be used to manage the lifecycle of GlusterFS. An information disclosure vulnerability exists in Heketi version 5, which stems from a program that sets the heketi.json configuration file to ...

Design/Logic Flaw

An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file...

CVE-2017-15104

An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file...

CVE-2017-15104

An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file...

heketi: Information disclosure through world readable file

An access flaw was found in heketi, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file...

CVE-2017-15104

An access flaw was found in heketi, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file...

PT-2017-13872 · Red Hat · Heketi

Name of the Vulnerable Software and Affected Versions: Heketi version 5 Description: A security issue was discovered where the heketi.json configuration file is world readable, allowing an attacker with local access to the Heketi server to read plain-text passwords from the file. This issue expos...

Information Disclosure

puppet is vulnerable to information disclosure through world-readable files. The vulnerability occurs during the first run of puppet cert generate without a Certificate Authority CA set up. Under such conditions, puppet generates a world-readable cakey with 0644 permission, when it should have...

EAP-7: Wrong privileges on multiple property files

It was found that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system...

EAP-7: Wrong privileges on multiple property files

It was found that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.0 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...