Default credentials

Red Hat QuickStart Cloud Installer QCI uses world-readable permissions for /etc/qci/answers, which allows local users to obtain the root password for the deployed system by reading the file...

CVE-2016-6322

Red Hat QuickStart Cloud Installer QCI uses world-readable permissions for /etc/qci/answers, which allows local users to obtain the root password for the deployed system by reading the file...

Updated redis packages fix security vulnerability

It was discovered that redis did not properly protect redis-cli history files; they were created by default with world-readable permissions CVE-2013-7458...

MGASA-2016-0295 Updated redis packages fix security vulnerability

It was discovered that redis did not properly protect redis-cli history files; they were created by default with world-readable permissions CVE-2013-7458...

CVE-2016-5411

/var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer QCI before 1.0 GA is created world readable and contains the root password of the deployed system...

Debian Security Advisory DSA 3654-1 (quagga - security update)

Two vulnerabilities were discovered in quagga, a BGP/OSPF/RIP routing daemon. CVE-2016-4036 Tams Nmeth discovered that sensitive configuration files in /etc/quagga were world-readable despite containing sensitive information. CVE-2016-4049 Evgeny Uskov discovered that a bgpd instance handling man...

DSA-3654-1 quagga - security update

Bulletin has no description...

Kaspersky Internet Security KLIF Driver NtUserCreateWindowEx_HANDLER Denial of Service

Summary A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Internet Security KLIF driver. A specially crafted native api call request can cause a access violation exception in KLIF kernel driver resulting in local denial of service. An attacker can ru...

DLA-601-1 quagga - security update

Bulletin has no description...

CVE-2013-7458

linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .redisclihistory, which allows local users to obtain sensitive information by reading the file...

CVE-2013-7458

linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .redisclihistory, which allows local users to obtain sensitive information by reading the file...

UBUNTU-CVE-2013-7458

linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .redisclihistory, which allows local users to obtain sensitive information by reading the file...

DEBIAN-CVE-2013-7458

linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .redisclihistory, which allows local users to obtain sensitive information by reading the file...

CVE-2013-7458

linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .redisclihistory, which allows local users to obtain sensitive information by reading the file...

[SECURITY] [DLA 588-1] mongodb security update

Package : mongodb Version : 2.0.6-1+deb7u1 CVE ID : CVE-2016-6494 Debian Bug : 832908, 833087 Two security related problems have been found in the mongodb package, related to logging. CVE-2016-6494 World-readable .dbshell history file TEMP-0833087-C5410D Bruteforcable challenge responses in...

Debian Security Advisory DSA 3634-1 (redis - security update)

It was discovered that redis, a persistent key-value database, did not properly protect redis-cli history files: they were created by default with world-readable permissions. Users and systems administrators may want to proactively change permissions on existing /redisclihistory files, instead of...

Debian: Security Advisory (DSA-3634-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-577-1 : redis security update

It was discovered that the redis-cli tool in redis an in-memory key-value database created world-readable history files. For Debian 7 'Wheezy', this issue has been fixed in redis version 2:2.4.14-1+deb7u1. We recommend that you upgrade your redis packages. NOTE: Tenable Network Security has...

[SECURITY] [DLA 577-1] redis security update

Package : redis Version : 2:2.4.14-1+deb7u1 CVE ID : CVE-2013-7458 Debian Bug : 832460 It was discovered that the redis-cli tool in redis an in-memory key-value database created world-readable history files. For Debian 7 "Wheezy", this issue has been fixed in redis version 2:2.4.14-1+deb7u1. We...

[SECURITY] [DSA 3634-1] redis security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3634-1 [email protected] https://www.debian.org/security/ Sebastien Delafond July 30, 2016 https://www.debian.org/security/faq -...