2192 matches found
tripleo-ansible: bind keys are world readable
An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information...
tripleo-ansible: bind keys are world readable
An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information...
RHEL 8 : Red Hat OpenStack Platform 17.1 (tripleo-ansible and openstack-tripleo-heat-templates) (RHSA-2024:2770)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2770 advisory. Heat templates for TripleO TripleO Ansible project repository. Contains playbooks for use with TripleO OpenStack deployments. https://opendev.org...
CVE-2023-5937
On Windows systems, the Arc configuration files resulted to be world-readable. This can lead to information disclosure by local attackers, via exfiltration of sensitive data from configuration files...
CVE-2023-5937
CVE-2023-5937 affects Arc before version 1.6.0 on Windows, where configuration files are world-readable, enabling local information disclosure. Multiple sources describe this as a local-access risk that could exfiltrate sensitive data from Arc’s configuration files. The issue is linked to Arc’s W...
Sensitive data exfiltration via unsafe permissions on Windows systems in Arc before v1.6.0
Summary On Windows systems, the Arc configuration files resulted to be world-readable. Impact This can lead to information disclosure by local attackers, via exfiltration of sensitive data from configuration files. Mitigation N/A Solution Upgrade to v1.6.0 or later...
PT-2024-14846 · Arc · Arc
Name of the Vulnerable Software and Affected Versions: Arc affected versions not specified Description: The issue is related to Arc configuration files being world-readable on Windows systems. This can lead to information disclosure by local attackers, via exfiltration of sensitive data from...
CVE-2024-32021
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target reposito...
CVE-2024-32021
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target reposito...
CVE-2024-22343
IBM TXSeries for Multiplatforms 8.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 280190...
RLSA-2024:1719 Moderate: rear security update
Relax-and-Recover is a recovery and system migration utility. The utility produces a bootable image and restores from backup using this image. It allows to restore to different hardware and can therefore be also used as a migration utility. Security Fixes: rear: creates a world-readable initrd...
HardeningMeter - Open-Source Python Tool Carefully Designed To Comprehensively Assess The Security Hardening Of Binaries And Systems
HardeningMeter is an open-source Python tool carefully designed to comprehensively assess the security hardening of binaries and systems. Its robust capabilities include thorough checks of various binary exploitation protection mechanisms, including Stack Canary, RELRO, randomizations ASLR, PIC,...
Fedora 38 : et (2024-bd9e67c117)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bd9e67c117 advisory. Update to 6.2.8, fixing CVE-2022-48257 and CVE-2022-48258 ---- Unbundle cpp-httlib, fixing CVE-2023-26130 Tenable has extracted the preceding...
Fedora 39 : et (2024-94a155818c)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-94a155818c advisory. Update to 6.2.8, fixing CVE-2022-48257 and CVE-2022-48258 ---- Unbundle cpp-httlib, fixing CVE-2023-26130 Tenable has extracted the preceding...
RHEL 7 : openstack-octavia (RHSA-2019:0593)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:0593 advisory. The OpenStack Load Balancing service openstack-octavia provides a Load Balancing-as-a-Service LBaaS version 2 implementation for Red Hat OpenStack...
RHEL 5 / 6 : CloudForms System Engine 1.1 update (Important) (RHSA-2012:1543)
The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1543 advisory. Red Hat CloudForms is an on-premise hybrid cloud Infrastructure-as-a-Service IaaS product that lets you create and manage private and...
CVE-2024-2905
A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication da...
AZL-42310 CVE-2024-2905 affecting package rpm-ostree for versions less than 2024.4-3
A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication da...
CVE-2024-2905
A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication da...
CVE-2024-2905 Rpm-ostree: world-readable /etc/shadow file
A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication da...