2192 matches found
foreman: World readable file containing secrets
A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable...
SUSE-SU-2024:0657-1 Security update for rear27a
This update for rear27a fixes the following issues: - CVE-2024-23301: Fixed world-readable initrd with GRUBRESCUE=Y bsc1218728. Bug fixes: - Fix mkinitrd dependency issue by installing dracut-mkinitrd-deprecated see bsc1202352...
Fedora 39 : rear (2024-a2f6e5ddb8)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-a2f6e5ddb8 advisory. Fri Feb 9 2024 Luk Zaoral - 2.7-8 - Sync with patches in CentOS Stream 9 kudos to @pcahyna! chronologically from the latest: - Resolve libs for...
Fedora 38 : rear (2024-49ddbf447d)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-49ddbf447d advisory. Fri Feb 9 2024 Luk Zaoral - 2.7-8 - Sync with patches in CentOS Stream 9 kudos to @pcahyna! chronologically from the latest: - Resolve libs for...
CVE-2024-25107 Cross-Site Scripting in WikiDiscover
WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. On Special:WikiDiscover, the Language::date function is used when making the human-readable timestamp for inclusion on the wikicreation column. This function uses interface messages to translate the nam...
Amazon Linux 2 : rear (ALAS-2024-2451)
The version of rear installed on the remote host is prior to 2.00-7. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2451 advisory. Relax-and-Recover aka ReaR through 2.7 creates a world-readable initrd when using GRUBRESCUE=y. This allows local attackers to gain...
Medium: rear
Issue Overview: Relax-and-Recover aka ReaR through 2.7 creates a world-readable initrd when using GRUBRESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root. CVE-2024-23301 Affected Packages: rear Note: This advisory is applicable to Amazon Linux 2...
SUSE SLES12 Security Update : rear116 (SUSE-SU-2024:0291-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2024:0291-1 advisory. - Relax-and-Recover aka ReaR through 2.7 creates a world-readable initrd when using GRUBRESCUE=y. This allows local attackers to gain access to system...
SUSE-SU-2024:0292-1 Security update for rear1172a
This update for rear1172a fixes the following issues: - CVE-2024-23301: Corrected world-readable permissions for initrd, which could be an issue if it contains sensitive information bsc1218728...
SUSE-SU-2024:0291-1 Security update for rear116
This update for rear116 fixes the following issues: - CVE-2024-23301: Corrected world-readable permissions for initrd, which could be an issue if it contains sensitive information bsc1218728...
SUSE SLES15 Security Update : rear27a (SUSE-SU-2024:0253-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2024:0253-1 advisory. - Relax-and-Recover aka ReaR through 2.7 creates a world-readable initrd when using GRUBRESCUE=y. This allows local attackers to gain access to system...
SUSE-SU-2024:0253-1 Security update for rear27a
This update for rear27a fixes the following issues: - CVE-2024-23301: Fixed ReaR creates world-readable initrd with GRUBRESCUE=Y. bsc1218728...
SUSE-SU-2024:0247-1 Security update for rear23a
This update for rear23a fixes the following issues: - CVE-2024-23301: Fixed ReaR creates world-readable initrd with GRUBRESCUE=Y. bsc1218728...
SUSE-SU-2024:0239-1 Security update for rear23a
This update for rear23a fixes the following issues: - CVE-2024-23301: Corrected world-readable permissions for initrd, which could be an issue if it contains sensitive information bsc1218728...
SUSE CVE-2023-32190
mlocate's %post script allows RUNUPDATEDBAS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges...
OESA-2024-1077 rear security update
Relax-and-Recover is a setup-and-forget Linux bare metal disaster recovery solution. It is easy to set up and requires no maintenance so there is no excuse for not using it. Security Fixes: Relax-and-Recover aka ReaR through 2.7 creates a world-readable initrd when using GRUBRESCUE=y. This allows...
SUSE-SU-2024:0148-1 Security update for rear23a
This update for rear23a fixes the following issues: - CVE-2024-23301: Fixed ReaR creates world-readable initrd with GRUBRESCUE=Y. bsc1218728...
SUSE-SU-2024:0135-1 Security update for rear27a
This update for rear27a fixes the following issues: - CVE-2024-23301: Fixed ReaR creates world-readable initrd with GRUBRESCUE=Y. bsc1218728...
EulerOS Virtualization 3.0.6.0 : cloud-init (EulerOS-SA-2023-3422)
According to the versions of the cloud-init package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. Th...
EulerOS 2.0 SP11 : cloud-init (EulerOS-SA-2023-2855)
According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could...