Information disclosure

A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable...

CVE-2023-4886 Foreman: world readable file containing secrets

A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable...

CVE-2023-4886 Foreman: world readable file containing secrets

A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable...

PT-2023-30988 · Apache · Apache Tomcat

Name of the Vulnerable Software and Affected Versions: foreman affected versions not specified Description: A sensitive information exposure issue was found in foreman, where the contents of tomcat's server.xml file are world readable. This file contains passwords to candlepin's keystore and...

CVE-2023-44124

The vulnerability is to theft of arbitrary files with system privilege in the Screen recording "com.lge.gametools.gamerecorder" app in the "com/lge/gametools/gamerecorder/settings/ProfilePreferenceFragment.java" file. The main problem is that the app launches implicit intents that can be...

Design/Logic Flaw

The vulnerability is to theft of arbitrary files with system privilege in the LockScreenSettings "com.lge.lockscreensettings" app in the "com/lge/lockscreensettings/dynamicwallpaper/MyCategoryGuideActivity.java" file. The main problem is that the app launches implicit intents that can be...

CVE-2023-44124

The CVE-2023-44124 issue affects the Screen recording app (com.lge.gametools.gamerecorder). The root cause is that the app launches implicit intents that can be intercepted by other apps on the device, and the returned data goes to onActivityResult, enabling theft of arbitrary files. The app stor...

CVE-2023-44124 Screen recording - Theft of arbitrary files with system privilege

The vulnerability is to theft of arbitrary files with system privilege in the Screen recording "com.lge.gametools.gamerecorder" app in the "com/lge/gametools/gamerecorder/settings/ProfilePreferenceFragment.java" file. The main problem is that the app launches implicit intents that can be...

PT-2023-29116 · Unknown · Lockscreensettings

Name of the Vulnerable Software and Affected Versions: LockScreenSettings affected versions not specified Description: The issue is related to the theft of arbitrary files with system privilege in the LockScreenSettings app. The main problem is that the app launches implicit intents that can be...

Amazon Linux 2 : ansible (ALASANSIBLE2-2023-006)

The version of ansible installed on the remote host is prior to 2.9.12-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ANSIBLE2-2023-006 advisory. An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive da...

PT-2023-29118 · Lg Electronics +1 · Lg V60 Thin Q 5G +1

Name of the Vulnerable Software and Affected Versions: Screen recording app affected versions not specified Description: The issue concerns the theft of arbitrary files with system privilege in the Screen recording app. The main problem is that the app launches implicit intents that can be...

LG Mobile Security Breach

LG mobile is a series of mobile device products from South Korea's Luckin LG. A security vulnerability exists in LG Mobile. An attacker could use this vulnerability to change the file access mode to globally readable and globally writable...

Oracle Linux 5 : dovecot (ELSA-2009-0205)

The remote Oracle Linux 5 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2009-0205 advisory. - Resolves: 436287, CVE-2008-4870 - Resolves: 469015, CVE-2008-4577 Tenable has extracted the preceding description block directly from the Oracle Linu...

Oracle Linux 5 : bind (ELSA-2008-0300)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2008-0300 advisory. - CVE-2008-0122 small buffer overflow in inetnetwork - CVE-2007-6283 419421 Tenable has extracted the preceding description block directly from the...

Moderate: Red Hat Security Advisory: RHUI 4.5.0 release - Security, Bug Fixes, and Enhancements

An updated version of Red Hat Update Infrastructure RHUI is now available. RHUI 4.5 fixes several security and operational bugs and also adds several new features. Red Hat Update Infrastructure RHUI offers a highly scalable, highly redundant framework that enables you to manage repositories and...

EulerOS 2.0 SP9 : cloud-init (EulerOS-SA-2023-2576)

According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could...

AiCEF - An AI-assisted cyber exercise content generation framework using named entity recognition

AiCEF is a tool implementing the accompanying framework 1 in order to harness the intelligence that is available from online resources, as well as threat groups' activities, arsenal eg. MITRE, to create relevant and timely cybersecurity exercise content. This way, we abstract the events from the...

EulerOS 2.0 SP10 : cloud-init (EulerOS-SA-2023-2375)

According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could...

EulerOS 2.0 SP10 : cloud-init (EulerOS-SA-2023-2349)

According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could...

CVE-2023-28864

Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. The data...