CVE-2023-28864

Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. The data...

UBUNTU-CVE-2023-28864

Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. The data...

CVE-2023-28864

Removed by vendor...

SUSE SLES15 / openSUSE 15 Security Update : cloud-init (SUSE-SU-2023:2628-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2628-1 advisory. - Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are...

Fedora 38 : tang (2023-3e84bba241)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-3e84bba241 advisory. Fixes CVE-2023-1672 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not teste...

CVE-2023-28351

An issue was discovered in Faronics Insight 10.0.19045 on Windows. Every keystroke made by any user on a computer with the Student application installed is logged to a world-readable directory. A local attacker can trivially extract these cleartext keystrokes, potentially enabling them to obtain...

CVE-2023-28351

An issue was discovered in Faronics Insight 10.0.19045 on Windows. Every keystroke made by any user on a computer with the Student application installed is logged to a world-readable directory. A local attacker can trivially extract these cleartext keystrokes, potentially enabling them to obtain...

RHEL 9 : fwupd (RHSA-2023:2487)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2487 advisory. The fwupd packages provide a service that allows session software to update device firmware. Security Fixes: fwupd: world readable password ...

fwupd: world readable password in /etc/fwupd/redfish.conf

A flaw was found in fwupd. When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file...

ALSA-2023:2487 Moderate: fwupd security and bug fix update

The fwupd packages provide a service that allows session software to update device firmware. Security Fixes: fwupd: world readable password in /etc/fwupd/redfish.conf CVE-2022-3287 shim: 3rd party shim allow secure boot bypass CVE-2022-34301 shim: 3rd party shim allow secure boot bypass...

Hidden fields can be leaked on readable collections in Payload

Details If a user has access to documents that contain hidden fields or fields they do not have access to, the user could reverse-engineer those values via brute force. Affected versions: 1.7.0 Workarounds If you are unable to update, you can write a beforeOperation hook to remove where queries...

GHSA-35JJ-VQCF-F2JF Hidden fields can be leaked on readable collections in Payload

Details If a user has access to documents that contain hidden fields or fields they do not have access to, the user could reverse-engineer those values via brute force. Affected versions: 1.7.0 Workarounds If you are unable to update, you can write a beforeOperation hook to remove where queries...

Payload 信息泄露漏洞

Payload is a Headless CMS and application framework built using TypeScript, Node.js, React, and MongoDB. An information disclosure vulnerability exists in Payload versions prior to 1.7.0, which stems from allowing a user to reverse-engineer hidden fields in a readable collection via brute force...

barbican 安全漏洞

barbican is an OpenStack key management service, API server. A security vulnerability exists in barbican that stems from the barbican configuration file being set to globally readable in Red Hat OpenStack, which poses a security risk because it allows an attacker with limited access to the file t...

CVE-2022-2084

A vulnerability was found in cloud-init. With this flaw, sensitive data could be exposed in world-readable cloud-init logs when schema failures are reported. This issue leak could include hashed passwords...

SUSE CVE-2022-2084

Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords...

DEBIAN-CVE-2021-3429

When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user...

DEBIAN-CVE-2022-2084

Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords...

CVE-2022-2084

Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords...

UBUNTU-CVE-2021-3429

When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user...