netty: world readable temporary file containing sensitive data

CVE-2021-21290 contains an incomplete fix, and this addresses the issue found in netty. When using multipart decoders in netty, local information disclosure can occur via the local system temporary directory if temporary storing of uploads on the disk is enabled...

CVE-2022-23952

In Keylime before 6.3.0, current keylime installer installs the keylime.conf file, which can contain sensitive data, as world-readable...

CVE-2022-1798

A path traversal vulnerability in KubeVirt versions up to 0.56 and 0.55.1 on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/ is not accessible...

Directory Traversal

unisharp/laravel-filemanager is vulnerable to directory traversal vulnerability. A remote attacker can retrieve the credentials of the currently logged-in user using the download?workingdir=%2F curl command and gain access to all files that are readable by that particular user...

KubeVirt vulnerable to arbitrary file read on host

As part of a Kubevirt audit performed by NCC group, a finding dealing with systemic lack of path sanitization which leads to a path traversal was identified. Google tested the exploitability of the paths in the audit report and identified that when combined with another vulnerability one of the...

CVE-2022-39821

In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an Application Log File vulnerability occurs. The web application stores critical information, such as cleartext user credentials, in world-readable files in the filesystem...

CVE-2022-39821

In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an Application Log File vulnerability occurs. The web application stores critical information, such as cleartext user credentials, in world-readable files in the filesystem...

NOKIA 1350 OMS 日志信息泄露漏洞

NOKIA 1350 OMS is an optical management system from Nokia Finland. A log information disclosure vulnerability exists in NOKIA 1350 OMS version R14.2, which arises from the insertion of sensitive information into an application log file, where a web application stores critical information in a...

Amazon Linux 2022 : logrotate (ALAS2022-2022-095)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-095 advisory. A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock...

CVE-2021-3917

A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local attacker to have read access to potentially sensitive data. The highest threat from this vulnerability is to confidentiality...

PT-2022-14121 · Kubevirt +1 · Kubevirt +1

Name of the Vulnerable Software and Affected Versions: KubeVirt versions up to 0.56 KubeVirt version 0.55.1 Description: A path traversal vulnerability in KubeVirt allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are...

CVE-2022-35919 Authenticated requests for server update admin API allows path traversal in minio

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. In affected versions all 'admin' users authorized for admin:ServerUpdate can selectively trigger an error that in response, returns the content of the path requested. Any normal OS system would allow...

[SECURITY] Fedora 36 Update: butane-0.15.0-2.fc36

Butane translates human-readable Butane Configs into machine-readable Ignition configs for provisioning operating systems that use Ignition...

CVE-2020-4138

IBM SiteProtector Appliance 3.1.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174049...

CVE-2022-27548

HCL Launch stores user credentials in plain clear text which can be read by a local user...

CVE-2022-33737

The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password...

OpenVPN 日志信息泄露漏洞

OpenVPN is a software package from US-based OpenVPN Inc. for creating encrypted tunnels for virtual private networks VPNs, which uses the OpenSSL library to encrypt data and control information, and allows created VPNs to be authenticated using public keys, electronic certificates, or...

UBUNTU-CVE-2022-2084

Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : cloud-init vulnerability (USN-5496-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5496-1 advisory. Mike Stroyan discovered that cloud-init could log password hashes when reporting schema failures. An attacker with access to these logs...

PT-2022-14845 · Unknown +6 · Cloud-Init +6

Name of the Vulnerable Software and Affected Versions: cloud-init versions prior to 22.3 Description: Sensitive data could be exposed in world-readable logs of cloud-init when schema failures are reported, potentially including hashed passwords. This issue may allow an attacker to gain unauthoriz...