dotnet: Dump file created world-readable

.NET Core and Visual Studio Information Disclosure Vulnerability...

Moderate: Red Hat Security Advisory: cloud-init security update

An update for cloud-init is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

cloud-init: randomly generated passwords logged in clear-text to world-readable file

A flaw was found in cloud-init. When a system is configured through cloud-init and the "Set Passwords" module is used with "chpasswd" directive and "RANDOM", the randomly generated password for the relative user is written in clear-text in a file readable by any existing user of the system. The...

RLSA-2021:3081 Moderate: cloud-init security update

The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Security Fixes: cloud-init: randomly generated passwords logged in clear-text to...

nginx <= 1.21.1 Information Disclosure Vulnerability

nginx is prone to an information disclosure vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; yo...

PYSEC-2021-125

A flaw was found in Ansible where the secret information present in asyncfiles are getting disclosed when the user changes the jobdir to a world readable directory. Any secret information in an async status file will be readable by a malicious user on that system. This flaw affects Ansible Tower...

PYSEC-2021-125

A flaw was found in Ansible where the secret information present in asyncfiles are getting disclosed when the user changes the jobdir to a world readable directory. Any secret information in an async status file will be readable by a malicious user on that system. This flaw affects Ansible Tower...

CVE-2021-3532

Removed by vendor...

Krane - Kubernetes RBAC Static Analysis And Visualisation Tool

Krane is a simple Kubernetes RBAC static analysis tool. It identifies potential security risks in K8s RBAC design and makes suggestions on how to mitigate them. Krane dashboard presents current RBAC security posture and lets you navigate through its definition. Features RBAC Risk rules - Krane...

Important: Red Hat Security Advisory: pki-core:10.6 security update

An update for the pki-core:10.6 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: pki-core:10.6 security update

The Public Key Infrastructure PKI Core contains fundamental packages required by AlmaLinux Certificate System. Security Fixes: pki-server: Dogtag installer "pkispawn" logs admin credentials into a world-readable log file CVE-2021-3551 The PKI installer "pkispawn" logs admin credentials into a...

CVE-2021-20575

IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. X-Force ID: 199278...

CVE-2021-23021

The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644...

CVE-2021-23021

The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644...

tripleo-ansible: ansible.log file is visible to unprivileged users

A flaw was found in tripleo-ansible. The Ansible log file is readable to all users during stack update and creation. The highest threat from this vulnerability is to data confidentiality...

Red Hat Ansible 信息泄露漏洞

Red Hat Ansible is a computer system configuration manager from Red Hat, an American company. The product can be used to distribute, manage, and organize computer systems. An information disclosure vulnerability exists in Red Hat Ansible. When a user changes the jobdir to a world-readable...

PT-2021-19593 · Red Hat · Tripleo-Ansible

Name of the Vulnerable Software and Affected Versions: tripleo-ansible version as shipped in Red Hat Openstack 16.1 Description: A flaw was found in the software, where the Ansible log file is readable to all users during stack update and creation. The highest threat from this vulnerability is to...

CVE-2020-4039

SUSI.AI is an intelligent Open Source personal assistant. SUSI.AI Server before version d27ed0f has a directory traversal vulnerability due to insufficient input validation. Any admin config and file readable by the app can be retrieved by the attacker. Furthermore, some files can also be moved o...

tripleo-ansible 信息泄露漏洞

tripleo-ansible is an application. Ansible scripts, roles and plugins for TripleO. An information disclosure vulnerability exists in tripleo-ansible. The vulnerability stems from the Ansible log file being readable to all users during stack updates and creation...

SUSE: Security Advisory (SUSE-SU-2018:0507-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...