AZL-66000 CVE-2020-8908 affecting package guava20 20.0-5

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir. By default, on unix-like systems, the created directory i...

DEBIAN-CVE-2020-8908

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir. By default, on unix-like systems, the created directory i...

UBUNTU-CVE-2020-8908

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir. By default, on unix-like systems, the created directory i...

SUSE SLES12 Security Update : libzypp (SUSE-SU-2020:0079-2)

This update for libzypp fixes the following issues : Security issue fixed : CVE-2019-18900: Fixed assert cookie file that was world readable bsc1158763. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted...

CVE-2020-26261 user-readable api tokens in systemd units

jupyterhub-systemdspawner enables JupyterHub to spawn single-user notebook servers using systemd. In jupyterhub-systemdspawner before version 0.15 user API tokens issued to single-user servers are specified in the environment of systemd units. These tokens are incorrectly accessible to all users...

Linux: Read /etc/shadow

shadow is a file which contains the password information for the system Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

CVE-2020-10762

An information-disclosure flaw was found in the way that gluster-block before 0.5.1 logs the output from gluster-block CLI operations. This includes recording passwords to the cmdhistory.log file which is world-readable. This flaw allows local users to obtain sensitive information by reading the...

CVE-2020-26551

An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file...

CVE-2020-26551

An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file...

FreeBSD : salt -- multiple vulnerabilities (50259d8b-243e-11eb-8bae-b42e99975750)

SaltStack reports multiple security vulnerabilities in Salt 3002 : - CVE-2020-16846: Prevent shell injections in netapi ssh client. - CVE-2020-17490: Prevent creating world readable private keys with the tls execution module. - CVE-2020-25592: Properly validate eauth credentials and tokens along...

grafana: information disclosure through world-readable /var/lib/grafana/grafana.db

An information-disclosure flaw was found in the way Grafana set permissions for the database directory and file. This flaw allows a local attacker access to potentially sensitive information such as cleartext or encrypted datasource passwords from /var/lib/grafana/grafana.db...

grafana: information disclosure through world-readable grafana configuration files

An information-disclosure flaw was found in Grafana distributed by Red Hat. This flaw allows a local attacker access to potentially sensitive information such as secretkey and a bindpassword from the world-readable files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml...

frr: default permission issue eases information leaks

An issue was discovered in FRRouting FRR aka Free Range Routing through 7.3.1. When using the split-config feature, the init script creates an empty config file with world-readable default permissions, leading to a possible information leak via tools/frr.in and tools/frrcommon.sh.in. NOTE: some...

Juniper Junos NFX350 Series Readable Password Hashes Vulnerability (JSA11066)

The version of Junos OS installed on the remote host is NFX350 Series prior to 19.4R3 or 20.1R1-S4. It is, therefore, affected by a vulnerability. This vulnerability allows a local attacker with access to brute-force decrypt password hashes stored on the system as referenced in the JSA11066...

CVE-2020-1669

The Juniper Device Manager JDM container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local...

CVE-2020-1669 Junos OS: NFX350: Password hashes stored in world-readable format

The Juniper Device Manager JDM container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local...

gluster-block: information disclosure through world-readable gluster-block log files

An information-disclosure flaw was found in the way that gluster-block logs the output from gluster-block CLI operations. This includes recording passwords to the cmdhistory.log file which is world-readable. This flaw allows local users to obtain sensitive information by reading the log file. The...

cPanel Privilege Management Vulnerability

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A security vulnerability exists in cPanel versions prior to 88.03, which stems from having weak privileges globally readable to t...

CVE-2020-26106

cPanel before 88.0.3 has weak permissions world readable for the proxy subdomains log file SEC-558...

CVE-2020-15850

Insecure permissions in Nakivo Backup & Replication Director version 9.4.0.r43656 on Linux allow local users to access the Nakivo Director web interface and gain root privileges. This occurs because the database containing the users of the web application and the password-recovery secret value is...