2198 matches found
Information disclosure
SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade created world-readable swap files on systems that don't have a swap already configured and don't have btrfs as filesystem...
CVE-2019-3684
CVE-2019-3684 affects SUSE Manager up to 4.0.7 and Uyuni up to the commit 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade. The underlying issue is creation of world-readable swap files on systems that do not already have swap configured and do not have a btrfs filesystem. This leads to potential disclos...
CVE-2019-3684 susemanager installer creates world-readable swap files
SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade created world-readable swap files on systems that don't have a swap already configured and don't have btrfs as filesystem...
Information Disclosure
cups is vulnerable to information disclosure. The vulnerability exists as the web interface in cups do not check if the files have world-readable permissions...
Elevation Of Privileges By An Untrusted Search Path Vulnerability
Luci is a web-based high availability administration application. A flaw was found in the way the luci service was initialized. If a system administrator started the luci service from a directory that was writable to by a local user, that user could use this flaw to execute arbitrary code as the...
CVE-2019-3891
It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify the database and prevent Satellite from fetching...
CVE-2018-13286
Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager DSM before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration...
CVE-2018-13291
Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology DiskStation Manager DSM before 6.2.1-23824 allows remote authenticated users to obtain sensitive information via the world readable configuration...
CVE-2018-13292
Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology Router Manager SRM before 1.1.7-6941-2 allows remote authenticated users to obtain sensitive information via the world readable configuration...
CVE-2018-13287
Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager SRM before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration...
CVE-2018-13292
Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology Router Manager SRM before 1.1.7-6941-2 allows remote authenticated users to obtain sensitive information via the world readable configuration...
CVE-2018-13287
Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager SRM before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration...
CVE-2018-13291
Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology DiskStation Manager DSM before 6.2.1-23824 allows remote authenticated users to obtain sensitive information via the world readable configuration...
Information disclosure
Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology DiskStation Manager DSM before 6.2.1-23824 allows remote authenticated users to obtain sensitive information via the world readable configuration...
CVE-2018-13286
Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager DSM before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration...
PT-2019-8951 · Synology · Synology Diskstation Manager
Name of the Vulnerable Software and Affected Versions: Synology Diskstation Manager DSM versions prior to 6.2-23739-1 Description: The issue is related to incorrect default permissions in the synouser.conf file, allowing remote authenticated users to obtain sensitive information due to the...
openstack-octavia: Private keys written to world-readable log files
In a default Red Hat Openstack Platform Director installation, openstack-octavia creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowing for information exposure...
openstack-octavia: Private keys written to world-readable log files
In a default Red Hat Openstack Platform Director installation, openstack-octavia creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowing for information exposure...
Debian DLA-1709-1 : waagent security update
Francis McBratney discovered that the Windows Azure Linux Agent created swap files with world-readable permissions, resulting in information disclosure. For Debian 8 'Jessie', this problem has been fixed in version 2.2.18-3deb8u2. We recommend that you upgrade your waagent packages. NOTE: Tenable...
[SECURITY] [DLA 1709-1] waagent security update
Package : waagent Version : 2.2.18-3deb8u2 CVE ID : CVE-2019-0804 Francis McBratney discovered that the Windows Azure Linux Agent created swap files with world-readable permissions, resulting in information disclosure. For Debian 8 "Jessie", this problem has been fixed in version 2.2.18-3deb8u2. ...