Input validation

Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities. The application contains multiple configuration files with world-readable permissions that could allow an authenticated malicious user to utilize the file contents to potentially...

Dell EMC ESRS Virtual Edition Incorrect File Permissions Vulnerability

Dell EMC ESRS is a secure storage product from DEll. An incorrect file permission vulnerability exists in Dell EMC ESRS Virtual Edition, an application that contains multiple configuration files with world-readable permissions, allowing an authenticated, malicious user to exploit the contents of...

CVE-2018-11752

Previous releases of the Puppet ciscoios module output SSH session debug information including login credentials to a world readable file on every run. These issues have been resolved in the 0.4.0 release...

CVE-2018-11752

Previous releases of the Puppet ciscoios module output SSH session debug information including login credentials to a world readable file on every run. These issues have been resolved in the 0.4.0 release...

CVE-2018-11748

Previous releases of the Puppet devicemanager module creates configuration files containing credentials that are world readable. This issue has been resolved as of devicemanager 2.7.0...

CVE-2018-11748

Previous releases of the Puppet devicemanager module creates configuration files containing credentials that are world readable. This issue has been resolved as of devicemanager 2.7.0...

Design/Logic Flaw

Previous releases of the Puppet devicemanager module creates configuration files containing credentials that are world readable. This issue has been resolved as of devicemanager 2.7.0...

CVE-2018-11748

Previous releases of the Puppet devicemanager module creates configuration files containing credentials that are world readable. This issue has been resolved as of devicemanager 2.7.0...

Updated libcgroup packages fix security vulnerability

The cgrulesengd daemon cgred in libcgroup through version 0.41 creates log files /var/log/cgred with world readable and writable permissions 0o666 due to a reset of the file mode creation mask umask0 in the daemon/cgrulesengd.c:cgrestartdaemon function CVE-2018-14348...

Debian: Security Advisory (DLA-1472-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 1472-1] libcgroup security update

Package : libcgroup Version : 0.41-6+deb8u1 CVE ID : CVE-2018-14348 Debian Bug : 906308 The cgrulesengd daemon in libcgroup creates log files with world readable and writable permissions due to a reset of the file mode creation mask umask0. For Debian 8 "Jessie", this problem has been fixed in...

All For One Information Disclosure Vulnerability

All For One is an Ether-based gambling game. An information disclosure vulnerability exists in the 'maxRandom' function in All For One's smart contract implementation, which stems from the program's use of publicly readable variables to generate arbitrary values. An attacker could use the...

Design/Logic Flaw

The randMod function of the smart contract implementation for MyCryptoChamp, an Ethereum game, generates a random value with publicly readable variables such as the current block information and a private variable, which can be read with a getStorageAt call. Therefore, attackers can get powerful...

Insecure Defaults

libcgroup.so is vulnerable to insecure defaults. The library creates a log file with world readable and writable permissions, allowing a malicious user to read or write to the log file...

openSUSE Security Update : rsyslog (openSUSE-2018-789)

This update for rsyslog fixes the following issues : The following security vulnerability was addressed : CVE-2015-3243: Make sure that log files are not created world-readable bsc935393 This update was imported from the SUSE:SLE-12-SP3:Update update project. %NASLMINLEVEL 70300 C Tenable Network...

openSUSE: Security Advisory for rsyslog (openSUSE-SU-2018:2166-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for rsyslog (moderate)

This update for rsyslog fixes the following issues: The following security vulnerability was addressed: CVE-2015-3243: Make sure that log files are not created world-readable bsc935393 This update was imported from the SUSE:SLE-12-SP3:Update update project...

CVE-2016-8637

A local information disclosure issue was found in dracut before 045 when generating initramfs images with world-readable permissions when 'early cpio' is used, such as when including microcode updates. Local attacker can use this to obtain sensitive information from these files, such as encryptio...

Information disclosure

A local information disclosure issue was found in dracut before 045 when generating initramfs images with world-readable permissions when 'early cpio' is used, such as when including microcode updates. Local attacker can use this to obtain sensitive information from these files, such as encryptio...

DEBIAN-CVE-2016-8637

A local information disclosure issue was found in dracut before 045 when generating initramfs images with world-readable permissions when 'early cpio' is used, such as when including microcode updates. Local attacker can use this to obtain sensitive information from these files, such as encryptio...