CVE-2018-0392

A vulnerability in the CLI of Cisco Policy Suite could allow an authenticated, local attacker to access files owned by another user. The vulnerability is due to insufficient access control permissions i.e., World-Readable. An attacker could exploit this vulnerability by logging in to the CLI. An...

Linux Ubuntu - Other Users coredumps can be read via setgid Directory and killpriv Bypass Exploit

Exploit for linux platform in category dos / poc / Note: I am both sending this bug report to email protected and filing it in the Ubuntu bugtracker because I can't tell whether this counts as a kernel bug or as a Ubuntu bug. You may wish to talk to each other to determine the best place to fix...

Security Bulletin: IBM Security Access Manager for Web is affected by a vulnerability in the WebSEAL HTTPTransformation request processing (CVE-2015-4963)

Summary IBM Security Access Manager for Web is affected by a vulnerability in the processing of HTTPTransformation requests in WebSEAL. This vulnerability could allow a remote attacker to gain access to readable/writable files on the system. Vulnerability Details CVEID: CVE-2015-4963 DESCRIPTION:...

Cisco Prime Collaboration Provisioning Information Disclosure Vulnerability (CNVD-2018-11350)

Cisco Prime Collaboration Provisioning PCP is a set of Web-based, next-generation communications services software from Cisco. The software provides IP communication service features for IP telephony, voice mail and unified communications environments. An information disclosure vulnerability exis...

CVE-2018-0335

A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to improper logging of authentication data. An attacker could exploit this vulnerability by monitoring...

openstack-tripleo-heat-templates: Ceph client keyring is world-readable when deployed by director

A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack...

openstack-tripleo-heat-templates: Ceph client keyring is world-readable when deployed by director

A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack...

CVE-2016-9590

puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage swift. During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf...

CVE-2016-9590

puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage swift. During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf...

DEBIAN-CVE-2016-9590

puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage swift. During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf...

UBUNTU-CVE-2016-9590

puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage swift. During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf...

CVE-2016-9590

puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage swift. During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf...

CVE-2016-9590

puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage swift. During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf...

openstack-tripleo-heat-templates: Ceph client keyring is world-readable when deployed by director

A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack...

File Permission Manipulation Via Symlink Attack

hadoop-common-yarn is vulnerable to file permission manipulation. Using a symlink attack in a public tar archive, attackers can change the permissions on files to be world-readable...

Information disclosure

Zarafa Collaboration Platform 4.1 uses world-readable permissions for /etc/zarafa/license, which allows local users to obtain sensitive information by reading license files...

CVE-2014-5450

Zarafa Collaboration Platform 4.1 uses world-readable permissions for /etc/zarafa/license, which allows local users to obtain sensitive information by reading license files...

CVE-2014-5450

CVE-2014-5450 concerns Zarafa Collaboration Platform 4.1, where /etc/zarafa/license was created with world-readable permissions, enabling local users to read license files and disclose sensitive information. Public sources in connected documents indicate this issue stems from incorrect default pe...

openSUSE Security Update : postgresql94 (openSUSE-2018-257)

This update for postgresql94 fixes the following issues : PostgreSQL was updated to version 9.4.15, the full release notes are here : https://www.postgresql.org/docs/9.4/static/release-9-4-15.html - CVE-2018-1053: Ensure that all temporary files made by pgupgrade are non-world-readable. bsc107798...

SUSE SLED12 / SLES12 Security Update : postgresql94 (SUSE-SU-2018:0675-1)

This update for postgresql94 fixes the following issues: PostgreSQL was updated to version 9.4.15, the full release notes are here: https://www.postgresql.org/docs/9.4/static/release-9-4-15.html - CVE-2018-1053: Ensure that all temporary files made by pgupgrade are non-world-readable. bsc1077983...