rhnsd Denial of Service Vulnerability

rhnsd is a network service daemon in Linux. A security vulnerability exists in rhnsd that stems from the program creating the PID file as globally readable. A local attacker could exploit this vulnerability to cause a denial of service...

CVE-2011-3177

Summary: CVE-2011-3177 concerns YaST2 network creating files with world-readable permissions, allowing local users to read sensitive network config data (e.g., wireless passwords). Affected components: YaST2 network handling; YaST2 network configuration files. Root cause (as documented): Files cr...

CVE-2017-3163

When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path...

CVE-2017-3163

When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path...

Open Distributed Threat Intelligence: Yeti

Yeti is a platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository. Yeti will also automatically enrich observables e.g. resolve domains, geolocate IPs so that you don’t have to. Yeti provides an interface for humans shiny...

CVE-2017-1000362

The re-key admin monitor was introduced in Jenkins 1.498 and re-encrypted all secrets in JENKINSHOME with a new key. It also created a backup directory with all old secrets, and the key used to encrypt them. These backups were world-readable and not removed afterwards. Jenkins now deletes the...

Lenovo Connect2 Information Disclosure Vulnerability

Lenovo Connect2 is a free management tool for transferring content between computers and cell phones from the Chinese company Lenovo. A security vulnerability exists in Lenovo Connect2 that stems from the program storing ad-hoc connection passwords in a user-readable location. An attacker could u...

CVE-2017-3742

In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for this ad-hoc connection will be stored in a user-readable location. An attacker with read access to t...

CVE-2017-1000362

The re-key admin monitor was introduced in Jenkins 1.498 and re-encrypted all secrets in JENKINSHOME with a new key. It also created a backup directory with all old secrets, and the key used to encrypt them. These backups were world-readable and not removed afterwards. Jenkins now deletes the...

openstack-mistral: /var/log/mistral/ is world readable

An accessibility flaw was found in the OpenStack Workflow mistral service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information...

Mosquitto Information Disclosure Vulnerability

Eclipse Mosquitto is an open source messaging agent software from the Eclipse Foundation . A security vulnerability exists in Eclipse Mosquitto 1.4.12 and earlier versions, which stems from the program setting the mosquitto.db file as globally readable. A local attacker could exploit the...

Design/Logic Flaw

The event scripts in Automatic Bug Reporting Tool ABRT uses world-readable permission on a copy of sosreport file in problem directories, which allows local users to obtain sensitive information from /var/log/messages via unspecified vectors...

CVE-2015-1870

The event scripts in Automatic Bug Reporting Tool ABRT uses world-readable permission on a copy of sosreport file in problem directories, which allows local users to obtain sensitive information from /var/log/messages via unspecified vectors...

CVE-2015-1870

The event scripts in Automatic Bug Reporting Tool ABRT uses world-readable permission on a copy of sosreport file in problem directories, which allows local users to obtain sensitive information from /var/log/messages via unspecified vectors...

CVE-2015-1870

Mode C: The connected MiracleLinux 4 advisory references CVE-2015-1870 affecting abrt (Automatic Bug Reporting Tool) and libreport (abrt-2.0.8-26.1.0.1.AXS4, libreport-2.0.9-21.1.0.1.AXS4). The vulnerability arises from event scripts using world-readable permissions on a copy of sosreport files i...

CVE-2017-9615

Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-readable file...

CVE-2017-9615

Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-readable file...

Arbitrary file deletion

Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-readable file...

DEBIAN-CVE-2017-9868

In Mosquitto through 1.4.12, mosquitto.db aka the persistence file is world readable, which allows local users to obtain sensitive MQTT topic information...

CVE-2017-9868

In Mosquitto through 1.4.12, mosquitto.db aka the persistence file is world readable, which allows local users to obtain sensitive MQTT topic information...