2198 matches found
[SECURITY] [DSA 3634-1] redis security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3634-1 [email protected] https://www.debian.org/security/ Sebastien Delafond July 30, 2016 https://www.debian.org/security/faq -...
DLA-577-1 redis - security update
Bulletin has no description...
DSA-3634-1 redis - security update
Bulletin has no description...
pulp: Node certificate containing private key stored in world-readable file
It was found that the private key for the node certificate was contained in a world-readable file. A local user could possibly use this flaw to gain access to the private key information in the file...
pulp: Insecure temporary file used when generating certificate for Pulp Nodes
It was found that the private key for the node certificate was contained in a world-readable temporary file. A local user could possibly use this flaw to gain access to the private key information in the temporary file...
pulp: Race condition when generating RSA keys for authenticating messages between server and consumers
It was found that the private RSA key was created in a directory that is world-readable for a small amount of time. A local user could possibly use this flaw to gain access to the private key information in the file...
pulp: Agent certificate containing private key is stored in world-readable file
It was found that the private key for the agent certificate was contained in a world-readable file. A local user could possibly use this flaw to gain access to the private key information in the file...
DEBIAN-CVE-2016-3100
kinit in KDE Frameworks before 5.23.0 uses weak permissions 644 for /tmp/xauth-xxx-y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file...
SQLite3 -- Tempdir Selection Vulnerability
KoreLogic security reports: Affected versions of SQLite reject potential tempdir locations if they are not readable, falling back to '.'. Thus, SQLite will favor e.g. using cwd for tempfiles on such a system, even if cwd is an unsafe location. Notably, SQLite also checks the permissions of '.', b...
Command Line Certificate Examination Utility: certigo
Command Line Certificate Examination Utility Certigo is a utility to examine and validate certificates in a variety of formats. Install To install certigo, simply use: go get -u github.com/square/certigo Note that certigo requires Go 1.6 or later to build. Usage Certigo can read...
CVE-2016-0910
EMC Data Domain OS 5.5 before 5.5.4.0, 5.6 before 5.6.1.004, and 5.7 before 5.7.2.0 stores session identifiers of GUI users in a world-readable file, which allows local users to hijack arbitrary accounts via unspecified vectors...
CVE-2016-0910
EMC Data Domain OS 5.5 before 5.5.4.0, 5.6 before 5.6.1.004, and 5.7 before 5.7.2.0 stores session identifiers of GUI users in a world-readable file, which allows local users to hijack arbitrary accounts via unspecified vectors...
CVE-2016-1581
LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors...
CVE-2016-1582
LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container directory via unspecified vectors...
CVE-2016-1582
LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container directory via unspecified vectors...
CVE-2016-1581
LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors...
Design/Logic Flaw
Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file...
CVE-2016-2142
Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file...
SMB Share Enumeration
This module determines what shares are provided by the SMB service and which ones are readable/writable. It also collects additional information such as share types, directories, files, time stamps, etc. By default, a RubySMB netshareenumall request is done in order to retrieve share information,...
CVE-2016-2142
Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file...