CVE-2016-2142

Red Hat OpenShift Enterprise 3.1 is affected by CVE-2016-2142. The issue arises from world-readable permissions on the /etc/origin/master/master-config.yaml file, allowing local users to read Active Directory credentials stored there. The vulnerability is a local-privilege/read-credential disclos...

LXD Path Read Vulnerability

LXD is a container for managing applications on Linux-based systems. LXD fails to properly set permissions when converting the container to privileged mode, allowing a local attacker to exploit the vulnerability to access arbitrary globally readable paths in the container directory...

UBUNTU-CVE-2016-1582

LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container directory via unspecified vectors...

Pulp Information Disclosure Vulnerability (CNVD-2016-03574)

Pulp is a free and open source repository platform for managing content. The platform supports pushing content from software packages to consumers. An information disclosure vulnerability exists in Pulp that stems from a Node certificate being installed in a globally readable form. An attacker ca...

Pulp Private Key Read Vulnerability (CNVD-2016-03572)

Pulp is a free and open source repository platform for managing content. The platform supports pushing content from software packages to consumers. A private key read vulnerability exists in Pulp that stems from the fact that the pulp.spec file is globally readable at certain times. An attacker...

openshift: Bind password for AD account is stored in world readable file

An access flaw was discovered in OpenShift; the /etc/origin/master/master-config.yaml configuration file, which could contain Active Directory credentials, was world-readable. A local user could exploit this flaw to obtain authentication credentials from the master-config.yaml file...

Moderate: Red Hat Security Advisory: openshift security update

Updated openshift packages that fix one security issue are now available for Red Hat OpenShift Enterprise 3.1. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

openSUSE Security Update : quagga (openSUSE-2016-456)

quagga was updated to fix one security issue. This security issue was fixed : - boo770619: /etc/quagga and its contents were world-readable despite containing passwords. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

Pulp CA Key Read Vulnerability

Pulp is a free and open source platform for managing repositories of content. A key reading vulnerability exists in Pulp's pulp-gen-ca-certificate script, which originates when the program creates a private key in a globally readable file. A local attacker could exploit the vulnerability to read...

New Relic: https://rpm.newrelic.com/.htaccess file is world readable

Normally, only the web server is allowed to read the .htaccess file, but in this case, it appears that there is a misconfiguration that is causing the contents of the .htaccess located at https://rpm.newrelic.com/.htaccess to become world readable, as you can see from the information below and th...

Fedora 23 : krb5-1.14-6.fc23 (2016-35cee11780)

Fix krb5kdc.log being world-readable by default. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

CVE-2015-2012

The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable permissions for a cleartext file containing the SSL keystore password, which allows local users to obtain sensitive information by reading this file...

CVE-2015-7328

Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority CA certificate during the initial installation and configuration, which might allow local users to obtain sensitive...

CVE-2015-7328

Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority CA certificate during the initial installation and configuration, which might allow local users to obtain sensitive...

Design/Logic Flaw

Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority CA certificate during the initial installation and configuration, which might allow local users to obtain sensitive...

Design/Logic Flaw

Fortinet FortiClient Linux SSLVPN before build 2313, when installed on Linux in a home directory that is world readable and executable, allows local users to gain privileges via the helper/subroc setuid program...

CVE-2015-7328

Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority CA certificate during the initial installation and configuration, which might allow local users to obtain sensitive...

CVE-2015-7328

Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority CA certificate during the initial installation and configuration, which might allow local users to obtain sensitive...

keepassx: information disclosure

It was found that XML export function creates hidden XML file containing user passwords in plaintext without warning, when the export is canceled, which may go unnoticed by the user. In this case the password database was exported as the file .xml in the current working directory often $HOME or t...

RedHat Update for openhpi RHSA-2015:2369-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...