coreos-installer: restrict access permissions on /boot/ignition{,/config.ign}

A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local attacker to have read access to potentially sensitive data. The highest threat from this vulnerability is to confidentiality...

Mozilla Firefox Security Advisory (MFSA2012-09) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

coreos-installer < 0.10.0 writes world-readable Ignition config to installed system

Impact On systems installed with coreos-installer before 0.10.0, the user-provided Ignition config was written to /boot/ignition/config.ign with world-readable permissions, granting unprivileged users access to any secrets included in the config. Default configurations of Fedora CoreOS and RHEL...

PT-2021-22427 · Unknown · Coreos-Installer

Name of the Vulnerable Software and Affected Versions: coreos-installer versions prior to 0.10.0 Description: A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local attacker to have read...

CVE-2021-3917

A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local attacker to have read access to potentially sensitive data. The highest threat from this vulnerability is to confidentiality...

Security update for wireguard-tools (moderate)

openSUSE Security Update: Security update for wireguard-tools Announcement ID: openSUSE-SU-2021:1425-1 Rating: moderate References: 1191224 Affected Products: openSUSE Leap 15.2 An update that contains security fixes can now be installed. Description: This update for wireguard-tools fixes the...

openSUSE: Security Advisory for wireguard-tools (openSUSE-SU-2021:3527-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OPENSUSE-SU-2021:3527-1 Security update for wireguard-tools

This update for wireguard-tools fixes the following issues: - Removed world-readable permissions from /etc/wireguard bsc1191224...

coreos-installer: restrict access permissions on /boot/ignition{,/config.ign}

A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local attacker to have read access to potentially sensitive data. The highest threat from this vulnerability is to confidentiality...

CVE-2020-4805

IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189539...

RHEL 8 : cloud-init (RHSA-2021:3371)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2021:3371 advisory. The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to...

cloud-init: randomly generated passwords logged in clear-text to world-readable file

A flaw was found in cloud-init. When a system is configured through cloud-init and the "Set Passwords" module is used with "chpasswd" directive and "RANDOM", the randomly generated password for the relative user is written in clear-text in a file readable by any existing user of the system. The...

jersey: Local information disclosure via system temporary directory

Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this file are...

cloud-init: randomly generated passwords logged in clear-text to world-readable file

A flaw was found in cloud-init. When a system is configured through cloud-init and the "Set Passwords" module is used with "chpasswd" directive and "RANDOM", the randomly generated password for the relative user is written in clear-text in a file readable by any existing user of the system. The...

OPENSUSE-SU-2021:2682-1 Security update for rpm

This update for rpm fixes the following issues: - Changed default package verification level to 'none' to be compatible to rpm-4.14.1 - Made illegal obsoletes a warning - Fixed a potential access of freed mem in ndb's glue code bsc1179416 - Added support for enforcing signature policy and payload...

RHEL 8 : .NET Core 2.1 (RHSA-2021:3145)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3145 advisory. .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

RHEL 8 : .NET 5.0 (RHSA-2021:3148)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3148 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

CentOS 8 : cloud-init (CESA-2021:3081)

The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2021:3081 advisory. - cloud-init: randomly generated passwords logged in clear-text to world-readable file CVE-2021-3429 Note that Nessus has not tested for this issue but has...

RHEL 7 : .NET 5.0 on RHEL 7 (RHSA-2021:3147)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3147 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

CentOS 8 : .NET 5.0 (CESA-2021:3148)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:3148 advisory. - dotnet: ASP.NET Core WebSocket frame processing DoS CVE-2021-26423 - dotnet: Dump file created world-readable CVE-2021-34485 - dotnet: ASP.NET Core J...