dotnet: Dump file created world-readable

.NET Core and Visual Studio Information Disclosure Vulnerability...

dotnet: Dump file created world-readable

.NET Core and Visual Studio Information Disclosure Vulnerability...

Low: Red Hat Security Advisory: .NET Core 2.1 security and bugfix update

An update for .NET Core 2.1 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

dotnet: Dump file created world-readable

.NET Core and Visual Studio Information Disclosure Vulnerability...

dotnet: Dump file created world-readable

.NET Core and Visual Studio Information Disclosure Vulnerability...

dotnet: Dump file created world-readable

.NET Core and Visual Studio Information Disclosure Vulnerability...

Moderate: Red Hat Security Advisory: cloud-init security update

An update for cloud-init is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

cloud-init: randomly generated passwords logged in clear-text to world-readable file

A flaw was found in cloud-init. When a system is configured through cloud-init and the "Set Passwords" module is used with "chpasswd" directive and "RANDOM", the randomly generated password for the relative user is written in clear-text in a file readable by any existing user of the system. The...

RLSA-2021:3081 Moderate: cloud-init security update

The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Security Fixes: cloud-init: randomly generated passwords logged in clear-text to...

nginx <= 1.21.1 Information Disclosure Vulnerability

nginx is prone to an information disclosure vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; yo...

PYSEC-2021-125

A flaw was found in Ansible where the secret information present in asyncfiles are getting disclosed when the user changes the jobdir to a world readable directory. Any secret information in an async status file will be readable by a malicious user on that system. This flaw affects Ansible Tower...

PYSEC-2021-125

A flaw was found in Ansible where the secret information present in asyncfiles are getting disclosed when the user changes the jobdir to a world readable directory. Any secret information in an async status file will be readable by a malicious user on that system. This flaw affects Ansible Tower...

CVE-2021-3532

Removed by vendor...

Krane - Kubernetes RBAC Static Analysis And Visualisation Tool

Krane is a simple Kubernetes RBAC static analysis tool. It identifies potential security risks in K8s RBAC design and makes suggestions on how to mitigate them. Krane dashboard presents current RBAC security posture and lets you navigate through its definition. Features RBAC Risk rules - Krane...

Important: Red Hat Security Advisory: pki-core:10.6 security update

An update for the pki-core:10.6 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: pki-core:10.6 security update

The Public Key Infrastructure PKI Core contains fundamental packages required by AlmaLinux Certificate System. Security Fixes: pki-server: Dogtag installer "pkispawn" logs admin credentials into a world-readable log file CVE-2021-3551 The PKI installer "pkispawn" logs admin credentials into a...

CVE-2021-20575

IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. X-Force ID: 199278...

CVE-2021-23021

The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644...

CVE-2021-23021

The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644...

tripleo-ansible: ansible.log file is visible to unprivileged users

A flaw was found in tripleo-ansible. The Ansible log file is readable to all users during stack update and creation. The highest threat from this vulnerability is to data confidentiality...