Red Hat Ansible 信息泄露漏洞

Red Hat Ansible is a computer system configuration manager from Red Hat, an American company. The product can be used to distribute, manage, and organize computer systems. An information disclosure vulnerability exists in Red Hat Ansible. When a user changes the jobdir to a world-readable...

PT-2021-19593 · Red Hat · Tripleo-Ansible

Name of the Vulnerable Software and Affected Versions: tripleo-ansible version as shipped in Red Hat Openstack 16.1 Description: A flaw was found in the software, where the Ansible log file is readable to all users during stack update and creation. The highest threat from this vulnerability is to...

CVE-2020-4039

SUSI.AI is an intelligent Open Source personal assistant. SUSI.AI Server before version d27ed0f has a directory traversal vulnerability due to insufficient input validation. Any admin config and file readable by the app can be retrieved by the attacker. Furthermore, some files can also be moved o...

tripleo-ansible 信息泄露漏洞

tripleo-ansible is an application. Ansible scripts, roles and plugins for TripleO. An information disclosure vulnerability exists in tripleo-ansible. The vulnerability stems from the Ansible log file being readable to all users during stack updates and creation...

SUSE: Security Advisory (SUSE-SU-2018:0507-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-F4JH-WW96-9H9J Netflix/Priam: Temporary Directory Information Disclosure

Impact When File.createTempFile creates a file, the permissions on that file are -rw-r--r--. This means that other users can read the contents of these files after they are written, although they can not modify the contents. This allows for local information disclosure if these files contain...

Information Disclosure

cloud-init is vulnerable to Information Disclosure. When a user specified configuration which would generate random passwords for users, cloud-init causes those passwords to be written to the serial console by emitting them on stderr. In the default configuration, any stdout or stderr emitted by...

Medium: cloud-init

Issue Overview: A flaw was found in cloud-init, where it uses the random.choice function when creating sensitive random strings used for generating a random password in new instances. Depending on the instance configuration, a remote or local attacker may abuse this vulnerability to guess the...

Medium: cloud-init

Issue Overview: A vulnerability was discovered in cloud-init which can improperly disclose randomly generated passwords as part of the chpasswd module. The fix prevents the generated password from being written to a world-readable log file on the local disk. CVE-2021-3429 Affected Packages:...

Security Bulletin: IBM Verify Gateway PAM components do not set restricted access permission for debug logs (CVE-2020-4405)

Summary To debug the IBM Verify Gateway IVG PAM components, customers can add "trace-file" parameters in the PAM configuration so that .log files are written to the /tmp directory. These debug logs potentially contain sensitive information, and yet they default to world readable. They should have...

Debian DSA-4850-1 : libzstd - security update

It was discovered that zstd, a compression utility, temporarily exposed a world-readable version of its input even if the original file had restrictive permissions. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory...

[SECURITY] [DSA 4850-1] libzstd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4850-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 10, 2021 https://www.debian.org/security/faq -...

[SECURITY] Fedora 33 Update: czmq-4.2.1-1.fc33

CZMQ has the following goals: i To wrap the =EF=BF=BD=EF=BF=BDMQ core API in semantics that are natura l and lead to shorter, more readable applications. ii To hide the differences between versions of =EF=BF=BD=EF=BF=BDMQ. iii To provide a space for development of more sophisticated API semantics...

CVE-2021-25276

In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files that include users' password hashes that is world readable and writable. An unprivileged Windows user having access to the server's filesystem can add an FTP user by copying a valid profile file to thi...

CVE-2021-25275

SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by unprivileged users. As a result, any user having access to the filesystem can read database login...

SolarWinds Serv-U FTP Server Authorization Issues Vulnerability

SolarWinds Serv-U FTP Server is a suite of FTP and MFT file transfer software from the US-based SolarWinds Corporation. A security vulnerability exists in SolarWinds Serv-U before 15.2.2 Hotfix 1, which stems from a directory containing a user configuration file which includes a user's password...

Medium: targetcli

Issue Overview: An access flaw was found in targetcli, where the /etc/target and underneath backup directory/files were world-readable. This flaw allows a local attacker to access potentially sensitive information such as authentication credentials from the /etc/target/saveconfig.json and backup...

The vulnerability of the SCADA system MasterSCADA, related to the storage of passwords in a decipherable format, allows a intruder to decrypt the protected control project.

The vulnerability of the SCADA system MasterSCADA relates to the storage of passwords in a readable format. Exploiting this vulnerability could allow an attacker to decrypt the passwords and access the protected project...

targetcli: weak permissions for /etc/target and backup files

An access flaw was found in targetcli, where the /etc/target and underneath backup directory/files were world-readable. This flaw allows a local attacker to access potentially sensitive information such as authentication credentials from the /etc/target/saveconfig.json and backup files. The highe...

CVE-2020-4906

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 allows web pages to be stored locally which can be read by another user on the system...