PT-2025-38576

Name of the Vulnerable Software and Affected Versions: Cloudflare Vite plugin versions prior to 1.6.0 Description: The Cloudflare Vite plugin, when used with its default configuration, exposes files from the root directory via the local development server. This includes sensitive files such as .e...

rear: creates a world-readable initrd

A vulnerability has been identified in Relax-and-Recover ReaR, where the use of GRUBRESCUE=y results in the creation of an initrd that is readable by anyone. This flaw could potentially enable local attackers to obtain access to system secrets that are typically restricted to root privileges...

Medium: rear

Issue Overview: Relax-and-Recover aka ReaR through 2.7 creates a world-readable initrd when using GRUBRESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root. CVE-2024-23301 Affected Packages: rear Note: This advisory is applicable to Amazon Linux 2...

DEBIAN-CVE-2024-23301

Relax-and-Recover aka ReaR through 2.7 creates a world-readable initrd when using GRUBRESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root...

UBUNTU-CVE-2024-23301

Relax-and-Recover aka ReaR through 2.7 creates a world-readable initrd when using GRUBRESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root...

PT-2024-1137

Name of the Vulnerable Software and Affected Versions Relax-and-Recover aka ReaR versions 2.7 and earlier Description The issue is related to information disclosure. It allows local attackers to gain access to system secrets that are otherwise only readable by root. This occurs when using GRUB...