21 matches found
EUVD-2017-16948
Malware in sbrugna...
RHEL 7 : openstack-octavia (RHSA-2019:0593)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:0593 advisory. The OpenStack Load Balancing service openstack-octavia provides a Load Balancing-as-a-Service LBaaS version 2 implementation for Red Hat OpenStack...
UBUNTU-CVE-2021-3429
When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user...
Default credentials
When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user...
CVE-2021-3429
When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user...
SUSE CVE-2021-3429
When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user...
Important: Red Hat Security Advisory: pki-core:10.6 security update
An update for the pki-core:10.6 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: pki-core:10.6 security update
The Public Key Infrastructure PKI Core contains fundamental packages required by AlmaLinux Certificate System. Security Fixes: pki-server: Dogtag installer "pkispawn" logs admin credentials into a world-readable log file CVE-2021-3551 The PKI installer "pkispawn" logs admin credentials into a...
Medium: cloud-init
Issue Overview: A flaw was found in cloud-init, where it uses the random.choice function when creating sensitive random strings used for generating a random password in new instances. Depending on the instance configuration, a remote or local attacker may abuse this vulnerability to guess the...
Design/Logic Flaw
IBM Verify Gateway IVG 1.0.0 and 1.0.1 could disclose potentially sensitive information to an authenticated user due to world readable log files. IBM X-Force ID: 179484...
CVE-2013-1771
The web server Monkeyd produces a world-readable log /var/log/monkeyd/master.log on gentoo...
CVE-2013-1771
The web server Monkeyd produces a world-readable log /var/log/monkeyd/master.log on gentoo...
CVE-2013-1771
The web server Monkeyd produces a world-readable log /var/log/monkeyd/master.log on gentoo...
CVE-2019-3891
It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify the database and prevent Satellite from fetching...
Information disclosure
Samsung Android devices with L5.0/5.1, M6.0, and N7.x software allow attackers to obtain sensitive information by reading a world-readable log file after an unexpected reboot. The Samsung ID is SVE-2017-8290...
PT-2013-1900 · Red Hat · Red Hat Enterprise Virtualization Manager
Name of the Vulnerable Software and Affected Versions: Red Hat Enterprise Virtualization Manager versions 3.1 and earlier Description: The issue affects the domain management tool, specifically when the validate action is enabled, causing the administrative password to be logged to a world-readab...
katello: pulp admin password logged in plaintext in world-readable katello/production.log
Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in a world-readable file, which allows local users to read pulp administrative passwords by reading production.log...
MySQL < 3.22 Readable Logs
The version of MySQL installed on the remote host reportedly creates world-readable log files, thus allowing local users to get sensitive information, such as the passwords for newly created users. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid17815;...
AuditWizard information leak
Administrator password is logged into world-readable log file...
CVE-2002-1470
SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext administrative password via a GET request to port 8001, which causes the password to be logged in the world-readable scserv.log file...