1683 matches found
MiracleLinux 9 : rpm-ostree-2024.3-3.el9_4 (AXSA:2024-8423:04)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8423:04 advisory. rpm-ostree: world-readable /etc/shadow file 9.4.z JIRA:RHEL-31852 CVE-2024-2905 A security vulnerability has been discovered within rpm-ostree, pertaining to...
MiracleLinux 9 : rear-2.6-21.el9_3.ML.1 (AXSA:2024-7585:02)
The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-7585:02 advisory. rear: creates a world-readable initrd CVE-2024-23301 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...
MiracleLinux 8 : rear-2.6-11.el8_9.ML.1 (AXSA:2024-7666:06)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-7666:06 advisory. rear: creates a world-readable initrd CVE-2024-23301 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...
MiracleLinux 8 : cloud-init-20.3-10.el8.5 (AXSA:2021-2312:08)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-2312:08 advisory. cloud-init: randomly generated passwords logged in clear-text to world-readable file CVE-2021-3429 Tenable has extracted the preceding description block...
MiracleLinux 8 : dotnet-2.1.525-1.el8.ML.1 (AXSA:2021-2361:07)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2361:07 advisory. dotnet: Dump file created world-readable CVE-2021-34485 Default inclusions for applications built with .NET Core have been updated to reference the newest...
MiracleLinux 8 : dotnet3.1-3.1.118-1.el8.ML.1 (AXSA:2021-2354:08)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2354:08 advisory. dotnet: ASP.NET Core WebSocket frame processing DoS CVE-2021-26423 dotnet: Dump file created world-readable CVE-2021-34485 dotnet: ASP.NET Core JWT...
MiracleLinux 4 : dracut-004-336.AXS4.2 (AXSA:2014-007:01)
The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2014-007:01 advisory. dracut is a new, event-driven initramfs infrastructure based around udev. Security issues fixed with this release: CVE-2012-4453 dracut.sh in dracut creates...
MiracleLinux 4 : libguestfs-1.16.19-1.0.1.AXS4 (AXSA:2012-585:02)
The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-585:02 advisory. Libguestfs is a library for accessing and modifying guest disk images. Amongst the things this is good for: making batch configuration changes to guests,...
Astra Linux – Vulnerability in libvirt
A flaw was discovered in libvirt. External inactive snapshots of shut-down virtual machines are created as being accessible to everyone on the network, allowing unprivileged users to inspect the contents of the guest operating systems. This leads to an information disclosure vulnerability...
CVE-2016-10819
In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd SEC-125...
SUSE-SU-2026:20050-1 Security update for libvirt
This update for libvirt fixes the following issues: Security issues fixed: - CVE-2025-13193: external inactive snapshots for shut-down VMs that are incorrectly created as world-readable allow unprivileged users to inspect guest OS contents bsc1253703. - CVE-2025-12748: parsing of user-provided XM...
CVE-2017-18424
In cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable when rebuilt SEC-274...
CVE-2017-18428
In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing SEC-290...
CVE-2011-0178
The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 provides a world-readable directory in response to a call with the kTemporaryFolderType flag, which allows local users to obtain potentially sensitive information by accessing this directory...
CVE-1999-0712
A vulnerability in Caldera Open Administration System COAS allows the /etc/shadow password file to be made world-readable...
CVE-2019-16061
A number of files on the NETSAS Enigma NMS server 65.0.0 and prior are granted weak world-readable and world-writable permissions, allowing any low privileged user with access to the system to read sensitive data e.g., .htpasswd and create/modify/delete content e.g., under /var/www/html/docs with...
Unity Linux 20.1070e Security Update: libvirt (UTSA-2025-993329)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993329 advisory. A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivileged users to...
OESA-2025-2894 libvirt security update
Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd server exporting the virtualization support. Security Fixes: A flaw was found in libvirt. External inactive snapshots for shut-down VMs are...
OESA-2025-2893 libvirt security update
Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd server exporting the virtualization support. Security Fixes: A flaw was found in libvirt. External inactive snapshots for shut-down VMs are...
[SECURITY] [DLA 4400-1] rear security update
Debian LTS Advisory DLA-4400-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert December 10, 2025 https://wiki.debian.org/LTS Package : rear Version : 2.6+dfsg-1+deb11u1 CVE ID : CVE-2024-23301 Debian Bug : 1060747 It has been discovered that Relax-and-Recover aka...