Lucene search
+L

37 matches found

Tenable Nessus
Tenable Nessus
added 2021/01/29 12:0 a.m.34 views

CentOS 8 : virt:rhel (CESA-2019:1268)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2019:1268 advisory. - libvirt: wrong permissions in systemd admin-sock due to missing SocketMode parameter CVE-2019-10132 Note that Nessus has not tested for this issue but has...

8.8CVSS7.5AI score0.01411EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2020/04/28 4:8 p.m.6 views

php: File rename across filesystems may allow unwanted access during processing

An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to...

7.5CVSS7.2AI score0.07347EPSS
Exploits0References4
OSV
OSV
added 2019/12/15 6:3 p.m.7 views

MGASA-2019-0390 Updated libvirt packages fix security vulnerabilities

Updated libvirt packages fix security vulnerabilities: An information leak which allowed to retrieve the guest hostname under readonly mode CVE-2019-3886. Wrong permissions in systemd admin-sock due to missing SocketMode parameter CVE-2019-10132. Arbitrary file read/exec via...

8.8CVSS6.6AI score0.01411EPSS
Exploits1References6
Mageia
Mageia
added 2019/12/15 6:3 p.m.61 views

Updated libvirt packages fix security vulnerabilities

Updated libvirt packages fix security vulnerabilities: An information leak which allowed to retrieve the guest hostname under readonly mode CVE-2019-3886. Wrong permissions in systemd admin-sock due to missing SocketMode parameter CVE-2019-10132. Arbitrary file read/exec via...

8.8CVSS7.1AI score0.01411EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2019/11/01 1:3 p.m.7 views

php: File rename across filesystems may allow unwanted access during processing

An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to...

7.5CVSS7.2AI score0.07347EPSS
Exploits0References4
Cvelist
Cvelist
added 2019/10/07 2:0 p.m.29 views

CVE-2019-3688 squid: /usr/sbin/pinger packaged with wrong permission

The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the squid user to gain...

5.1CVSS7.2AI score0.00336EPSS
Exploits0References4
OSV
OSV
added 2019/07/22 2:15 p.m.4 views

CVE-2019-4236

A IBM Spectrum Protect 7.l client backup or archive operation running for an HP-UX VxFS object is silently skipping Access Control List ACL entries from backup or archive if there are more than twelve ACL entries associated with the object in total. As a result, it could allow a local attacker to...

4.4CVSS5.8AI score0.00321EPSS
Exploits0References2
NVD
NVD
added 2019/06/14 5:29 p.m.25 views

CVE-2019-2257

Wrong permissions in configuration file can lead to unauthorized permission in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W,...

7.8CVSS7.7AI score0.00182EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/06/14 5:2 p.m.22 views

CVE-2019-2257

Wrong permissions in configuration file can lead to unauthorized permission in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W,...

7.7AI score0.00182EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/06/13 12:0 a.m.63 views

RHEL 8 : Advanced Virtualization (RHSA-2019:1455)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1455 advisory. The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Re...

8.8CVSS7.1AI score0.01553EPSS
Exploits0References13
Veracode
Veracode
added 2019/05/16 2:19 a.m.19 views

Information Disclosure

Red Hat Satellite is vulnerable to information disclosure. This is because the pulp-qpid-ssl-cfg script creates certificate files and NSS database files in a world-readable temporary directory rather than permanent installation directory with wrongly assigned permissions which will be corrected...

5.5CVSS6.4AI score0.03213EPSS
Exploits0References108Affected Software53
OpenVAS
OpenVAS
added 2010/10/19 12:0 a.m.10 views

Mandriva Update for heartbeat MDVA-2010:160-1 (heartbeat)

Check for the Version of heartbeat OpenVAS Vulnerability Test Mandriva Update for heartbeat MDVA-2010:160-1 heartbeat Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify ...

0.3AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2010/10/12 12:0 a.m.12 views

MDVA-2010:160-1 : heartbeat

The heartbeat package in the 2010.0 release had wrong permissions and ownership for /usr/bin/clstatus this prevented it from working correctly. Also when peers were outdated heartbeat didn't failover gracefully. This update fixes both these issues. Update: Packages for 2009.0 and MES5 were missin...

7AI score
Exploits0References1
OpenVAS
OpenVAS
added 2010/06/11 12:0 a.m.11 views

Mandriva Update for heartbeat MDVA-2010:160 (heartbeat)

Check for the Version of heartbeat OpenVAS Vulnerability Test Mandriva Update for heartbeat MDVA-2010:160 heartbeat Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

0.3AI score
Exploits0References2
OpenVAS
OpenVAS
added 2010/06/11 12:0 a.m.13 views

Mandriva Update for heartbeat MDVA-2010:160 (heartbeat)

Check for the Version of heartbeat OpenVAS Vulnerability Test Mandriva Update for heartbeat MDVA-2010:160 heartbeat Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

0.2AI score
Exploits0References2
NVD
NVD
added 2007/08/28 1:17 a.m.20 views

CVE-2007-4563

Cosminexus Manager in Cosminexus Application Server 06-50 and later might assign the wrong user's group permissions to logical J2EE server processes, which allows local users to gain privileges...

4.4CVSS6.5AI score0.00284EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2005/10/05 12:0 a.m.27 views

Debian DSA-830-1 : ntlmaps - wrong permissions

Drew Parsons noticed that the post-installation script of ntlmaps, an NTLM authorisation proxy server, changes the permissions of the configuration file to be world-readable. It contains the user name and password of the Windows NT system that ntlmaps connects to and, hence, leaks them to local...

2.1CVSS5.3AI score0.00364EPSS
Exploits0References2
Rows per page
Query Builder