37 matches found
CentOS 8 : virt:rhel (CESA-2019:1268)
The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2019:1268 advisory. - libvirt: wrong permissions in systemd admin-sock due to missing SocketMode parameter CVE-2019-10132 Note that Nessus has not tested for this issue but has...
php: File rename across filesystems may allow unwanted access during processing
An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to...
MGASA-2019-0390 Updated libvirt packages fix security vulnerabilities
Updated libvirt packages fix security vulnerabilities: An information leak which allowed to retrieve the guest hostname under readonly mode CVE-2019-3886. Wrong permissions in systemd admin-sock due to missing SocketMode parameter CVE-2019-10132. Arbitrary file read/exec via...
Updated libvirt packages fix security vulnerabilities
Updated libvirt packages fix security vulnerabilities: An information leak which allowed to retrieve the guest hostname under readonly mode CVE-2019-3886. Wrong permissions in systemd admin-sock due to missing SocketMode parameter CVE-2019-10132. Arbitrary file read/exec via...
php: File rename across filesystems may allow unwanted access during processing
An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to...
CVE-2019-3688 squid: /usr/sbin/pinger packaged with wrong permission
The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the squid user to gain...
CVE-2019-4236
A IBM Spectrum Protect 7.l client backup or archive operation running for an HP-UX VxFS object is silently skipping Access Control List ACL entries from backup or archive if there are more than twelve ACL entries associated with the object in total. As a result, it could allow a local attacker to...
CVE-2019-2257
Wrong permissions in configuration file can lead to unauthorized permission in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W,...
CVE-2019-2257
Wrong permissions in configuration file can lead to unauthorized permission in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W,...
RHEL 8 : Advanced Virtualization (RHSA-2019:1455)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1455 advisory. The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Re...
Information Disclosure
Red Hat Satellite is vulnerable to information disclosure. This is because the pulp-qpid-ssl-cfg script creates certificate files and NSS database files in a world-readable temporary directory rather than permanent installation directory with wrongly assigned permissions which will be corrected...
Mandriva Update for heartbeat MDVA-2010:160-1 (heartbeat)
Check for the Version of heartbeat OpenVAS Vulnerability Test Mandriva Update for heartbeat MDVA-2010:160-1 heartbeat Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify ...
MDVA-2010:160-1 : heartbeat
The heartbeat package in the 2010.0 release had wrong permissions and ownership for /usr/bin/clstatus this prevented it from working correctly. Also when peers were outdated heartbeat didn't failover gracefully. This update fixes both these issues. Update: Packages for 2009.0 and MES5 were missin...
Mandriva Update for heartbeat MDVA-2010:160 (heartbeat)
Check for the Version of heartbeat OpenVAS Vulnerability Test Mandriva Update for heartbeat MDVA-2010:160 heartbeat Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
Mandriva Update for heartbeat MDVA-2010:160 (heartbeat)
Check for the Version of heartbeat OpenVAS Vulnerability Test Mandriva Update for heartbeat MDVA-2010:160 heartbeat Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
CVE-2007-4563
Cosminexus Manager in Cosminexus Application Server 06-50 and later might assign the wrong user's group permissions to logical J2EE server processes, which allows local users to gain privileges...
Debian DSA-830-1 : ntlmaps - wrong permissions
Drew Parsons noticed that the post-installation script of ntlmaps, an NTLM authorisation proxy server, changes the permissions of the configuration file to be world-readable. It contains the user name and password of the Windows NT system that ntlmaps connects to and, hence, leaks them to local...