CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2019-3684 – susemanager installer creates world-readable swap files
https://notcve.org/view.php?id=CVE-2019-3684
SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade created world-readable swap files on systems that don't have a swap already configured and don't have btrfs as filesystem SUSE Manager hasta la versión 4.0.7 y Uyuni hasta la confirmación 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade crearon archivos swap con permisos de lectura global en sistemas que no tienen un swap ya configurado y no tienen btrfs como sistema de archivos. • https://bugzilla.suse.com/show_bug.cgi?id=1131954 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 3.8EPSS: 0%CPEs: 6EXPL: 0CVE-2017-7995
https://notcve.org/view.php?id=CVE-2017-7995
Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL. Xen PV guest anterior a Xen 4.3 chequea los permisos de acceso a los rangos MMIO sólo después de acceder a ellos, lo que permite leer en un dispositivo de memoria PCI, dando lugar a la divulgación de información. Se trata de un error en la función get_user. • http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00005.html http://www.securityfocus.com/bid/98314 https://bugzilla.suse.com/show_bug.cgi?id=1033948 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4949
https://notcve.org/view.php?id=CVE-2016-4949
Cloudera Manager 5.5 and earlier allows remote attackers to obtain sensitive information via a (1) stderr.log or (2) stdout.log value in the filename parameter to /cmf/process/<process_id>/logs. Cloudera Manager 5.5 y versiones anteriores permite a atacantes remotos obtener información sensible a través de un valor (1) stderr.log o (2) stdout.log en el parámetro filename para /cmf/process//logs. • http://2016.hack.lu/archive/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20vulnerabilities%20-%20v1.0.pdf http://www.securityfocus.com/bid/93882 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4950
https://notcve.org/view.php?id=CVE-2016-4950
Cloudera Manager 5.5 and earlier allows remote attackers to enumerate user sessions via a request to /api/v11/users/sessions. Cloudera Manager 5.5 y versiones anteriores permite a atacantes remotos enumerar sesiones de usuario a través de una solicitud a /api/v11/users/sessions. • http://2016.hack.lu/archive/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20vulnerabilities%20-%20v1.0.pdf http://www.securityfocus.com/bid/93879 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4948
https://notcve.org/view.php?id=CVE-2016-4948
Multiple cross-site scripting (XSS) vulnerabilities in Cloudera Manager 5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Template Name field when renaming a template; (2) KDC Server host, (3) Kerberos Security Realm, (4) Kerberos Encryption Types, (5) Advanced Configuration Snippet (Safety Valve) for [libdefaults] section of krb5.conf, (6) Advanced Configuration Snippet (Safety Valve) for the Default Realm in krb5.conf, (7) Advanced Configuration Snippet (Safety Valve) for remaining krb5.conf, or (8) Active Directory Account Prefix fields in the Kerberos wizard; or (9) classicWizard parameter to cmf/cloudera-director/redirect. Múltiples vulnerabilidades de XSS en Cloudera Manager 5.5 y versiones anteriores permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de los campos (1) Template Name cuando renombra una plantilla; (2) KDC Server host, (3) Kerberos Security Realm, (4) Kerberos Encryption Types, (5) Advanced Configuration Snippet (Safety Valve) para la sección [libdefaults] de krb5.conf, (6) Advanced Configuration Snippet (Safety Valve) para el Default Realm en krb5.conf, (7) Advanced Configuration Snippet (Safety Valve) para el restante krb5.conf, o (8) Active Directory Account Prefix en el asistente de Kerberos; o (9) el parámetro classicWizard para cmf/cloudera-director/redirect. • http://2016.hack.lu/archive/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20vulnerabilities%20-%20v1.0.pdf http://www.securityfocus.com/bid/93878 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •