Puppet Enterprise 2015.3 before 2015.3.1 allows remote attackers to bypass a host whitelist protection mechanism by leveraging the Puppet communications protocol. Date published : 2016-04-11 https://puppetlabs.com/security/cve/cve-2015-7330 http://www.securitytracker.com/id/1034550
The CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values, which might allow attackers to execute arbitrary commands by leveraging a crafted LDAP entry that...
The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for remote attackers to obtain access to...
Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary...
The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter. Date published :...
Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary hosts or (2) remote authenticated users...
The Policy Admin Tool in Apache Ranger before 0.5.0 allows remote authenticated users to bypass intended access restrictions via direct access to module URLs. Date published : 2016-04-11 http://www.securityfocus.com/bid/76221 https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger
Cross-site scripting (XSS) vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header. Date published : 2016-04-11 http://www.securityfocus.com/bid/76208...
Huawei Quidway S9700, S5700, S5300, S9300, and S7700 switches with software before V200R003SPH012 allow remote attackers to cause a denial of service (switch restart) via crafted traffic. Date published : 2016-04-11 http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160330-01-switch-en
Huawei E3276s USB modems with software before E3276s-150TCPU-V200R002B436D09SP00C00 allow man-in-the-middle attackers to intercept, spoof, or modify network traffic via unspecified vectors related to a fake network. Date published : 2016-04-11 http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160330-01-dongle-en
SQL injection vulnerability in Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to system databases. Date published : 2016-04-11 http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160325-01-policycenter-en
SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter. Date published : 2016-04-11 http://www.securityfocus.com/bid/85806 http://seclists.org/fulldisclosure/2016/Apr/4
The (1) brin_page_type and (2) brin_metapage_info functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and consequently obtain sensitive server memory information or cause a...
Lenovo Fingerprint Manager before 8.01.57 and Touch Fingerprint before 1.00.08 use weak ACLs for unspecified (1) services and (2) files, which allows local users to gain privileges by invalidating local checks. Date published :...