Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ. Date published : 2017-09-25 https://bugzilla.redhat.com/show_bug.cgi?id=1249182 https://lists.apache.org/thread.html/9e3391878c6840b294155f7ba6ccb47586e317f85c1bbd15c4608bd0@%3Cdev.activemq.apache.org%3E
Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ. Date published : 2017-09-25 https://bugzilla.redhat.com/show_bug.cgi?id=1248809 https://lists.apache.org/thread.html/9e3391878c6840b294155f7ba6ccb47586e317f85c1bbd15c4608bd0@%3Cdev.activemq.apache.org%3E
The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript. Date published : 2017-09-25 https://bugzilla.redhat.com/show_bug.cgi?id=1248804 http://rhn.redhat.com/errata/RHSA-2015-2556.html
Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20. Date published : 2017-09-25 http://www.securityfocus.com/bid/76625 https://bugzilla.redhat.com/show_bug.cgi?id=1260087
The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system. Date published : 2017-09-25 http://www.securityfocus.com/archive/1/536058/100/0/threaded https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01–security-notice-for-ca-privileged-access-manager.html
Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter. Date published : 2017-09-25 http://www.securityfocus.com/archive/1/536058/100/0/threaded...
Multiple hardcoded credentials in Xsuite 2.x. Date published : 2017-09-25 http://www.securityfocus.com/archive/1/536058/100/0/threaded https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01–security-notice-for-ca-privileged-access-manager.html
selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to obtain process listing information via a privilege escalation attack. Date published : 2017-09-25 https://access.redhat.com/security/cve/CVE-2015-0238 https://bugzilla.redhat.com/show_bug.cgi?id=1184739
drivers/net/ethernet/msm/rndis_ipa.c in the Qualcomm networking driver in Android allows remote attackers to execute arbitrary code via a crafted application compromising a privileged process. Date published : 2017-09-25 http://www.securityfocus.com/bid/98197 https://source.android.com/security/bulletin/2017-05-01
Schneider Electric’s ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications to cause unexpected behavior. Client applications affected include...
A vulnerability exists in Schneider Electric’s Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Malicious code installation requires an access to the computer. By placing a specific DLL/OCX...
An information disclosure vulnerability exists in Schneider Electric’s U.motion Builder software versions 1.2.1 and prior in which the system response to error provides more information than should be available to an unauthenticated user. Date...
A vulnerability exists in Schneider Electric’s U.motion Builder software versions 1.2.1 and prior in which the system accepts reboot in session from unauthenticated users, supporting a denial of service condition. Date published : 2017-09-25...
An improper access control vulnerability exists in Schneider Electric’s U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an attacker to execute arbitrary code under...