SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6. Date published : 2019-11-26 http://www.securityfocus.com/bid/47919 https://bugs.php.net/bug.php?id=47802
lilo-uuid-diskid causes lilo.conf to be world-readable in lilo 23.1. Date published : 2019-11-26 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615103 https://access.redhat.com/security/cve/cve-2011-1934
SQL injection vulnerability in Jifty::DBI before 0.68. Date published : 2019-11-26 https://metacpan.org/changes/distribution/Jifty-DBI https://access.redhat.com/security/cve/cve-2011-1933
The Fast Secure Contact Form plugin before 4.0.38 for WordPress allows fs_contact_form1[welcome] XSS. Date published : 2019-11-26 https://cybersecurityworks.com/zerodays/cve-2015-9539-fastsecure.html https://github.com/amansaini/fast-secure-contact-form
The NextGEN Gallery plugin before 2.1.15 for WordPress allows ../ Directory Traversal in path selection. Date published : 2019-11-26 https://cxsecurity.com/issue/WLB-2015080165 https://cybersecurityworks.com/zerodays/cve-2015-9538-nextgen.html
The NextGEN Gallery plugin before 2.1.10 for WordPress has multiple XSS issues involving thumbnail_width, thumbnail_height, thumbwidth, thumbheight, wmXpos, and wmYpos, and template. Date published : 2019-11-26 https://cybersecurityworks.com/zerodays/cve-2015-9537-nextgen.html https://github.com/cybersecurityworks/Disclosed/issues/1
In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used. Date published : 2019-11-26 https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_gd2_r25_2v
There is Sensitive Information in Cloudera Manager before 5.4.6 Diagnostic Support Bundles. Date published : 2019-11-26 https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_alalsdfkl4320_lfsk30f__l2k3jfsw34__39
Multiple cross-site scripting (XSS) vulnerabilities in the Cloudera Manager UI before 5.4.3 allow remote authenticated users to inject arbitrary web script or HTML using unspecified vectors. Date published : 2019-11-26
Cloudera Manager 5.7.x before 5.7.6, 5.8.x before 5.8.4, and 5.9.x before 5.9.1 allows XSS in the help search feature. Date published : 2019-11-26 https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_210
Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler. Date published : 2019-11-26 https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_165
Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles. Date published : 2019-11-26 https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb-166
In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges. Date published : 2019-11-26 https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#id_nd4_xkr_1cb
Cloudera Manager 5.x before 5.7.1 places Sensitive Data in cleartext Readable Files. Date published : 2019-11-26 https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_134