[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 32052 Download | Alert*

memcached: A high-performance memory object caching system Several security issues were fixed in Memcached.

It was discovered that Puppet, a centralized configuration management solution, misgenerated certificates if the "certdnsnames" option was used. This could lead to man in the middle attacks

Multiple security issues have been discovered in puppet, a centralized configuration management system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-3848 Kristian Erik Hermansen reported that an unauthenticated directory traversal could drop any valid X.509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master ...

The Samba Web Administration Tool contains several cross-site request forgery vulnerabilities and a cross-site scripting vulnerability .

samba: SMB/CIFS file, print, and login server for Unix An attacker could use a malicious URL to reconfigure Samba or steal information.

It was discovered that Puppet did not drop supplementary groups when being run as a different user. A local user may be able to use this flaw to bypass security restrictions and gain access to restricted files. It was discovered that Puppet did not correctly handle temporary files. A local user can exploit this flaw to bypass security restrictions and overwrite arbitrary files

It was discovered that the pg_ctlcluster, pg_createcluster and pg_upgradecluster commands handled symbolic links insecurely which could result in local denial of service by overwriting arbitrary files.

Han Han of Red Hat discovered that augeas, a configuration editing tool, improperly handled some escaped strings. A remote attacker could leverage this flaw by sending maliciously crafted strings, thus causing an augeas-enabled application to crash or potentially execute arbitrary code.

augeas: Configuration editing tool Augeas could be made to crash if it received specially crafted input.

Calum Hutton reported that the XML-RPC server in supervisor, a system for controlling process state, does not perform validation on requested XML-RPC methods, allowing an authenticated client to send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server as the same user as supervisord. The vulnerability has been fixed by disabling nested namespace lookup e ...

Pages:      Start    2833    2834    2835    2836    2837    2838    2839    2840    2841    2842    2843    2844    2845    2846    ..   3205

© SecPod Technologies