ATENTION‼ New - CVE-2015-4457 (cloudera_manager)
📖 Read
via "National Vulnerability Database".
Multiple cross-site scripting (XSS) vulnerabilities in the Cloudera Manager UI before 5.4.3 allow remote authenticated users to inject arbitrary web script or HTML using unspecified vectors.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2015-3406
📖 Read
via "National Vulnerability Database".
The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2015-2060
📖 Read
via "National Vulnerability Database".
cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2015-1855
📖 Read
via "National Vulnerability Database".
verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2015-0837
📖 Read
via "National Vulnerability Database".
The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2014-9356
📖 Read
via "National Vulnerability Database".
Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2014-3591
📖 Read
via "National Vulnerability Database".
Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2013-7484
📖 Read
via "National Vulnerability Database".
Zabbix before 5.0 represents passwords in the users table with unsalted MD5.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2013-4410
📖 Read
via "National Vulnerability Database".
ReviewBoard: has an access-control problem in REST API📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2012-5562
📖 Read
via "National Vulnerability Database".
rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2012-4576
📖 Read
via "National Vulnerability Database".
FreeBSD: Input Validation Flaw allows local users to gain elevated privileges📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2012-4526
📖 Read
via "National Vulnerability Database".
piwigo has XSS in password.php (incomplete fix for CVE-2012-4525)📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2012-4525
📖 Read
via "National Vulnerability Database".
piwigo has XSS in password.php📖 Read
via "National Vulnerability Database".
🕴 Leveraging the Cloud for Cyber Intelligence 🕴
📖 Read
via "Dark Reading: ".
How fusing output datasets and sharing information can create a real-time understanding of suspicious activity across your enterprise.📖 Read
via "Dark Reading: ".
Dark Reading
Cloud Security recent news | Dark Reading
Explore the latest news and expert commentary on Cloud Security, brought to you by the editors of Dark Reading
ATENTION‼ New - CVE-2013-2228
📖 Read
via "National Vulnerability Database".
SaltStack RSA Key Generation allows remote users to decrypt communications📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2013-2106
📖 Read
via "National Vulnerability Database".
webauth before 4.6.1 has authentication credential disclosure📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2013-2103
📖 Read
via "National Vulnerability Database".
OpenShift cartridge allows remote URL retrieval📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2013-2101
📖 Read
via "National Vulnerability Database".
Katello has multiple XSS issues in various entities📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2012-4525
📖 Read
via "National Vulnerability Database".
piwigo has XSS in password.php📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2012-4480
📖 Read
via "National Vulnerability Database".
mom creates world-writable pid files in /var/run📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2012-4428
📖 Read
via "National Vulnerability Database".
openslp: SLPIntersectStringList()' Function has a DoS vulnerability📖 Read
via "National Vulnerability Database".