Red Hat Security Advisory 2012-1542-01 - Red Hat CloudForms is an on-premise hybrid cloud Infrastructure-as-a-Service product that lets you create and manage private and public clouds. Multiple input validation vulnerabilities were discovered in rubygem-activerecored. A remote attacker could possibly use these flaws to perform an SQL injection attack against an application using rubygem-activerecord. Multiple cross-site scripting flaws were found in rubygem-actionpack. A remote attacker could use these flaws to conduct XSS attacks against users of an application using rubygem-actionpack.
f96ce0acf37d0bdcad39fc2ad186927a862b5bffbd7f653a2b6e60984426c0c4Gentoo Linux Security Advisory 201208-2 - Multiple vulnerabilities have been found in Puppet, the worst of which could lead to execution of arbitrary code. Versions less than 2.7.13 are affected.
34e2e5b7d34db5d93643e67dcebb7c67afd870204a7c4b3718e99acee2ae0d8bDebian Linux Security Advisory 2451-1 - Several vulnerabilities have been discovered in puppet, a centralized configuration management system.
35b59b4216bedd63d45392644a9587d40ba5845a85bf2717988463a587882a20Ubuntu Security Notice 1419-1 - It was discovered that Puppet used a predictable filename when downloading Mac OS X package files. A local attacker could exploit this to overwrite arbitrary files. It was discovered that Puppet incorrectly handled filebucket retrieval requests. A local attacker could exploit this to read arbitrary files. It was discovered that Puppet incorrectly handled filebucket store requests. A local attacker could exploit this to perform a denial of service via resource exhaustion. Various other issues were also addressed.
b321c92d30665135abf19544c4c759a8dc26d73f6d998793727b56e0115999ac
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed