Red Hat Security Advisory 2012-1542-01 - Red Hat CloudForms is an on-premise hybrid cloud Infrastructure-as-a-Service product that lets you create and manage private and public clouds. Multiple input validation vulnerabilities were discovered in rubygem-activerecored. A remote attacker could possibly use these flaws to perform an SQL injection attack against an application using rubygem-activerecord. Multiple cross-site scripting flaws were found in rubygem-actionpack. A remote attacker could use these flaws to conduct XSS attacks against users of an application using rubygem-actionpack.
f96ce0acf37d0bdcad39fc2ad186927a862b5bffbd7f653a2b6e60984426c0c4Debian Linux Security Advisory 2511-1 - Several security vulnerabilities have been found in Puppet, a centralized configuration management.
e25085e2d398a35b784003943d6504c9cd06efb0e6a0fb325d9e06e7bbd9a937Ubuntu Security Notice 1506-1 - It was discovered that Puppet incorrectly handled certain HTTP GET requests. An attacker could use this flaw with a valid client certificate to retrieve arbitrary files from the Puppet master. It was discovered that Puppet incorrectly handled Delete requests. If a Puppet master were reconfigured to allow the "Delete" method, an attacker on an authenticated host could use this flaw to delete arbitrary files from the Puppet server, leading to a denial of service. Various other issues were also addressed.
2db822b8deddc568488cbb2592bc0d946bcd94f89af0b800dc6692643cf7a671
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed