Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-23 | CVE-2015-5729 | Information Exposure vulnerability in Samsung products The Soft Access Point (AP) feature in Samsung Smart TVs X10P, X12, X14H, X14J, and NT14U and Xpress M288OFW printers generate weak WPA2 PSK keys, which makes it easier for remote attackers to obtain sensitive information or bypass authentication via a brute-force attack. | 9.8 |
| 2017-03-23 | CVE-2015-4166 | Key Management Errors vulnerability in Cloudera KEY Trustee Server 5.4.2 Cloudera Key Trustee Server before 5.4.3 does not store keys synchronously, which might allow attackers to have unspecified impact via vectors related to loss of an encryption key. | 9.8 |
| 2017-03-23 | CVE-2015-4078 | Information Exposure vulnerability in Cloudera Manager and Navigator Cloudera Navigator 2.2.x before 2.2.4 and 2.3.x before 2.3.3 include support for SSLv3 when configured to use SSL/TLS, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). | 3.1 |
| 2017-03-23 | CVE-2015-2263 | Permissions, Privileges, and Access Controls vulnerability in Cloudera Manager Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for files in its configuration directory when starting YARN NodeManager, which allows local users to obtain sensitive information by reading the files, as demonstrated by yarn.keytab or ssl-server.xml in /var/run/cloudera-scm-agent/process. | 3.3 |
| 2017-03-23 | CVE-2015-0855 | Code Injection vulnerability in Pitivi 0.94 The _mediaLibraryPlayCb function in mainwindow.py in pitivi before 0.95 allows attackers to execute arbitrary code via shell metacharacters in a file path. | 9.8 |
| 2017-03-23 | CVE-2014-0229 | Permissions, Privileges, and Access Controls vulnerability in multiple products Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command. | 6.5 |
| 2017-03-23 | CVE-2013-6446 | Permissions, Privileges, and Access Controls vulnerability in Cloudera CDH The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before 5.0.0 Beta 2, when using MRv2/YARN with HTTP authentication, allows remote authenticated users to obtain sensitive job information by leveraging failure to enforce job ACLs. | 3.1 |
| 2017-03-23 | CVE-2017-7242 | Cross-site Scripting vulnerability in Slims Slims7 Cendana 20170323/62B8Ee8B51Be89Fc65E0D59B01C3724737F9Da20 Multiple Cross-Site Scripting (XSS) were discovered in admin/modules components in SLiMS 7 Cendana through 2017-03-23: the keywords parameter to bibliography/checkout_item.php, bibliography/dl_print.php, bibliography/item.php, bibliography/item_barcode_generator.php, bibliography/printed_card.php, circulation/loan_rules.php, master_file/author.php, master_file/coll_type.php, and master_file/doc_language.php and the quickReturnID field to circulation/ajax_action.php. | 6.1 |
| 2017-03-23 | CVE-2016-9557 | Integer Overflow or Wraparound vulnerability in Jasper Project Jasper Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (application crash) via a crafted file. | 5.5 |
| 2017-03-23 | CVE-2016-9556 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. | 5.5 |