Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-10-27 | CVE-2011-2569 | Permissions, Privileges, and Access Controls vulnerability in Cisco products Cisco Nexus OS (aka NX-OS) 4.2 and 5.0 and Cisco Unified Computing System with software 1.4 and 2.0 do not properly restrict command-line options, which allows local users to gain privileges via unspecified vectors, aka Bug IDs CSCtf40008, CSCtg18363, CSCtr44645, CSCts10195, and CSCts10188. | 6.8 |
| 2011-10-27 | CVE-2011-3872 | Improper Input Validation vulnerability in multiple products Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the certificate, which allows remote attackers to spoof a Puppet master via a man-in-the-middle (MITM) attack against an agent that uses an alternate DNS name for the master, aka "AltNames Vulnerability." | 2.6 |
| 2011-10-27 | CVE-2011-3871 | Permissions, Privileges, and Access Controls vulnerability in multiple products Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files. | 6.2 |
| 2011-10-27 | CVE-2011-3870 | Link Following vulnerability in multiple products Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file. | 6.3 |
| 2011-10-27 | CVE-2011-3869 | Link Following vulnerability in multiple products Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file. | 6.3 |
| 2011-10-27 | CVE-2011-3848 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request (CSR) to arbitrary locations via (1) a double-encoded key parameter in the URI in 2.7.x, (2) the CN in the Subject of a CSR in 2.6 and 0.25. | 5.0 |
| 2011-10-24 | CVE-2011-4173 | Cross-Site Request Forgery (CSRF) vulnerability in Simplemachines SMF 2.0 Cross-site request forgery (CSRF) vulnerability in Simple Machines Forum (SMF) 2.x before 2.0.1 allows remote attackers to hijack the authentication of administrators or moderators via vectors involving image files, a different vulnerability than CVE-2011-3615. | 6.8 |
| 2011-10-24 | CVE-2011-4172 | Cross-Site Scripting vulnerability in Kent-Web web Forum Multiple cross-site scripting (XSS) vulnerabilities in KENT-WEB WEB FORUM before 5.1 allow remote attackers to inject arbitrary web script or HTML via (1) an e-mail address field or (2) a cookie, a related issue to CVE-2011-3383, CVE-2011-3983, and CVE-2011-3984. | 4.3 |
| 2011-10-24 | CVE-2011-4171 | Cross-Site Scripting vulnerability in IBM Websphere Ilog Rule Team Server 7.1.1 Cross-site scripting (XSS) vulnerability in content/error.jsp in IBM WebSphere ILOG Rule Team Server 7.1.1 allows remote attackers to inject arbitrary web script or HTML via the project parameter to teamserver/faces/home.jsp. | 4.3 |
| 2011-10-24 | CVE-2011-3984 | Cross-Site Scripting vulnerability in Kent-Web web Forum Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to "web form entries." | 4.3 |