PT-2016-5666 · Red Hat · Red Hat Openshift Enterprise

Name of the Vulnerable Software and Affected Versions: Red Hat OpenShift Enterprise versions 3.1 through 3.2 Description: The issue arises from improper validation of the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod. This allows remot...

CVE-2016-3703

An origin validation vulnerability was found in OpenShift Enterprise. An attacker could potentially access API credentials stored in a web browser's localStorage if anonymous access was granted to a service/proxy or pod/proxy API for a specific pod, and an authorized accesstoken was provided in t...

Mpay24 PrestaShop Payment Module 1.5 - Multiple Vulnerabilities

Mpay24 PrestaShop Payment Module Multiple Vulnerabilities - · Affected Vendor: Mpay24 - · Affected Software: Mpay24 Payment Module - · Affected Version: 1.5 and earlier - · Issue Type: SQL injection and information disclosure - · Notification Date: 10 February 2014 - · Release Date: 03 September...

Mpay24 PrestaShop Payment Module 1.5 - Multiple Vulnerabilities

Mpay24 PrestaShop Payment Module 1.5 - Multiple Vulnerabilities Mpay24 PrestaShop Payment Module Multiple Vulnerabilities - · Affected Vendor: Mpay24 - · Affected Software: Mpay24 Payment Module - · Affected Version: 1.5 and earlier - · Issue Type: SQL injection and information disclosure - ·...

CVE-2014-5247

The UpgradeBeforeConfigurationChange function in lib/client/gntcluster.py in Ganeti 2.10.0 before 2.10.7 and 2.11.0 before 2.11.5 uses world-readable permissions for the configuration backup file, which allows local users to obtain SSL keys, remote API credentials, and other sensitive information...

CVE-2014-5247

Ganeti 2.10.0 prior to 2.10.7 and 2.11.0 prior to 2.11.5 are affected by CVE-2014-5247. The vulnerability arises from the _UpgradeBeforeConfigurationChange function in lib/client/gnt_cluster.py, which stores the configuration backup with world-readable permissions. This exposure allows local user...