Design/Logic Flaw

The RESTful control interface aka RAPI or ganeti-rapi in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2 allows remote attackers to obtain the DRBD secret via instance information job resul...

CVE-2015-7945

The CVE-2015-7945 entry describes a vulnerability in Ganeti’s RESTful control interface (RAPI/ganeti-rapi) affecting multiple release streams: 2.9.x prior to 2.9.7, 2.10.x prior to 2.10.8, 2.11.x prior to 2.11.8, 2.12.x prior to 2.12.6, 2.13.x prior to 2.13.3, 2.14.x prior to 2.14.2, and 2.15.x p...

[ASA-201610-7] wpa_supplicant: multiple issues

Arch Linux Security Advisory ASA-201610-7 ========================================= Severity: High Date : 2016-10-08 CVE-ID : CVE-2016-4476 CVE-2016-4477 Package : wpasupplicant Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package...

UBUNTU-CVE-2014-9875

drivers/char/diag/diagdci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 2013 devices allows attackers to gain privileges via a crafted application that sends short DCI request packets, aka Android internal bug 28767589 and Qualcomm internal bug CR483310...

Ganeti RESTful Control Interface Denial of Service Vulnerability

Ganeti is a suite of virtual machine management software based on Xen Virtual Machine Manager and other open source software. The software supports Xen virtualization technology, disk management and more. A denial of service vulnerability exists in Ganeti. A remote attacker could exploit this...

Design/Logic Flaw

The Agent Control Interface in the management server in Symantec Critical System Protection SCSP 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced SDCS:SA 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to...

CVE-2014-3440

The Agent Control Interface in the management server in Symantec Critical System Protection SCSP 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced SDCS:SA 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to...

CVE-2014-3440

The Agent Control Interface in the management server in Symantec Critical System Protection SCSP 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced SDCS:SA 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to...

RedHat Update for qemu-kvm RHSA-2014:0704-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Dell TrueMobile 2300 Remote Credential Reset Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15770/info It is possible for remote attackers to gain control of a target TrueMobile 2300 running firmware versions 3.0.0.8 and 5.1.1.6. Other versions are likely affected. The vulnerability appears to be in an...

CVE-2014-0680

Cross-site scripting XSS vulnerability in the HTTP control interface in the NAC Web Agent component in Cisco Identity Services Engine ISE allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCui15038...

Cross site scripting

Cross-site scripting XSS vulnerability in the HTTP control interface in the NAC Web Agent component in Cisco Identity Services Engine ISE allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCui15038...

Cisco Identity Services Engine HTTP Control Interface for NAC Web Agent Cross-Site Scripting Vulnerability

A vulnerability in the HTTP control interface for NAC Web Agent of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to execute a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerabili...

CVE-2014-0680

Cross-site scripting XSS vulnerability in the HTTP control interface in the NAC Web Agent component in Cisco Identity Services Engine ISE allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCui15038...

kernel: drivers/scsi/mpt2sas: prevent heap overflows

drivers/scsi/mpt2sas/mpt2sasctl.c in the Linux kernel 2.6.38 and earlier does not validate 1 length and 2 offset values before performing memory copy operations, which might allow local users to gain privileges, cause a denial of service memory corruption, or obtain sensitive information from...

[Full-disclosure] Secunia Research: Motion "read_client()" HTTP Request Buffer Overflow

====================================================================== Secunia Research 23/06/2008 - Motion "readclient" HTTP Request Buffer Overflow - ====================================================================== Table of Contents Affected...

CVE-2008-2654

Off-by-one error in the readclient function in webhttpd.c in Motion 3.2.10 and earlier might allow remote attackers to execute arbitrary code via a long request to a Motion HTTP Control interface, which triggers a stack-based buffer overflow with some combinations of processor architecture and...

CVE-2008-2654

Off-by-one error in the readclient function in webhttpd.c in Motion 3.2.10 and earlier might allow remote attackers to execute arbitrary code via a long request to a Motion HTTP Control interface, which triggers a stack-based buffer overflow with some combinations of processor architecture and...

CVE-2008-2654

Off-by-one error in the readclient function in webhttpd.c in Motion 3.2.10 and earlier might allow remote attackers to execute arbitrary code via a long request to a Motion HTTP Control interface, which triggers a stack-based buffer overflow with some combinations of processor architecture and...