CVE-2017-12172

PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provid...

CVE-2017-12172

Removed by vendor...

Authentication Bypass

swauth is vulnerable to authentication bypass. Attackers can use a request token from the log file, to use in the X-Auth-Token header of a new request. The tokens are present in the logs because they are being saved unhashed as a part of a GET URI...

FreeBSD : cacti -- multiple vulnerabilities (db570002-ce06-11e7-804e-c85b763a2f96)

cacti reports : Changelog issue1057: CVE-2017-16641 - Potential vulnerability in RRDtool functions issue1066: CVE-2017-16660 in remoteagent.php logging function issue1066: CVE-2017-16661 in view log file issue1071: CVE-2017-16785 in globalsession.php Reflection XSS %NASLMINLEVEL 70300 C Tenable...

[SECURITY] [DSA 4044-1] swauth security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4044-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez November 21, 2017 https://www.debian.org/security/faq -...

CVE-2017-16613

An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving unhashed tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI. This allow...

PYSEC-2017-84

An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving unhashed tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI. This allow...

Authentication flaw

An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving unhashed tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI. This allow...

Debian: Security Advisory (DSA-4044-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

VMware AirWatch Console Security Bypass Vulnerability

VMware AirWatch is a console application for the VMware AirWatch Console, a suite of enterprise mobility management solutions from VMware. A security bypass vulnerability exists in VMware AirWatch Console version 9.x prior to 9.2.0. A remote attacker could exploit the vulnerability to write...

Multiple products postgresql-common package elevation of privilege vulnerability

Debian is a free operating system created by the Debian Project Collaboration with Linux or FreeBSD as its kernel. wheezy, jessie, and unstable are all offshoots of Debian. ubuntu is a suite of desktop application-oriented GNU/Linux operating systems developed by Canonical and the Ubuntu...

Fedora 26 : community-mysql (2017-50c790aaed)

A quarter year regular dose of fixed CVE's. https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-20.html . rhbz1497694 : Fix owner and perms on log file in post script CVE fixes: rhbz1503701 CVE-2017-10155 CVE-2017-10227 CVE-2017-10268 CVE-2017-10276 CVE-2017-10279 CVE-2017-10283 CVE-2017-102...

Fedora 25 : community-mysql (2017-95327e44ec)

A quarter year regular dose of fixed CVE's. https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-20.html . rhbz1497694 : Fix owner and perms on log file in post script CVE fixes: rhbz1503701 CVE-2017-10155 CVE-2017-10227 CVE-2017-10268 CVE-2017-10276 CVE-2017-10279 CVE-2017-10283 CVE-2017-102...

Apache jUDDI Security Bypass Vulnerability

Apache jUDDI is the United States Apache Apache Software Foundation of a Java-based , open source follow the UDDI standard application . A security vulnerability exists in versions of Apache jUDDI prior to 2.0. An attacker can exploit the vulnerability to forge entries in log files...

CVE-2009-1197

CVE-2009-1197 concerns Apache jUDDI prior to 2.0, where an error in logging keys via uddiget.jsp can allow an attacker to spoof entries in log files. The affected component is the logging path tied to uddiget.jsp; the underlying issue is log spoofing through error logging of keys. The published d...

Default credentials

Before Thornberry NDoc version 8.0, laptop clients and the server have default database Cache users set up with a single password. This password is left behind in a cleartext log file during client installation on laptops. This password can be used to gain full admin/system access to client devic...

CVE-2017-15366

Before Thornberry NDoc version 8.0, laptop clients and the server have default database Cache users set up with a single password. This password is left behind in a cleartext log file during client installation on laptops. This password can be used to gain full admin/system access to client devic...

CVE-2017-15366

Before Thornberry NDoc version 8.0, laptop clients and the server have default database Cache users set up with a single password. This password is left behind in a cleartext log file during client installation on laptops. This password can be used to gain full admin/system access to client devic...

CVE-2017-15366

Thornberry NDoc before version 8.0 stores default Cache database credentials with a single password that is written to a plaintext log during laptop client installation. If an attacker obtains this password (even without local access), they can gain full admin/system access to the affected client...

CVE-2017-1210

IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could allow an unauthenticated attacker to inject data into log files made to look legitimate. IBM X-Force ID: 123850...