125 matches found
CVE-2015-3162
CVE-2015-3162 affects Beaker 20.1 in the Beaker project. Description: a Cross-site scripting (XSS) vulnerability in the edit comment dialog (bkr/server/widgets.py) enables remote authenticated users to inject arbitrary web script or HTML by writing a crafted comment on an acknowledged or nacked c...
CVE-2015-3160
CVE-2015-3160 relates to an XML external entity (XXE) vulnerability in Beaker’s Beaker project, specifically in the bkr/server/jobs.py module. Before version 20.1, remote authenticated users can submit job XML containing entity references that reference files on the Beaker server’s filesystem, po...
CVE-2015-3161
The CVE affects Beaker prior to version 20.1. The search bar code in bkr/server/widgets.py fails to escape tags in string literals when producing JSON, enabling potential cross‑site/script injection via JSON output. The Beaker vulnerability is described consistently across sources (NVD/NVD-deriv...
Beaker XXE Attack Information Disclosure Vulnerability
Beaker is a suite of open source software used to manage and automate test computers in laboratories. There is a security vulnerability in the handling of external entity extensions in Beaker job xml that allows remote attackers to exploit the vulnerability to conduct XXE attacks and obtain...
Beaker HTML Injection Vulnerability
Beaker is a suite of open source software used to manage and automate test computers in laboratories. Beaker in the processing of "edit comment" in the data lack of correct HTML escaping , allowing remote attackers to exploit the vulnerability to inject malicious script or HTML code , when...
Beaker Incorrect Label Escape Vulnerability
Beaker is a suite of open source software used to manage and automate test computers in laboratories. Beaker fails to properly escape tags in the search bar when generating JSON, allowing remote attackers to exploit vulnerabilities to inject malicious script or HTML code that can obtain sensitive...
Beaker Security Bypass Vulnerability
Beaker is a suite of open source software used to manage and automate test computers in laboratories. A security bypass vulnerability exists in Beaker. An attacker could exploit this vulnerability to bypass security restrictions and perform unauthorized operations...
[SECURITY] [DSA 2541-1] beaker security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2541-1 [email protected] http://www.debian.org/security/ Raphael Geissert September 07, 2012 http://www.debian.org/security/faq -...
Beaker information leakage
Information leakage in AES ECB mode...
CVE-2012-3458
Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...
CVE-2012-3458
Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...
DEBIAN-CVE-2012-3458
Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...
CVE-2012-3458
Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...
UBUNTU-CVE-2012-3458
Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...
PYSEC-2012-1
Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...
PYSEC-2012-1
Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...
Code injection
Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...
CVE-2012-3458
CVE-2012-3458 affects Beaker prior to 1.6.4, where sessions encrypted with PyCrypto use AES in ECB mode. The ECB usage can allow remote attackers to obtain portions of sensitive session data via unspecified vectors. All connected sources corroborate that Beaker before 1.6.4 is vulnerable to this ...
CVE-2012-3458
Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...
CVE-2012-3458
Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...