EFB vulnerability in Lufthansa’s Lido eRouteManual

Almost all commercial airlines now use electronic flight bags EFBs to drive efficiency and safety in their operations. We’ve been testing the security of EFBs and their apps, here’s our latest findings. TL;DR Many airlines use Lufthansa Systems Lido eRoute Manual for their EFB approach plates. We...

Write access to the catalog for any user when restricted-admin role is enabled in Rancher

Impact This vulnerability only affects customers using the restricted-admin role in Rancher. For this role to be active, Rancher must be bootstrapped with the environment variable CATTLERESTRICTEDDEFAULTADMIN=true or the configuration flag restrictedAdmin=true. A flaw was discovered in Rancher...

CVE-2015-4989

CVE-2015-4989 is an information-disclosure vulnerability in IBM Tealeaf Customer Experience portals. The IBM advisory and related IBM Tealeaf bulletins confirm that the issue affects IBM Tealeaf CX products from versions 8.0 through 9.0.2 (including 9.0.2A and earlier 9.x releases) and allows an ...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 allow remote attackers to hijack the authentication of arbitrary users for requests related to 1 adding a saved search in buglist.cgi, 2 voting in...