28 matches found
EUVD-2018-18266
Malware in sbrugna...
EUVD-2018-1048
Malware in sbrugna...
EUVD-2015-5636
Malware in sbrugna...
CVE-2019-10695
When using the cd4pe::rootconfiguration task to configure a Continuous Delivery for PE installation, the root user’s username and password were exposed in the job’s Job Details pane in the PE console. These issues have been resolved in version 1.2.1 of the puppetlabs/cd4pe module...
Cross site request forgery (csrf)
Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF Cross-Site Request Forgery attacks. This would allow an attacker to redirect user input to an untrusted site or hijack a user session...
April 9, 2019—KB4493458 (Security-only update)
April 9, 2019—KB4493458 Security-only update Improvements and fixes This security update includes quality improvements. Key changes include: Addresses an issue in which netdom.exe fails to run, and the error, “The command failed to complete successfully” appears. Addresses an issue that may cause...
April 9, 2019—KB4493450 (Security-only update)
April 9, 2019—KB4493450 Security-only update Improvements and fixes This security update includes quality improvements. Key changes include: Addresses an issue that may cause applications that use MSXML6 to stop responding if an exception was thrown during node operations. Addresses an issue that...
April 9, 2019—KB4493471 (Monthly Rollup)
April 9, 2019—KB4493471 Monthly Rollup Customers who have applied KB 4489887 or later Monthly Rollup Packages to Microsoft Server 2008 SP2 may notice a change to the operating system version string. The “build number” component of the version string increases by 1, and the revision number decreas...
Cisco AppDynamics App iQ Platform SQL Injection Vulnerability
Cisco AppDynamics App iQ Platform is a real-time application and business performance monitoring solution from Cisco. A SQL injection vulnerability exists in the Enterprise Console in versions prior to Cisco AppDynamics App iQ Platform 4.4.3.10598 HF4. A remote attacker could exploit the...
Sql injection
The Enterprise Console in Cisco AppDynamics App iQ Platform before 4.4.3.10598 HF4 allows SQL injection, aka the Security Advisory 2089 issue...
CVE-2018-0225
The Enterprise Console in Cisco AppDynamics App iQ Platform before 4.4.3.10598 HF4 allows SQL injection, aka the Security Advisory 2089 issue...
CVE-2018-0225
The Enterprise Console in Cisco AppDynamics App iQ Platform before 4.4.3.10598 HF4 allows SQL injection, aka the Security Advisory 2089 issue...
CVE-2018-0225
CVE-2018-0225 concerns the Cisco AppDynamics App iQ Platform Enterprise Console, vulnerable in versions prior to 4.4.3.10598 (HF4). The connected sources specify a SQL injection vulnerability in the Enterprise Console, with a CVSSv3 base score of 9.8 (CRITICAL) and CVSSv2 base score of 7.5 (HIGH)...
CVE-2018-0225
The Enterprise Console in Cisco AppDynamics App iQ Platform before 4.4.3.10598 HF4 allows SQL injection, aka the Security Advisory 2089 issue...
Puppet Enterprise Console Cross-Site Scripting Vulnerability (CNVD-2018-09252)
Puppet is a set of configuration management tools based on client/server C/S architecture from Puppet Labs in the U.S. It can be used to manage configuration files, users, cron tasks, packages, system services, etc. Puppet Enterprise is its enterprise version.Puppet Enterprise Console is one of t...
CVE-2018-6510
A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Orchestrator. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6...
CVE-2018-6511
A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Puppet Enterprise Console. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6...
CVE-2018-6510
A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Orchestrator. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6...
CVE-2018-6510
CVE-2018-6510 describes a cross-site scripting vulnerability in Puppet Enterprise Console (used with the Orchestrator). The issue allows an attacker to inject scripts into the Puppet Enterprise Console and is tied to Puppet Enterprise: 2017.3.x versions prior to 2017.3.6. The root cause is improp...
CVE-2014-2005
Sophos Disk Encryption SDE 5.x in Sophos Enterprise Console SEC 5.x before 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically proximate attackers to obtain desktop access by leveraging the absence of a login screen...