DEBIAN-CVE-2016-5713

Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol PXP agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0...

CVE-2016-5713

Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol PXP agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0...

CVE-2016-5713

Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol PXP agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0...

CVE-2016-5713

CVE-2016-5713 affects Puppet Agent before 1.6.0, where the Puppet Execution Protocol (PXP) agent passed environment variables to Puppet runs. This could allow unauthorized code to be loaded, with the issue introduced in Puppet Agent 1.3.0. Affected versions include 1.3.0 through 1.5.x. The docume...

CVE-2016-5713

Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol PXP agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0...

CVE-2016-5713

Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol PXP agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0...

Multiple vulnerabilities in the Intel Server Platform Services (SPS) subsystem of the Platform Controller Hub microprogramming system, which allow unauthorized code to be executed

The multiple vulnerabilities of the Intel Server Platform Services SPS subsystem, which are part of the Platform Controller Hub PCH microcontroller-based software family and serve as south bridges, are caused by buffer overflows. Exploitation of these vulnerabilities could allow an attacker to...

Circle with Disney check_torlist.sh Update Code Execution Vulnerability(CVE-2017-2881)

Summary An exploitable vulnerability exists in the torlist update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to trigger this...

Cross site request forgery (csrf)

A Cross-Site Request Forgery issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The application does not sufficiently verify requests, making it susceptible to cross-site request forgery. This may allow an attacker to execute unauthorized code, resulting in changes to the...

CVE-2017-14011

A Cross-Site Request Forgery issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The application does not sufficiently verify requests, making it susceptible to cross-site request forgery. This may allow an attacker to execute unauthorized code, resulting in changes to the...

CVE-2017-14011

A Cross-Site Request Forgery issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The application does not sufficiently verify requests, making it susceptible to cross-site request forgery. This may allow an attacker to execute unauthorized code, resulting in changes to the...

SUSE-SU-2017:2466-1 Security update for xen

This update for xen fixes several issues. These security issues were fixed: - CVE-2017-14316: Missing bound check in function allocheappages for an internal array allowed attackers using crafted hypercalls to execute arbitrary code within Xen XSA-231, bsc1056278 - CVE-2017-14318: The function...

CVE-2017-7734

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via 'Comments' while saving Config Revisions...

CVE-2017-7735

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the "Groups" input while creating or editing User Groups...

CVE-2017-3132

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken...

CVE-2017-7734

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via 'Comments' while saving Config Revisions...

CVE-2017-3131

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in "Applications" under FortiView...

Cross site scripting

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken...

Cross site scripting

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via 'Comments' while saving Config Revisions...

CVE-2017-3133

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN...