Page 44 of 671 results (0.004 seconds)

CVSS: 7.5EPSS: 22%CPEs: 41EXPL: 0

Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call. Puppet 2.7.x anterior a 2.7.22 y 3.2.x anterior a 3.2.2, y Puppet Enterprise anterior a 2.8.2, deserializa YAML sin confianza, lo que permite a atacantes remotos la instanciación de clases de Ruby y ejecutar código arbitrario a través de una llamada RESTAPI manipulada. • http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00019.html http://rhn.redhat.com/errata/RHSA-2013-1283.html http://rhn.redhat.com/errata/RHSA-2013-1284.html http://secunia.com/advisories/54429 http://www.debian.org/security/2013/dsa-2715 http://www.ubuntu.com/usn/USN-1886-1 https://puppetlabs.com/security/cve/cve-2013-3567 https://access.redhat.com/security/cve/CVE-2013-3567 https& • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •

CVSS: 5.8EPSS: 0%CPEs: 4EXPL: 0

Open redirect vulnerability in the fwdToURL function in the ZCC login page in zcc-framework.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the directToPage parameter. Vulnerabilidad de redirección abierta en la función fwdToURL la pagina de login de ZCC en zcc-framework.jar en Novell ZENworks Configuration Management (ZCM) v11.2 anterior a v11.2.3a Monthly Update 1 permite a atacantes remotos redirigir a los usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing a través del parámetro directToPage. • http://www.novell.com/support/kb/doc.php?id=7012025 http://www.novell.com/support/kb/doc.php?id=7012027 http://www.novell.com/support/kb/doc.php?id=7012499 • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

Cross-site scripting (XSS) vulnerability in a ZCC page in zenworks-core in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via an invalid locale. Vulnerabilidad Cross-site scripting (XSS) en la pagina ZCC en zenworks-core en Novell ZENworks Configuration Management (ZCM) v11.2 anterior a v11.2.3a Monthly Update 1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un "locale" invalido. • http://www.novell.com/support/kb/doc.php?id=7012025 http://www.novell.com/support/kb/doc.php?id=7012027 http://www.novell.com/support/kb/doc.php?id=7012501 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError event. Vulnerabilidad Cross-site scripting (XSS) en la pagina ZCC en njwc.jar en Novell ZENworks Configuration Management (ZCM) v11.2 anterior a v11.2.3a Monthly Update 1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores que implican un evento onError. • http://www.novell.com/support/kb/doc.php?id=7012025 http://www.novell.com/support/kb/doc.php?id=7012027 http://www.novell.com/support/kb/doc.php?id=7012500 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via vectors involving an onload event. Vulnerabilidad Cross-site scripting (XSS) en la pagina ZCC en njwc.jar en Novell ZENworks Configuration Management (ZCM) v11.2 anterior a v11.2.3a Monthly Update 1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores que implican un evento onload. • http://www.novell.com/support/kb/doc.php?id=7012025 http://www.novell.com/support/kb/doc.php?id=7012027 http://www.novell.com/support/kb/doc.php?id=7012502 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •