PackStack 2012.2.3 in Red Hat OpenStack Essex and Folsom can create the answer file in insecure directories such as /tmp or the current working directory, which allows local users to modify deployed. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. No vendor patch available.
Puppet Labs Puppet Enterprise before 2.8.0 does not use a "randomized secret" in the CAS client config file (cas_client_config.yml) when upgrading from older 1.2.x or 2.0.x versions, which allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.3.0 through 4.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.