The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.
Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.