CVE-2014-3922 (interscan_messaging_security_virtual_appliance)

CVE-2014-3922 (interscan_messaging_security_virtual_appliance)

Cross-site scripting (XSS) vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance 8.5.1.1516 allows remote authenticated users to inject arbitrary web script or HTML via the addWhiteListDomainStr parameter to addWhiteListDomain.imss.

Source: CVE-2014-3922 (interscan_messaging_security_virtual_appliance)

CVE-2014-3730 (debian_linux, django, opensuse, ubuntu_linux)

CVE-2014-3730 (debian_linux, django, opensuse, ubuntu_linux)

The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\djangoproject.com."

Source: CVE-2014-3730 (debian_linux, django, opensuse, ubuntu_linux)

CVE-2014-0189 (enterprise_linux_desktop, enterprise_linux_server, enterprise_linux_workstation, virt-who)

CVE-2014-0189 (enterprise_linux_desktop, enterprise_linux_server, enterprise_linux_workstation, virt-who)

virt-who uses world-readable permissions for /etc/sysconfig/virt-who, which allows local users to obtain password for hypervisors by reading the file.

Source: CVE-2014-0189 (enterprise_linux_desktop, enterprise_linux_server, enterprise_linux_workstation, virt-who)