CVE-2016-4383

The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change...

FreeBSD : OpenVPN -- several vulnerabilities (9f65d382-56a4-11e7-83e3-080027ef73ec)

Samuli Seppanen reports : In May/June 2017 Guido Vranken threw a fuzzer at OpenVPN 2.4.2. In the process he found several vulnerabilities and reported them to the OpenVPN project. ... The first releases to have these fixes are OpenVPN 2.4.3 and 2.3.17. This is a list of fixed important...

Apache Thrift Client Library Denial of Service Vulnerability

Apache Thrift is an interface definition language and binary communication protocol for defining and creating services for multiple languages. The Apache Thrift client inventory is vulnerable to a denial of service. A remote authenticated user can cause a denial of service infinite recursion via ...

CVE-2015-3254

The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service infinite recursion via vectors involving the skip function...

Cisco Elastic Services Controller Security Restriction Bypass Vulnerability

Cisco Elastic Services Controller is a cloud and systems management solution. A security vulnerability in the implementation of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in as a Linux admin user on an affected system...

CVE-2016-9984

IBM Maximo Asset Management 7.5 and 7.6 could allow a remote authenticated attacker to execute arbitrary commands on the system as administrator. IBM X-Force ID: 120276...

CVE-2016-4910

Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors...

CVE-2017-2165

CVE-2017-2165 affects GroupSession versions ≤ 4.6.4. The root cause is a failure to restrict access permissions, allowing remote authenticated attackers to bypass access controls and obtain sensitive information such as emails via unspecified vectors. Documented impact is authenticated access to ...

CVE-2014-3498

The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands...

CVE-2014-3498

The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands...

Design/Logic Flaw

The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document...

CVE-2015-7514

OpenStack Ironic 4.2.0 through 4.2.1 does not "clean" the disk after use, which allows remote authenticated users to obtain sensitive information...

CVE-2017-9462

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name...

UBUNTU-CVE-2017-9462

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name...

CVE-2017-9427

SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core\admin\modules\developer\modules\designer\form-create.php. The attacker creates a crafted table name at admin/developer/modules/designer/ and the injection is...

ALPINE-CVE-2017-8386

git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with...

CVE-2017-9307

SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file parameter...

CVE-2015-0269

Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated "back end" users to view files outside their file mounts or the document root via unspecified vectors...

SAP Netweaver ABAP EA-DFPS Remote Authentication Bypass Vulnerability

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A remote authentication bypass vulnerability exists in SAP Netweaver ABAP EA-DFPS. An attacker could exploit thi...

SAP Netweaver ABAP EA-DFPS Remote Authentication Bypass Vulnerability (CNVD-2017-10684)

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. An authentication bypass vulnerability exists in SAP Netweaver ABAP. An attacker could exploit this vulnerabilit...