PT-2016-5513 · Oracle +6 · Mysql Server +5

Name of the Vulnerable Software and Affected Versions: Oracle MySQL versions 5.5.51 and earlier Oracle MySQL versions 5.6.32 and earlier Oracle MySQL versions 5.7.14 and earlier Description: The issue allows remote authenticated users to affect availability via vectors related to Server: Optimize...

Command injection

The certrevoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission...

DEBIAN-CVE-2016-1242

fileopen in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors...

CVE-2016-1241

Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors...

PYSEC-2016-12

Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors...

CVE-2016-7108

Huawei UMA (Unified Maintenance Audit) before V200R001C00SPC200 SPH206 suffers an information disclosure where remote authenticated users can obtain MD5 hashes of arbitrary user passwords via unspecified vectors. The advisory HWPSIRT-2016-07051 notes a fix; apply Huawei software updates to mitiga...

CVE-2016-1241

Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors...

UBUNTU-CVE-2016-6345

RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs...

CVE-2016-6345

RESTEasy vulnerability CVE-2016-6345 is confirmed in connected documents as a flaw where remote authenticated users could obtain sensitive information due to insufficient use of random values in asynchronous jobs. The Ubuntu advisory USN-7630-1 and related Nessus/OpenVAS entries reference this CV...

SUSE-SU-2016:2259-1 Security update for mysql-connector-java

mysql-connector-java was updated to 5.1.35, fixing multiple bugs and a security issues. - CVE-2015-2575: Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors...

CVE-2016-2998

Cross-site request forgery CSRF vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update data...

CVE-2016-2995

Cross-site scripting XSS vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2997, CVE-2016-300...

CVE-2016-0385

Buffer overflow in IBM WebSphere Application Server WAS 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.10, 9.0 before 9.0.0.1, and Liberty before 16.0.0.3, when HttpSessionIdReuse is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors...

CVE-2016-2995

CVE-2016-2995 concerns a Cross-site scripting (XSS) vulnerability in the Web UI of IBM Connections. The flaw affects IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1. It allows remote authenticated users to inject arbitrary web script or HTML via unspecified ve...

CVE-2016-0385

Summary of CVE-2016-0385 (IBM WebSphere Application Server) Root cause: A buffer overflow in WebSphere Application Server (and related deployments) can be exploited to bypass security restrictions when HttpSessionIdReuse is enabled, potentially allowing an attacker to view sensitive data. The iss...

Honeywell IP-Camera HICC-1100PT Remote Authentication information disclosure vulnerability

No description provided by source...

Design/Logic Flaw

Cisco Connected Streaming Analytics 1.1.1 allows remote authenticated users to discover a notification service password by reading administrative pages, aka Bug ID CSCuz92891...

Design/Logic Flaw

The Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, and Link Controller 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP AFM an...

CVE-2016-4475

The CVE-2016-4475 issue affects Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3. It allows remote authenticated users to bypass organization and location restrictions and (a) read, (b) edit, or (c) delete arbitrary organizations or locations via unspecified vectors. Impact is data exposure and...

PT-2016-5968 · Foreman · Foreman

Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 1.11.4 Foreman versions 1.12.x prior to 1.12.0-RC3 Description: The issue allows remote authenticated users to bypass organization and location restrictions. This enables users to read, edit, or delete arbitrary...