4423 matches found
Command injection
Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image...
CVE-2016-2028
HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4357...
CVE-2016-2022
HPE Systems Insight Manager SIM before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, and CVE-2016-2030...
Code injection
HPE Systems Insight Manager SIM before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, and CVE-2016-2030...
Code injection
HPE Systems Insight Manager SIM before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, and CVE-2016-2022...
CVE-2015-8157
SQL injection vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection SES:CSP 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices SES:CSP 6.5.0 before MP1, Critical System Protection SCSP before 5.2.9 MP6, Data...
CVE-2016-2022
HPE Systems Insight Manager SIM before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, and CVE-2016-2030...
CVE-2016-2017
CVE-2016-2017 corresponds to a padding-oracle vulnerability in CBC mode decryption affecting OpenSSL. The IBM Aspera bulletin itemizes CVE-2016-2017 within its OpenSSL-related entries and states that OpenSSL versions before 1.0.1t and before 1.0.2h are vulnerable, enabling an attacker to decrypt ...
CVE-2016-4369
HPE Discovery and Dependency Mapping Inventory DDMi 9.30, 9.31, 9.32, 9.32 update 1, 9.32 update 2, and 9.32 update 3 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library...
CVE-2016-3072
Multiple SQL injection vulnerabilities in the scopedsearch function in app/controllers/katello/api/v2/apicontroller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the 1 sortby or 2 sortorder parameter...
CVE-2014-8177
CVE-2014-8177 affects Red Hat Gluster Storage’s OpenStack Swift component (gluster-swift). The issue allows remote authenticated users to bypass the max_meta_count constraint by issuing multiple crafted requests that cumulatively exceed the configured limit, enabling excess metadata storage. Root...
jenkins: Arbitrary build parameters are passed to build scripts as environment variables (SECURITY-170)
Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables...
CVE-2016-1212
CVE-2016-1212 affects Futomi MP Form Mail CGI Professional Edition up to version 3.2.3, exposing a directory traversal vulnerability (CWE-22). The flaw allows remote authenticated administrators to read arbitrary files on the server via unspecified vectors. Public records from NVD/JVN describe th...
CVE-2016-4500
Moxa UC-7408 LX-Plus devices allow remote authenticated users to write to the firmware, and consequently render a device unusable, by leveraging root access...
CVE-2016-2285
Cross-site request forgery CSRF vulnerability on Moxa MiiNePortE14641 devices with firmware 1.1.10 Build 09120714, MiiNePortE17080 devices with firmware 1.1.10 Build 09120714, MiiNePortE21242 devices with firmware 1.1 Build 10080614, MiiNePortE24561 devices with firmware 1.1 Build 10080614, and...
CVE-2016-4501
CVE-2016-4501 affects ESC 8832 Data Controller (v3.02 and earlier). Root cause: improper session handling enables authentication bypass, allowing remote attackers to perform arbitrary configuration changes. Public exploitation is evidenced by a Metasploit module; advisories (ICS-CERT ICSA-16-147-...
CVE-2016-2311
Black Box AlertWerks ServSensor with firmware before SP473, AlertWerks ServSensor Junior with firmware before SP473, AlertWerks ServSensor Junior with PoE with firmware before SP473, and AlertWerks ServSensor Contact with firmware before SP473 allow remote authenticated users to discover...
CVE-2016-2309
iRZ RUH2 before 2b does not validate firmware patches, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors...
Code injection
Black Box AlertWerks ServSensor with firmware before SP473, AlertWerks ServSensor Junior with firmware before SP473, AlertWerks ServSensor Junior with PoE with firmware before SP473, and AlertWerks ServSensor Contact with firmware before SP473 allow remote authenticated users to discover...
CVE-2016-2309
iRZ RUH2 before 2b does not validate firmware patches, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors...