CVE-2016-2309

CVE-2016-2309 affects iRZ RUH2 prior to 2b: Unrestricted upload of firmware patches (CWE-434) allows remote authenticated users to upload unvalidated patches, potentially modifying firmware/data or causing DoS. Affected product: RUH2 serial-to-network converter. Root cause: firmware patch validat...

mysql: unspecified vulnerability in subcomponent: Server: DML (CPU January 2016)

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML...

mysql: unspecified vulnerability related to Server:DDL (CPU October 2015)

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL...

mysql: unspecified vulnerability in subcomponent: Server: Optimizer (CPU January 2016)

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer...

mysql: unspecified vulnerability related to Server:Parser (CPU October 2015)

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser...

mysql: unspecified vulnerability in subcomponent: Server: Security: Encryption (CPU January 2016)

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related to encryption...

Design/Logic Flaw

The grade-reporting feature in Singleview aka Single View in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/grade:manage capability, which allows remote authenticated users to modify "Exclude grade" settings by leveraging the Non-Editing...

CVE-2016-2155

CVE-2016-2155 affects Moodle’s grade-reporting feature in Singleview where the grade:manage capability is not enforced. Versions impacted: Moodle 2.8.x prior to 2.8.11, 2.9.x prior to 2.9.5, and 3.0.x prior to 3.0.3. This allows remote authenticated users with the Non-Editing Instructor role to m...

Design/Logic Flaw

The mweditPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors...

CVE-2015-5715

CVE-2015-5715 affects WordPress (XMLRPC subsystem). The vulnerability is in the mw_editPost function in wp-includes/class-wp-xmlrpc-server.php, which allows remote authenticated users to bypass access restrictions and publish a private post while marking it as sticky via unspecified vectors. The ...

CVE-2016-0731

The File Browser View in Apache Ambari before 2.2.1 allows remote authenticated administrators to read arbitrary files via a file: URL in the WebHDFS URL configuration...

Design/Logic Flaw

The File Browser View in Apache Ambari before 2.2.1 allows remote authenticated administrators to read arbitrary files via a file: URL in the WebHDFS URL configuration...

CVE-2016-3725

CVE-2016-3725 affects Jenkins before version 2.3 and Jenkins LTS before 1.651.2, due to a missing permissions check in Jenkins Core that allows remote authenticated users to trigger updating of update site metadata. This issue can be combined with DNS cache poisoning to cause a denial of service....

CVE-2016-3725

Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service service disruption...

CVE-2016-2014

HPE Network Node Manager i NNMi 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors...

CVE-2016-2009

HPE Network Node Manager i NNMi 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections ACC library...

CVE-2016-2013

The CVE-2016-2013 entry affects HPE Network Node Manager i (NNMi) versions 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01. The connected documents describe an information disclosure vulnerability that could allow an authenticated remote user to obtain sensitive information via unspecified vectors. Ther...

CVE-2016-2167

The canonicalizeusername function in svnserve/cyrusauth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repositor...

CVE-2016-0894

EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to bypass intended object access restrictions via a modified parameter...

CVE-2016-0894

EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to bypass intended object access restrictions via a modified parameter...