CVE-2016-3972

dotCMS before 3.5.1 contains a directory traversal vulnerability in the dotTailLogServlet that lets remote authenticated administrators read arbitrary files via a .. in the fileName parameter. Affected component: dotTailLogServlet (dotCMS). Root cause: input traversal in fileName enables access t...

BadLock vulnerability of technology to track and risk protection-vulnerability warning-the black bar safety net

Nsfocus continued focus on domestic security trends, as early as 3 months when first released BadLock threat warning notices. 4 on 1 on 2, Microsoft patch day schedule. At this time Microsoft released the patch, contains a BadLock vulnerability that can be on a windows System and the Samba servic...

CVE-2016-1264

Race condition in the Op command in Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 12.3X50 before 12.3X50-D50, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D39, 13.2X52 before 13.2X52-D30, 13.3 before...

Race condition

Race condition in the Op command in Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 12.3X50 before 12.3X50-D50, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D39, 13.2X52 before 13.2X52-D30, 13.3 before...

CVE-2015-8677

CVE-2015-8677 affects Huawei Campus switches (S5300EI/S5300SI/S5310HI/S6300EI; S2350EI/S5300LI; S9300/S7700/S9700; S5720HI/S5720EI; S2300/S3300) where the HTTPS or SFTP server stores SSL session information in memory after logout. The memory leak can cause memory consumption and device restart (D...

PT-2016-3892 · Huawei · Fusioncompute

Name of the Vulnerable Software and Affected Versions: Huawei FusionCompute versions prior to V100R005C10SPC700 Description: The issue allows remote authenticated users to obtain sensitive role and permission information via unspecified vectors. Recommendations: For versions prior to...

DEBIAN-CVE-2016-2313

authlogin.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database...

CVE-2016-2056

xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the addusername argument in 1 web/useradm.c or 2 web/chpasswd.c...

CVE-2014-6276

schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details...

CVE-2016-0757

OpenStack Image Service Glance before 2015.1.3 kilo and 11.0.x before 11.0.2 liberty, when showmultiplelocations is enabled, allow remote authenticated users to change image status and upload new image data by removing the last location of an image...

CVE-2016-2405

Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to gain privileges and cause a denial of service system crash via a crafted URL...

CVE-2016-3654

The CVE concerns PAN-OS device management CLI parsing of an SSH command parameter, allowing authenticated administrators to run arbitrary OS commands with root privileges. Affected PAN-OS versions: 5.0.x before 5.0.18; 5.1.x before 5.1.11; 6.0.x before 6.0.13; 6.1.x before 6.1.10; 7.0.x before 7....

CVE-2016-2405

CVE-2016-2405 affects Huawei Policy Center software prior to V100R003C10SPC020. A remote authenticated attacker can escalate privileges by crafting a URL, obtaining admin rights and causing a denial of service (system crash). The vulnerability is described in Huawei PSIRT advisory HWPSIRT-2015-12...

CVE-2016-2140

The libvirt driver in OpenStack Compute Nova before 2015.1.4 kilo and 12.0.x before 12.0.3 liberty, when using raw storage and usecowimages is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk...

CVE-2016-2140

The libvirt driver in OpenStack Compute Nova before 2015.1.4 kilo and 12.0.x before 12.0.3 liberty, when using raw storage and usecowimages is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk...

UBUNTU-CVE-2016-2140

The libvirt driver in OpenStack Compute Nova before 2015.1.4 kilo and 12.0.x before 12.0.3 liberty, when using raw storage and usecowimages is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk...

UBUNTU-CVE-2015-8604

SQL injection vulnerability in the hostnewgraphs function in graphsnew.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cgg parameter in a save action...

CVE-2015-8604

SQL injection vulnerability in the hostnewgraphs function in graphsnew.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cgg parameter in a save action...

CVE-2016-0735

Apache Ranger 0.5.x before 0.5.2 allows remote authenticated users to bypass intended parent resource-level access restrictions by leveraging mishandling of a resource-level exclude policy...

DEBIAN-CVE-2016-1235

The oarsh script in OAR before 2.5.7 allows remote authenticated users of a cluster to obtain sensitive information and possibly gain privileges via vectors related to OpenSSH options...