Total
412 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7713 | 1 Openstack | 1 Nova | 2023-02-12 | 5.0 MEDIUM | N/A |
| OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made. | |||||
| CVE-2015-3230 | 1 Fedoraproject | 1 389 Directory Server | 2023-02-12 | 7.5 HIGH | N/A |
| 389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher. | |||||
| CVE-2016-4451 | 1 Theforeman | 1 Foreman | 2023-02-12 | 6.0 MEDIUM | 5.0 MEDIUM |
| The (1) Organization and (2) Locations APIs in Foreman before 1.11.3 and 1.12.x before 1.12.0-RC1 allow remote authenticated users with unlimited filters to bypass organization and location restrictions and read or modify data for an arbitrary organization by leveraging knowledge of the id of that organization. | |||||
| CVE-2016-4475 | 1 Theforeman | 1 Foreman | 2023-02-12 | 6.5 MEDIUM | 8.8 HIGH |
| The (1) Organization and (2) Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3 allow remote authenticated users to bypass organization and location restrictions and (a) read, (b) edit, or (c) delete arbitrary organizations or locations via unspecified vectors. | |||||
| CVE-2015-5306 | 1 Openstack | 1 Ironic Inspector | 2023-02-12 | 6.8 MEDIUM | N/A |
| OpenStack Ironic Inspector (aka ironic-inspector or ironic-discoverd), when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error. | |||||
| CVE-2015-5178 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Wildfly Application Server | 2023-02-12 | 4.3 MEDIUM | N/A |
| The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element. | |||||
| CVE-2016-2118 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2022-08-29 | 6.8 MEDIUM | 7.5 HIGH |
| The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "BADLOCK." | |||||
| CVE-2015-0201 | 2 Pivotal Software, Vmware | 2 Spring Framework, Spring Framework | 2022-04-11 | 5.0 MEDIUM | N/A |
| The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors. | |||||
| CVE-2015-7330 | 1 Puppet | 1 Puppet Enterprise | 2022-01-24 | 6.5 MEDIUM | 8.8 HIGH |
| Puppet Enterprise 2015.3 before 2015.3.1 allows remote attackers to bypass a host whitelist protection mechanism by leveraging the Puppet communications protocol. | |||||
| CVE-2015-8857 | 1 Uglifyjs Project | 1 Uglifyjs | 2021-10-28 | 7.5 HIGH | 9.8 CRITICAL |
| The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript. | |||||
| CVE-2014-8152 | 1 Apache | 1 Santuario Xml Security For Java | 2021-09-17 | 5.0 MEDIUM | N/A |
| Apache Santuario XML Security for Java 2.0.x before 2.0.3 allows remote attackers to bypass the streaming XML signature protection mechanism via a crafted XML document. | |||||
| CVE-2016-6639 | 2 Cloudfoundry, Pivotal | 2 Php-buildpack, Cloud Foundry Elastic Runtime | 2021-09-09 | 5.0 MEDIUM | 7.5 HIGH |
| Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products, place the .profile file in the htdocs directory, which might allow remote attackers to obtain sensitive information via an HTTP GET request for this file. | |||||
| CVE-2016-10224 | 1 Sauter-controls | 1 Novaweb Web Hmi | 2021-08-31 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in Sauter NovaWeb web HMI. The application uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is valid for the associated user. | |||||
| CVE-2016-0266 | 1 Ibm | 2 Aix, Vios | 2021-08-31 | 4.3 MEDIUM | 3.7 LOW |
| IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-4474 | 1 Redhat | 1 Openstack | 2021-08-04 | 3.3 LOW | 8.8 HIGH |
| The image build process for the overcloud images in Red Hat OpenStack Platform 8.0 (Liberty) director and Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) director (aka overcloud-full) use a default root password of ROOTPW, which allows attackers to gain access via unspecified vectors. | |||||
| CVE-2015-7837 | 1 Redhat | 6 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server Aus and 3 more | 2021-07-15 | 2.1 LOW | 5.5 MEDIUM |
| The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot. | |||||
| CVE-2015-6473 | 1 Wago | 4 750-849, 750-849 Firmware, 758-870 and 1 more | 2021-07-09 | 10.0 HIGH | 9.8 CRITICAL |
| WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation. | |||||
| CVE-2016-4376 | 2 Broadcom, Hp | 2 Fabric Operating System, Storefabric B Series Switch | 2021-06-22 | 7.8 HIGH | 6.5 MEDIUM |
| HPE FOS before 7.4.1d and 8.x before 8.0.1 on StoreFabric B switches allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-7973 | 5 Canonical, Freebsd, Netapp and 2 more | 9 Ubuntu Linux, Freebsd, Clustered Data Ontap and 6 more | 2021-04-26 | 5.8 MEDIUM | 6.5 MEDIUM |
| NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network. | |||||
| CVE-2016-10178 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2021-04-23 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on the D-Link DWR-932B router. HELODBG on port 39889 (UDP) launches the "/sbin/telnetd -l /bin/sh" command. | |||||