VIR Vulnerability Intelligence Relay

Search

Found 849 results in 119ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2017-10108 medium 5.3 5.3 FIX slesdebian debian rhel oraclephoenixcontactredhat 9y ago Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Em…
CVE-2017-10107 critical 9.6 9.6 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easi…
CVE-2017-10105 medium 4.3 4.3 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows …
CVE-2017-10102 critical 9.0 9.0 FIX slesdebian debian rhel oraclephoenixcontactnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Diff…
CVE-2017-10101 critical 9.6 9.6 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Eas…
CVE-2017-10096 critical 9.6 9.6 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Eas…
CVE-2017-10090 critical 9.6 9.6 FIX slesdebian debian rhel oraclenetappredhat 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easil…
CVE-2017-10089 critical 9.6 9.6 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows una…
CVE-2017-10087 critical 9.6 9.6 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131…
CVE-2017-10078 high 8.1 8.1 FIX slesdebian debian rhel oracleredhatphoenixcontact 9y ago Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged at…
CVE-2017-10067 high 7.5 7.5 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows …
CVE-2017-10053 medium 5.3 5.3 FIX slesdebian debian rhel oracleredhatnetapp 9y ago Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u1…
CVE-2016-3113 medium 6.1 6.1 redhat 9y ago Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote attackers to inject arbitrary web script or HTML.
CVE-2015-7561 low 3.1 3.1 kubernetesredhat 9y ago Kubernetes in OpenShift3 Access Control Misconfiguration in k8s.io/kubernetes
CVE-2017-10664 high 7.5 7.5 FIX sles rheldebian debian qemuredhat 9y ago qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt.
CVE-2016-8743 high 7.5 7.5 FIX debian debian sles rhel apachenetappredhat 9y ago Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors repres…
CVE-2017-7980 high 7.8 7.8 FIX sles rhelubuntu ubuntu qemuredhat 9y ago Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vec…
CVE-2015-3198 high 7.5 7.5 redhat 9y ago The Undertow module of WildFly allows source code disclosure
CVE-2016-4996 high 7.0 7.0 rhel redhat 9y ago discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in, which allows local u…
CVE-2016-0764 medium 6.2 6.2 FIX slesdebian debian rhel redhat 9y ago Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux…
CVE-2017-9788 critical 9.1 9.1 FIX debian debianarch arch sles apachenetappredhat 9y ago In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assi…
CVE-2017-7512 critical 9.8 9.8 FIX arch arch redhat 9y ago Red Hat 3scale (aka RH-3scale) API Management Platform (AMP) before 2.0.0 would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authenticatio…
CVE-2016-7062 high 7.8 7.8 redhat 9y ago rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext.
CVE-2015-1795 high 7.8 7.8 FIX debian debian rhel redhat 9y ago Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root.
CVE-2015-3315 high 7.8 8.8 EXP rhel redhat 9y ago Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt/*/maps, (2) /tmp…
CVE-2015-3215 high 7.5 7.5 redhat 9y ago The NetKVM Windows Virtio driver allows remote attackers to cause a denial of service (guest crash) via a crafted length value in an IP packet, as demonstrated by a value that does not account for th…
CVE-2015-3142 medium 4.7 4.7 redhat 9y ago The kernel-invoked coredump processor in Automatic Bug Reporting Tool (ABRT) does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain sensi…
CVE-2015-1870 medium 5.5 5.5 redhat 9y ago The event scripts in Automatic Bug Reporting Tool (ABRT) uses world-readable permission on a copy of sosreport file in problem directories, which allows local users to obtain sensitive information fr…
CVE-2017-3167 critical 9.8 9.8 FIX debian debianarch arch sles apachenetappredhat 9y ago In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being…
CVE-2017-1000376 high 7.0 7.0 FIX slesarch archdebian debian redhatlibffi_projectoracle 9y ago libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was…
CVE-2016-5411 critical 9.8 9.8 rhel redhat 9y ago /var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system.
CVE-2016-4471 high 8.8 8.8 redhat 9y ago ManageIQ in CloudForms before 4.1 allows remote authenticated users to execute arbitrary code.
CVE-2016-4457 high 7.5 7.5 redhat 9y ago CloudForms Management Engine before 5.8 includes a default SSL/TLS certificate.
CVE-2016-3690 critical 9.8 9.8 redhat 9y ago The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary code via a crafted serialized payload.
CVE-2015-6240 high 7.8 7.8 FIX debian debian redhat 9y ago The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack.
CVE-2016-3077 medium 6.5 6.5 redhat 9y ago The VersionMapper.fromKernelVersionString method in oVirt Engine allows remote authenticated users to cause a denial of service (process crash) for all VMs.
CVE-2014-8180 medium 5.5 5.5 mongodbredhat 9y ago MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service.
CVE-2017-9214 critical 9.8 9.8 FIX slesdebian debian rhel openvswitchredhat 9y ago In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pu…
CVE-2017-8379 medium 6.5 6.5 FIX slesdebian debian qemuredhat 9y ago Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generati…
CVE-2017-8309 high 7.5 7.5 FIX slesdebian debian qemuredhat 9y ago Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture.
CVE-2016-9843 critical 9.8 9.8 FIX slesdebian debianubuntu ubuntu zliboracleredhat 9y ago The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
CVE-2016-9842 high 8.8 8.8 FIX slesdebian debianubuntu ubuntu zliboracleredhat 9y ago The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
CVE-2016-9841 critical 9.8 9.8 FIX slesdebian debianubuntu ubuntu zliboracleredhat 9y ago inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
CVE-2016-9840 high 8.8 8.8 FIX sles rockydebian debian boostzliboracle 9y ago RHSA-2025:8395: rsync security update (Low)
CVE-2017-7504 critical 9.8 9.8 redhat 9y ago HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server <= Jboss 4.X does not restrict the classes fo…
CVE-2017-7503 critical 9.8 9.8 redhat 9y ago It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE. An attacker could use this flaw to launch DoS or SSRF attacks, or read fil…
CVE-2017-3544 low 3.7 3.7 FIX slesdebian debian rhel oracleredhat 9y ago Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embed…
CVE-2017-3539 low 3.1 3.1 FIX slesdebian debian rhel oracleredhat 9y ago Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121.…
CVE-2017-3533 low 3.7 3.7 FIX slesdebian debian rhel oracleredhat 9y ago Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embed…
CVE-2017-3512 high 8.3 8.3 FIX slesdebian debian oracleredhat 9y ago Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthentica…
CVE-2016-3702 medium 5.3 5.3 redhat 9y ago Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain sensitive cleartext information.
CVE-2016-6519 medium 5.4 5.4 FIX slesdebian debian redhatopenstack 9y ago Openstack Manila Persistent XSS in Metadata field
CVE-2016-5401 high 8.8 8.8 redhat 9y ago Cross-site request forgery (CSRF) vulnerability in Red Hat JBoss BRMS and BPMS 6 allows remote attackers to hijack the authentication of users for requests that modify instances via a crafted web pag…
CVE-2016-6347 medium 6.1 6.1 FIX debian debian redhat 9y ago Improper Neutralization of Input During Web Page Generation in RESTEasy
CVE-2016-6338 medium 6.8 6.8 redhat 9y ago ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restric…
CVE-2016-5409 high 7.5 7.5 redhat 9y ago Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information …
CVE-2017-5645 critical 9.8 9.8 FIX debian debian sles rhel apachenetappredhat 9y ago Deserialization of Untrusted Data in Log4j
CVE-2016-7060 medium 4.6 4.6 redhat 9y ago The web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the d…
CVE-2016-4455 low 3.3 3.3 rhel redhat 9y ago The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain se…
CVE-2016-4970 high 7.5 7.5 FIX debian debian nettyredhatapache 9y ago Loop with Unreachable Exit Condition in Netty
CVE-2016-2104 medium 6.1 6.1 redhat 9y ago Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the p…
CVE-2016-6348 medium 6.1 6.1 FIX debian debian redhat 9y ago JacksonJsonpInterceptor susceptible to cross-site script inclusion (XSSI) attack
CVE-2016-4459 high 7.5 7.5 rhel redhat 9y ago Stack-based buffer overflow in native/mod_manager/node.c in mod_cluster 1.2.9.
CVE-2014-5009 critical 9.8 9.8 FIX debian debian snoopyredhatnagios 9y ago Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008.
CVE-2014-5008 critical 9.8 9.8 FIX debian debian snoopyredhat 9y ago Snoopy allows remote attackers to execute arbitrary commands.
CVE-2008-7313 critical 9.8 9.8 FIX debian debian snoopyredhatnagios 9y ago The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796.
CVE-2017-5973 medium 5.5 5.5 FIX slesdebian debian rhel qemuredhat 9y ago The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors r…
CVE-2017-5929 critical 9.8 9.8 FIX debian debian qosredhat 9y ago QOS.ch Logback vulnerable to Deserialization of Untrusted Data
CVE-2016-10165 high 7.1 7.1 FIX slesdebian debian rhel littlecmsredhatnetapp 10y ago The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which …
CVE-2016-9921 medium 6.5 6.5 FIX slesdebian debian rhel qemuredhat 10y ago Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. …
CVE-2016-9911 medium 6.5 6.5 FIX slesdebian debian rhel qemuredhat 10y ago Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process coul…
CVE-2016-9907 medium 6.5 6.5 FIX slesdebian debian rhel qemuredhat 10y ago Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest …
CVE-2016-4443 medium 5.5 5.5 redhat 10y ago Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file.
CVE-2016-7466 medium 6.0 6.0 FIX slessuse suse rhel qemuredhat 10y ago Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consump…
CVE-2016-7422 medium 6.0 6.0 FIX slessuse suse rhel qemuredhat 10y ago The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) …
CVE-2016-6888 medium 4.4 4.4 FIX slesdebian debian rhel qemuredhat 10y ago Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the max…
CVE-2016-6835 medium 6.0 6.0 FIX slesdebian debian rhel qemuredhat 10y ago The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (buffer over-read) by leveraging fail…
CVE-2016-8910 medium 6.0 6.0 FIX sles rheldebian debian qemuredhat 10y ago The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveragin…
CVE-2016-8909 medium 6.0 6.0 FIX sles rheldebian debian qemuredhat 10y ago The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry wit…
CVE-2016-8669 medium 6.0 6.0 FIX sles rheldebian debian qemuredhat 10y ago The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) …
CVE-2016-8576 medium 6.0 6.0 FIX sles rheldebian debian qemuredhat 10y ago The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging f…
CVE-2016-7065 high 8.8 9.8 EXP redhat 10y ago The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) 4 and 5 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted seriali…
CVE-2016-6325 high 7.8 7.8 rhel apacheredhat 10y ago The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which all…
CVE-2016-1000007 medium 6.1 6.1 FIX debian debian redhat 10y ago Pagure 2.2.1 XSS in raw file endpoint
CVE-2016-7040 high 8.8 8.8 redhat 10y ago Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to…
CVE-2016-7046 medium 5.9 5.9 FIX debian debian redhat 10y ago Undertow Uncaught Exception vulnerability
CVE-2016-7031 high 7.5 7.5 FIX slesdebian debian ceph_projectredhat 10y ago The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL.
CVE-2016-5432 low 3.3 3.3 rhel redhat 10y ago The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files.
CVE-2016-5398 medium 5.4 5.4 redhat 10y ago Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering permis…
CVE-2016-6330 critical 9.8 9.8 redhat 10y ago The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted H…
CVE-2016-4978 high 7.2 7.2 rhel apacheredhat 10y ago Apache ActiveMQ Artemis RCE Via Deserialization Gadget Chain
CVE-2016-5406 high 8.8 8.8 rhel redhat 10y ago The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative RB…
CVE-2016-4993 medium 6.1 6.1 FIX rheldebian debian redhat 10y ago Improper Neutralization of CRLF Sequences in Wildfly Undertow
CVE-2016-3110 high 7.5 7.5 rhelfedora fedora redhat 10y ago mod_cluster Denial of Service vulnerability
CVE-2016-6340 high 8.4 8.4 rhel redhat 10y ago The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force …
CVE-2016-6322 high 8.4 8.4 rhel redhat 10y ago Red Hat QuickStart Cloud Installer (QCI) uses world-readable permissions for /etc/qci/answers, which allows local users to obtain the root password for the deployed system by reading the file.
CVE-2016-5418 high 7.5 7.5 FIX slesdebian debian rhel redhatlibarchive 10y ago The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive fil…
CVE-2016-6662 critical 9.8 10.0 EXP slesdebian debian rhel oracleperconamariadb 10y ago Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x befo…
CVE-2016-5422 high 8.8 8.8 redhat 10y ago The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 does not properly authorize requests to add users with the super user role, which allows remote authenticated users to gain admi…
CVE-2016-7034 high 8.8 8.8 redhat 10y ago The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to…