|
276331
|
9.8 |
CRITICAL
Network
|
redhat
jenkins
|
openshift
jenkins
|
Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-fo…
|
CWE-200
Information Exposure
|
CVE-2016-0791
|
2024-11-21 11:42 |
2016-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276332
|
5.3 |
MEDIUM
Network
|
jenkins
redhat
|
jenkins
openshift
|
Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach.
|
CWE-200
CWE-254
Information Exposure
7PK - Security Features
|
CVE-2016-0790
|
2024-11-21 11:42 |
2016-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276333
|
6.1 |
MEDIUM
Network
|
jenkins
redhat
|
jenkins
openshift
|
CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitti…
|
CWE-20
Improper Input Validation
|
CVE-2016-0789
|
2024-11-21 11:42 |
2016-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276334
|
9.8 |
CRITICAL
Network
|
jenkins
redhat
|
jenkins
openshift
|
The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-0788
|
2024-11-21 11:42 |
2016-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276335
|
9.8 |
CRITICAL
Network
|
samsung
fedoraproject
|
x14j_firmware
fedora
|
Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denia…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-0729
|
2024-11-21 11:42 |
2016-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276336
|
6.1 |
MEDIUM
Network
|
apache
|
activemq
|
The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via …
|
CWE-254
7PK - Security Features
|
CVE-2016-0734
|
2024-11-21 11:42 |
2016-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276337
|
8.8 |
HIGH
Network
|
emc
|
documentum_d2
|
EMC Documentum D2 before 4.6 lacks intended ACLs for configuration objects, which allows remote authenticated users to modify objects via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2016-0888
|
2024-11-21 11:42 |
2016-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276338
|
7.5 |
HIGH
Network
|
eaton_lighting_systems
|
eg2_web_control
|
Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to read the configuration file, and consequently discover credentials, via a direct request.
|
CWE-200
Information Exposure
|
CVE-2016-0871
|
2024-11-21 11:42 |
2016-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276339
|
7.5 |
HIGH
Network
|
redhat
|
jboss_wildfly_application_server
|
Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBoss Application Server) before 10.0.0.Final on Windows allows remote attackers to read the sensit…
|
CWE-200
Information Exposure
|
CVE-2016-0793
|
2024-11-21 11:42 |
2016-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276340
|
8.1 |
HIGH
Network
|
redhat
oracle
|
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_hpc_node
icedtea7
jdk
jre
|
Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-componen…
|
NVD-CWE-noinfo
|
CVE-2016-0636
|
2024-11-21 11:42 |
2016-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
