|
267321
|
8.8 |
HIGH
Network
|
theforeman
|
foreman
|
Eval injection vulnerability in tftp_api.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.2 allows remote attackers to execute arbitrary code via the PXE templ…
|
CWE-284
Improper Access Control
|
CVE-2016-3728
|
2024-11-21 11:50 |
2016-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267322
|
8.1 |
HIGH
Network
|
safemode_project
|
safemode
|
The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method.
|
CWE-264
CWE-200
Permissions, Privileges, and Access Controls
Information Exposure
|
CVE-2016-3693
|
2024-11-21 11:50 |
2016-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267323
|
4.3 |
MEDIUM
Network
|
jenkins
redhat
|
jenkins
openshift
|
The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information …
|
CWE-200
Information Exposure
|
CVE-2016-3727
|
2024-11-21 11:50 |
2016-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267324
|
7.4 |
HIGH
Network
|
jenkins
redhat
|
jenkins
openshift
|
Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vector…
|
NVD-CWE-Other
|
CVE-2016-3726
|
2024-11-21 11:50 |
2016-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267325
|
4.3 |
MEDIUM
Network
|
jenkins
redhat
|
jenkins
openshift
|
Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined wit…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-3725
|
2024-11-21 11:50 |
2016-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267326
|
6.5 |
MEDIUM
Network
|
redhat
jenkins
|
openshift
jenkins
|
Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration.
|
CWE-200
Information Exposure
|
CVE-2016-3724
|
2024-11-21 11:50 |
2016-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267327
|
4.3 |
MEDIUM
Network
|
jenkins
redhat
|
jenkins
openshift
|
Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified…
|
CWE-200
Information Exposure
|
CVE-2016-3723
|
2024-11-21 11:50 |
2016-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267328
|
4.3 |
MEDIUM
Network
|
jenkins
redhat
|
jenkins
openshift
|
Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the "full name."
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-3722
|
2024-11-21 11:50 |
2016-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267329
|
6.5 |
MEDIUM
Network
|
redhat
jenkins
|
openshift
jenkins
|
Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables.
|
CWE-17
Code
|
CVE-2016-3721
|
2024-11-21 11:50 |
2016-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267330
|
7.5 |
HIGH
Network
|
canonical
xmlsoft
debian
hp
opensuse
|
ubuntu_linux
libxml2
debian_linux
icewall_file_manager
icewall_federation_agent
leap
|
The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to caus…
|
CWE-20
Improper Input Validation
|
CVE-2016-3705
|
2024-11-21 11:50 |
2016-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
