|
266401
|
4.3 |
MEDIUM
Network
|
redhat
|
cloudforms
cloudforms_management_engine
|
A flaw was found in the CloudForms API before 5.6.3.0, 5.7.3.1 and 5.8.1.2. A user with permissions to use the MiqReportResults capability within the API could potentially view data from other tenant…
|
CWE-200
Information Exposure
|
CVE-2016-7047
|
2024-11-21 11:57 |
2018-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266402
|
7.5 |
HIGH
Network
|
powerdns
debian
|
authoritative
debian_linux
|
An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2016-7072
|
2024-11-21 11:57 |
2018-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266403
|
6.5 |
MEDIUM
Network
|
redhat
|
jboss_enterprise_application_platform
|
An information disclosure vulnerability was found in JBoss Enterprise Application Platform before 7.0.4. It was discovered that when configuring RBAC and marking information as sensitive, users with …
|
CWE-200
Information Exposure
|
CVE-2016-7061
|
2024-11-21 11:57 |
2018-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266404
|
5.5 |
MEDIUM
Local
|
openssl
debian
redhat
canonical
|
openssl
debian_linux
enterprise_linux
ubuntu_linux
|
A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.
|
-
|
CVE-2016-7056
|
2024-11-21 11:57 |
2018-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266405
|
6.5 |
MEDIUM
Network
|
redhat
|
jboss_drools
jboss_brms
|
Drools Workbench contains a path traversal vulnerability. The vulnerability allows a remote, authenticated attacker to bypass the directory restrictions and retrieve arbitrary files from the affected…
|
-
|
CVE-2016-7041
|
2024-11-21 11:57 |
2018-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266406
|
7.8 |
HIGH
Local
|
clusterlabs
redhat
|
pacemaker
enterprise_linux_server
enterprise_linux_server_eus
|
An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for…
|
CWE-285
Improper Authorization
|
CVE-2016-7035
|
2024-11-21 11:57 |
2018-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266407
|
4.3 |
MEDIUM
Network
|
theforeman
|
foreman
|
foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. When a user is assigned _no_ organizations/locations, they are able to view all resourc…
|
CWE-200
Information Exposure
|
CVE-2016-7078
|
2024-11-21 11:57 |
2018-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266408
|
4.3 |
MEDIUM
Network
|
theforeman
|
foreman
|
foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if…
|
CWE-200
Information Exposure
|
CVE-2016-7077
|
2024-11-21 11:57 |
2018-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266409
|
8.8 |
HIGH
Network
|
redhat
|
cloudforms_management_engine
cloudforms
|
It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arb…
|
CWE-285
Improper Authorization
|
CVE-2016-7071
|
2024-11-21 11:57 |
2018-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266410
|
8.1 |
HIGH
Network
|
kubernetes
redhat
|
kubernetes
openshift
|
It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authenticat…
|
-
|
CVE-2016-7075
|
2024-11-21 11:57 |
2018-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
