|
266601
|
4.3 |
MEDIUM
Network
|
huawei
|
document_security_management
|
The permission control module in Huawei Document Security Management (aka DSM) before V100R002C05SPC670 allows remote authenticated users to obtain sensitive information from encrypted documents by l…
|
CWE-275
Permission Issues
|
CVE-2016-2406
|
2024-11-21 11:48 |
2017-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266602
|
7.8 |
HIGH
Local
|
ibm
|
qradar_security_information_and_event_manager
|
IBM QRadar 7.2 stores the encryption key used to encrypt the service account password which can be obtained by a local user. IBM Reference #: 1997340.
|
CWE-320
Key Management Errors
|
CVE-2016-2880
|
2024-11-21 11:48 |
2017-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266603
|
7.8 |
HIGH
Local
|
ibm
|
qradar_security_information_and_event_manager
|
IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials. IBM Reference #: 1997341.
|
CWE-326
Inadequate Encryption Strength
|
CVE-2016-2879
|
2024-11-21 11:48 |
2017-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266604
|
7.8 |
HIGH
Local
|
gnu
|
libiberty
|
Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.
|
CWE-119
CWE-190
Incorrect Access of Indexable Resource ('Range Error')
Integer Overflow or Wraparound
|
CVE-2016-2226
|
2024-11-21 11:48 |
2017-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266605
|
6.1 |
MEDIUM
Network
|
adcon_telemetry
|
a850_telemetry_gateway_base_station_firmware
|
An issue was discovered in Adcon Telemetry A850 Telemetry Gateway Base Station. The Web Interface does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the out…
|
CWE-79
Cross-site Scripting
|
CVE-2016-2274
|
2024-11-21 11:48 |
2017-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266606
|
9.8 |
CRITICAL
Network
|
puppet
|
marionette_collective
puppet_enterprise
|
MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command.
|
CWE-284
Improper Access Control
|
CVE-2016-2788
|
2024-11-21 11:48 |
2017-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266607
|
5.3 |
MEDIUM
Network
|
puppetlabs
puppet
|
puppet_enterprise
|
The Puppet Communications Protocol in Puppet Enterprise 2015.3.x before 2015.3.3 does not properly validate certificates for the broker node, which allows remote non-whitelisted hosts to prevent runs…
|
CWE-284
Improper Access Control
|
CVE-2016-2787
|
2024-11-21 11:48 |
2017-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266608
|
7.8 |
HIGH
Local
|
freedesktop
redhat
|
polkit
enterprise_linux
|
pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2016-2568
|
2024-11-21 11:48 |
2017-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266609
|
4.3 |
MEDIUM
Network
|
ibm
|
rational_collaborative_lifecycle_management
|
An unspecified vulnerability in IBM Jazz Team Server may disclose some deployment information to an authenticated user.
|
CWE-200
Information Exposure
|
CVE-2016-2866
|
2024-11-21 11:48 |
2017-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266610
|
9.8 |
CRITICAL
Network
|
sensiolabs
|
symfony
|
Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind.
|
CWE-287
Improper Authentication
|
CVE-2016-2403
|
2024-11-21 11:48 |
2017-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
