|
265411
|
7.5 |
HIGH
Network
|
lenovo
|
lenovo_service_bridge
|
In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificat…
|
CWE-295
Improper Certificate Validation
|
CVE-2016-8231
|
2024-11-21 11:59 |
2017-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265412
|
7.5 |
HIGH
Network
|
lenovo
|
lenovo_service_bridge
|
In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers.
|
CWE-200
Information Exposure
|
CVE-2016-8230
|
2024-11-21 11:59 |
2017-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265413
|
8.8 |
HIGH
Network
|
lenovo
|
lenovo_service_bridge
|
A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed.
|
CWE-352
Origin Validation Error
|
CVE-2016-8229
|
2024-11-21 11:59 |
2017-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265414
|
7.8 |
HIGH
Local
|
lenovo
|
lenovo_service_bridge
|
In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-8228
|
2024-11-21 11:59 |
2017-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265415
|
7.5 |
HIGH
Network
|
apache
|
qpid_broker-j
|
The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 Authenticat…
|
CWE-200
Information Exposure
|
CVE-2016-8741
|
2024-11-21 11:59 |
2017-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265416
|
9.1 |
CRITICAL
Network
|
linuxcontainers
|
lxc
|
lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's f…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-8649
|
2024-11-21 11:59 |
2017-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265417
|
8.8 |
HIGH
Network
|
trendmicro
|
threat_discovery_appliance
|
Directory traversal vulnerability in upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via a .. (dot dot) in the …
|
CWE-22
Path Traversal
|
CVE-2016-8593
|
2024-11-21 11:59 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265418
|
8.8 |
HIGH
Network
|
trendmicro
|
threat_discovery_appliance
|
log_query_system.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cach…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-8592
|
2024-11-21 11:59 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265419
|
8.8 |
HIGH
Network
|
trendmicro
|
threat_discovery_appliance
|
log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id pa…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-8591
|
2024-11-21 11:59 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265420
|
8.8 |
HIGH
Network
|
trendmicro
|
threat_discovery_appliance
|
log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_i…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-8590
|
2024-11-21 11:59 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
