|
265571
|
8.8 |
HIGH
Network
|
redhat
|
cloudforms
|
ManageIQ in CloudForms before 4.1 allows remote authenticated users to execute arbitrary code.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-4471
|
2024-11-21 11:52 |
2017-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265572
|
7.5 |
HIGH
Network
|
redhat
|
cloudforms_management_engine
|
CloudForms Management Engine before 5.8 includes a default SSL/TLS certificate.
|
CWE-310
Cryptographic Issues
|
CVE-2016-4457
|
2024-11-21 11:52 |
2017-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265573
|
9.0 |
CRITICAL
Network
|
pivotal
|
bosh_stemcell
|
An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attac…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-4435
|
2024-11-21 11:52 |
2017-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265574
|
5.9 |
MEDIUM
Network
|
apache
|
qpid_proton
|
The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name …
|
CWE-295
Improper Certificate Validation
|
CVE-2016-4467
|
2024-11-21 11:52 |
2017-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265575
|
5.3 |
MEDIUM
Network
|
miniprofiler
|
rack-mini-profiler
|
The rack-mini-profiler gem before 0.10.1 for Ruby allows remote attackers to obtain sensitive information about allocated strings and objects by leveraging incorrect ordering of security checks.
|
CWE-200
Information Exposure
|
CVE-2016-4442
|
2024-11-21 11:52 |
2017-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265576
|
7.8 |
HIGH
Local
|
apple
|
iphone_os
mac_os_x
tvos
|
Heap-based buffer overflow in IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-4650
|
2024-11-21 11:52 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265577
|
3.3 |
LOW
Local
|
redhat
|
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_hpc_node
subscription-manager
|
The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain se…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-4455
|
2024-11-21 11:52 |
2017-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265578
|
7.5 |
HIGH
Network
|
redhat
|
mod_cluster
enterprise_linux
|
Stack-based buffer overflow in native/mod_manager/node.c in mod_cluster 1.2.9.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-4459
|
2024-11-21 11:52 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265579
|
7.0 |
HIGH
Local
|
setroubleshoot_project
redhat
|
setroubleshoot
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_hpc_node
|
The allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput fun…
|
CWE-77
Command Injection
|
CVE-2016-4446
|
2024-11-21 11:52 |
2017-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265580
|
7.0 |
HIGH
Local
|
setroubleshoot_project
redhat
|
setroubleshoot
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_hpc_node
|
The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to exe…
|
CWE-77
Command Injection
|
CVE-2016-4445
|
2024-11-21 11:52 |
2017-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
