|
264891
|
6.8 |
MEDIUM
Physics
|
redhat
|
enterprise_virtualization
|
ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restric…
|
CWE-284
Improper Access Control
|
CVE-2016-6338
|
2024-11-21 11:55 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264892
|
7.5 |
HIGH
Network
|
mediawiki
|
mediawiki
|
MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights.
|
CWE-284
Improper Access Control
|
CVE-2016-6337
|
2024-11-21 11:55 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264893
|
6.5 |
MEDIUM
Network
|
mediawiki
|
mediawiki
|
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restriction…
|
CWE-284
Improper Access Control
|
CVE-2016-6336
|
2024-11-21 11:55 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264894
|
7.5 |
HIGH
Network
|
mediawiki
|
mediawiki
|
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information vi…
|
CWE-200
Information Exposure
|
CVE-2016-6335
|
2024-11-21 11:55 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264895
|
6.1 |
MEDIUM
Network
|
mediawiki
|
mediawiki
|
Cross-site scripting (XSS) vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbi…
|
CWE-79
Cross-site Scripting
|
CVE-2016-6334
|
2024-11-21 11:55 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264896
|
6.1 |
MEDIUM
Network
|
mediawiki
|
mediawiki
|
Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrar…
|
CWE-79
Cross-site Scripting
|
CVE-2016-6333
|
2024-11-21 11:55 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264897
|
7.5 |
HIGH
Network
|
mediawiki
|
mediawiki
|
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin is true, might allow remote attackers to obtain sensitive information by leveraging failure to ter…
|
CWE-200
Information Exposure
|
CVE-2016-6332
|
2024-11-21 11:55 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264898
|
7.5 |
HIGH
Network
|
mediawiki
|
mediawiki
|
ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to bypass intended per-title read restrictions via a parse action to api.php.
|
CWE-284
Improper Access Control
|
CVE-2016-6331
|
2024-11-21 11:55 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264899
|
7.8 |
HIGH
Local
|
fedoraproject
mock_project
|
fedora
scm_plugin
|
The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-6299
|
2024-11-21 11:55 |
2017-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264900
|
9.8 |
CRITICAL
Network
|
sap
|
hana
|
SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involving the audit logs, aka SAP Security Note 2170806.
|
CWE-284
Improper Access Control
|
CVE-2016-6143
|
2024-11-21 11:55 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
