|
265961
|
8.8 |
HIGH
Network
|
redhat
|
openshift
|
Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-3738
|
2024-11-21 11:50 |
2016-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265962
|
3.3 |
LOW
Local
|
redhat
|
openshift
openshift_origin
|
HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie.
|
CWE-200
Information Exposure
|
CVE-2016-3711
|
2024-11-21 11:50 |
2016-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265963
|
7.1 |
HIGH
Network
|
redhat
|
openshift
|
Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users t…
|
CWE-284
Improper Access Control
|
CVE-2016-3708
|
2024-11-21 11:50 |
2016-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265964
|
5.3 |
MEDIUM
Network
|
redhat
|
openshift
|
Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote …
|
CWE-284
Improper Access Control
|
CVE-2016-3703
|
2024-11-21 11:50 |
2016-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265965
|
7.5 |
HIGH
Network
|
lenovo
|
accelerator_application
|
UpdateAgent in Lenovo Accelerator Application allows man-in-the-middle attackers to execute arbitrary code by spoofing an update response from susapi.lenovomm.com.
|
CWE-20
Improper Input Validation
|
CVE-2016-3944
|
2024-11-21 11:50 |
2016-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265966
|
7.8 |
HIGH
Local
|
docker
linuxfoundation
opensuse
|
docker
runc
opensuse
|
libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric use…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-3697
|
2024-11-21 11:50 |
2016-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265967
|
7.8 |
HIGH
Local
|
huawei
|
mate_8_firmware
|
Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-3681
|
2024-11-21 11:50 |
2016-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265968
|
7.8 |
HIGH
Local
|
huawei
|
mate_8_firmware
|
Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-3680
|
2024-11-21 11:50 |
2016-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265969
|
7.4 |
HIGH
Network
|
trend_micro
|
mobile_security
|
Trend Micro Mobile Security for iOS before 3.2.1188 does not verify the X.509 certificate of the mobile application login server, which allows man-in-the-middle attackers to spoof this server and obt…
|
CWE-200
Information Exposure
|
CVE-2016-3664
|
2024-11-21 11:50 |
2016-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265970
|
5.3 |
MEDIUM
Network
|
haxx
|
curl
|
The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection…
|
CWE-20
Improper Input Validation
|
CVE-2016-3739
|
2024-11-21 11:50 |
2016-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
