|
264721
|
7.8 |
HIGH
Local
|
clusterlabs
redhat
|
pacemaker
enterprise_linux_server
enterprise_linux_server_eus
|
An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for…
|
CWE-285
Improper Authorization
|
CVE-2016-7035
|
2024-11-21 11:57 |
2018-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264722
|
4.3 |
MEDIUM
Network
|
theforeman
|
foreman
|
foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. When a user is assigned _no_ organizations/locations, they are able to view all resourc…
|
CWE-200
Information Exposure
|
CVE-2016-7078
|
2024-11-21 11:57 |
2018-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264723
|
4.3 |
MEDIUM
Network
|
theforeman
|
foreman
|
foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if…
|
CWE-200
Information Exposure
|
CVE-2016-7077
|
2024-11-21 11:57 |
2018-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264724
|
8.8 |
HIGH
Network
|
redhat
|
cloudforms_management_engine
cloudforms
|
It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arb…
|
CWE-285
Improper Authorization
|
CVE-2016-7071
|
2024-11-21 11:57 |
2018-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264725
|
8.1 |
HIGH
Network
|
kubernetes
redhat
|
kubernetes
openshift
|
It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authenticat…
|
-
|
CVE-2016-7075
|
2024-11-21 11:57 |
2018-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264726
|
6.5 |
MEDIUM
Network
|
mmonit
|
monit
|
Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host or disable/ena…
|
CWE-352
Origin Validation Error
|
CVE-2016-7067
|
2024-11-21 11:57 |
2018-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264727
|
8.1 |
HIGH
Network
|
postgresql
|
postgresql
|
The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 might allow remote attackers to execute arbitrary code by leveraging use of HTTP to download softwar…
|
CWE-284
Improper Access Control
|
CVE-2016-7048
|
2024-11-21 11:57 |
2018-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264728
|
7.8 |
HIGH
Local
|
sudo_project
|
sudo
|
sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user per…
|
CWE-77
Command Injection
|
CVE-2016-7076
|
2024-11-21 11:57 |
2018-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264729
|
6.1 |
MEDIUM
Network
|
tiki
|
tikiwiki_cms\/groupware
|
tiki wiki cms groupware <=15.2 has a xss vulnerability, allow attackers steal user's cookie.
|
CWE-79
Cross-site Scripting
|
CVE-2016-7394
|
2024-11-21 11:57 |
2018-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264730
|
7.8 |
HIGH
Local
|
ui
|
unifi_video
|
Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file.
|
CWE-276
Incorrect Default Permissions
|
CVE-2016-6914
|
2024-11-21 11:57 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
