|
264911
|
6.5 |
MEDIUM
Network
|
redhat
|
openshift
|
The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive pr…
|
CWE-200
Information Exposure
|
CVE-2016-5392
|
2024-11-21 11:54 |
2016-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264912
|
8.8 |
HIGH
Network
|
crestron
|
dm-txrx-100-str_firmware
|
Multiple cross-site request forgery (CSRF) vulnerabilities on Crestron Electronics DM-TXRX-100-STR devices with firmware through 1.3039.00040 allow remote attackers to hijack the authentication of ar…
|
CWE-352
Origin Validation Error
|
CVE-2016-5671
|
2024-11-21 11:54 |
2016-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264913
|
9.8 |
CRITICAL
Network
|
crestron
|
dm-txrx-100-str_firmware
|
Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access vi…
|
CWE-255
Credentials Management
|
CVE-2016-5670
|
2024-11-21 11:54 |
2016-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264914
|
9.8 |
CRITICAL
Network
|
crestron
|
dm-txrx-100-str_firmware
|
Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 use a hardcoded 0xb9eed4d955a59eb3 X.509 certificate from an OpenSSL Test Certification Authority, which makes it easier…
|
NVD-CWE-Other
|
CVE-2016-5669
|
2024-11-21 11:54 |
2016-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264915
|
9.8 |
CRITICAL
Network
|
crestron
|
dm-txrx-100-str_firmware
|
Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication and change settings via a JSON API call.
|
NVD-CWE-Other
|
CVE-2016-5668
|
2024-11-21 11:54 |
2016-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264916
|
9.8 |
CRITICAL
Network
|
crestron
|
dm-txrx-100-str_firmware
|
Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication via a direct request to a page other than index.html.
|
NVD-CWE-Other
|
CVE-2016-5667
|
2024-11-21 11:54 |
2016-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264917
|
9.8 |
CRITICAL
Network
|
crestron
|
dm-txrx-100-str_firmware
|
Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 rely on the client to perform authentication, which allows remote attackers to obtain access by setting the value of obj…
|
NVD-CWE-Other
|
CVE-2016-5666
|
2024-11-21 11:54 |
2016-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264918
|
9.8 |
CRITICAL
Network
|
crestron
|
airmedia_am-100_firmware
|
Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to execute arbitrary commands via a .. (dot dot) in t…
|
CWE-77
Command Injection
|
CVE-2016-5640
|
2024-11-21 11:54 |
2016-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264919
|
7.5 |
HIGH
Network
|
crestron
|
airmedia_am-100_firmware
|
Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the src …
|
CWE-22
Path Traversal
|
CVE-2016-5639
|
2024-11-21 11:54 |
2016-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264920
|
5.5 |
MEDIUM
Local
|
canonical
oracle
qemu
debian
redhat
|
ubuntu_linux
vm_server
linux
qemu
debian_linux
enterprise_linux_desktop
enterprise_linux_server_aus
enterprise_linux_workstation
enterprise_linux_server_tus
openstack
en…
|
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without w…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2016-5403
|
2024-11-21 11:54 |
2016-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
