|
272521
|
5.3 |
MEDIUM
Network
|
haxx
|
curl
|
The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection…
|
CWE-20
Improper Input Validation
|
CVE-2016-3739
|
2024-11-21 11:50 |
2016-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272522
|
8.8 |
HIGH
Network
|
theforeman
|
foreman
|
Eval injection vulnerability in tftp_api.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.2 allows remote attackers to execute arbitrary code via the PXE templ…
|
CWE-284
Improper Access Control
|
CVE-2016-3728
|
2024-11-21 11:50 |
2016-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272523
|
8.1 |
HIGH
Network
|
safemode_project
|
safemode
|
The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method.
|
CWE-264
CWE-200
Permissions, Privileges, and Access Controls
Information Exposure
|
CVE-2016-3693
|
2024-11-21 11:50 |
2016-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272524
|
4.3 |
MEDIUM
Network
|
jenkins
redhat
|
jenkins
openshift
|
The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information …
|
CWE-200
Information Exposure
|
CVE-2016-3727
|
2024-11-21 11:50 |
2016-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272525
|
7.4 |
HIGH
Network
|
jenkins
redhat
|
jenkins
openshift
|
Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vector…
|
NVD-CWE-Other
|
CVE-2016-3726
|
2024-11-21 11:50 |
2016-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272526
|
4.3 |
MEDIUM
Network
|
jenkins
redhat
|
jenkins
openshift
|
Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined wit…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-3725
|
2024-11-21 11:50 |
2016-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272527
|
6.5 |
MEDIUM
Network
|
redhat
jenkins
|
openshift
jenkins
|
Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration.
|
CWE-200
Information Exposure
|
CVE-2016-3724
|
2024-11-21 11:50 |
2016-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272528
|
4.3 |
MEDIUM
Network
|
jenkins
redhat
|
jenkins
openshift
|
Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified…
|
CWE-200
Information Exposure
|
CVE-2016-3723
|
2024-11-21 11:50 |
2016-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272529
|
4.3 |
MEDIUM
Network
|
jenkins
redhat
|
jenkins
openshift
|
Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the "full name."
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-3722
|
2024-11-21 11:50 |
2016-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272530
|
6.5 |
MEDIUM
Network
|
redhat
jenkins
|
openshift
jenkins
|
Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables.
|
CWE-17
Code
|
CVE-2016-3721
|
2024-11-21 11:50 |
2016-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
