|
270391
|
9.1 |
CRITICAL
Network
|
apache
netapp
canonical
debian
redhat
oracle
|
tomcat
snap_creator_framework
oncommand_insight
oncommand_shift
ubuntu_linux
debian_linux
enterprise_linux_desktop
enterprise_linux_workstation
jboss_enterprise_application_pl…
|
In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomca…
|
NVD-CWE-noinfo
|
CVE-2016-5018
|
2024-11-21 11:53 |
2017-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270392
|
7.0 |
HIGH
Local
|
redhat
|
satellite
|
discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in, which allows local u…
|
CWE-255
Credentials Management
|
CVE-2016-4996
|
2024-11-21 11:53 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270393
|
4.7 |
MEDIUM
Local
|
openldap
|
openldap-servers
|
/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition …
|
CWE-362
Race Condition
|
CVE-2016-4984
|
2024-11-21 11:53 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270394
|
4.7 |
MEDIUM
Local
|
teether
|
authd
|
authd sets weak permissions for /etc/ident.key, which allows local users to obtain the key by leveraging a race condition between the creation of the key, and the chmod to protect it.
|
CWE-362
Race Condition
|
CVE-2016-4982
|
2024-11-21 11:53 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270395
|
8.1 |
HIGH
Network
|
netapp
|
oncommand_system_manager
|
NetApp OnCommand System Manager before 9.0 allows remote attackers to obtain sensitive credentials via vectors related to cluster peering setup.
|
CWE-200
Information Exposure
|
CVE-2016-5045
|
2024-11-21 11:53 |
2017-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270396
|
4.3 |
MEDIUM
Network
|
cybozu
|
garoon
|
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors.
|
CWE-284
Improper Access Control
|
CVE-2016-4910
|
2024-11-21 11:53 |
2017-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270397
|
4.3 |
MEDIUM
Network
|
cybozu
|
garoon
|
Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors.
|
CWE-352
Origin Validation Error
|
CVE-2016-4909
|
2024-11-21 11:53 |
2017-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270398
|
4.3 |
MEDIUM
Network
|
cybozu
|
garoon
|
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors.
|
CWE-284
Improper Access Control
|
CVE-2016-4908
|
2024-11-21 11:53 |
2017-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270399
|
8.8 |
HIGH
Network
|
cybozu
|
garoon
|
Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.
|
CWE-352
Origin Validation Error
|
CVE-2016-4907
|
2024-11-21 11:53 |
2017-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270400
|
6.1 |
MEDIUM
Network
|
cybozu
|
garoon
|
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via "Messages" function of Cybozu Garoon Keitai.
|
CWE-79
Cross-site Scripting
|
CVE-2016-4906
|
2024-11-21 11:53 |
2017-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
