|
269151
|
8.8 |
HIGH
Network
|
juniper
|
junos_space
|
Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code as a root user.
|
CWE-77
Command Injection
|
CVE-2016-4929
|
2024-11-21 11:53 |
2017-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269152
|
8.8 |
HIGH
Network
|
juniper
|
junos_space
|
Cross site request forgery vulnerability in Junos Space before 15.2R2 allows remote attackers to perform certain administrative actions on Junos Space.
|
CWE-352
Origin Validation Error
|
CVE-2016-4928
|
2024-11-21 11:53 |
2017-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269153
|
8.1 |
HIGH
Network
|
juniper
|
junos_space
|
Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle (MITM) type of attacks while a Space device is communicating with managed devices.
|
CWE-20
Improper Input Validation
|
CVE-2016-4927
|
2024-11-21 11:53 |
2017-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269154
|
9.8 |
CRITICAL
Network
|
juniper
|
junos_space
|
Insufficient authentication vulnerability in Junos Space before 15.2R2 allows remote network based users with access to Junos Space web interface to perform certain administrative tasks without authe…
|
CWE-287
Improper Authentication
|
CVE-2016-4926
|
2024-11-21 11:53 |
2017-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269155
|
9.8 |
CRITICAL
Network
|
imagemagick
|
imagemagick
|
The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors.
|
CWE-284
Improper Access Control
|
CVE-2016-5239
|
2024-11-21 11:53 |
2017-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269156
|
7.5 |
HIGH
Network
|
cloudera
|
manager
|
Cloudera Manager 5.5 and earlier allows remote attackers to enumerate user sessions via a request to /api/v11/users/sessions.
|
CWE-200
Information Exposure
|
CVE-2016-4950
|
2024-11-21 11:53 |
2017-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269157
|
7.5 |
HIGH
Network
|
cloudera
|
manager
|
Cloudera Manager 5.5 and earlier allows remote attackers to obtain sensitive information via a (1) stderr.log or (2) stdout.log value in the filename parameter to /cmf/process/<process_id>/logs.
|
CWE-200
Information Exposure
|
CVE-2016-4949
|
2024-11-21 11:53 |
2017-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269158
|
6.1 |
MEDIUM
Network
|
cloudera
|
manager
|
Multiple cross-site scripting (XSS) vulnerabilities in Cloudera Manager 5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Template Name field when renaming a t…
|
CWE-79
Cross-site Scripting
|
CVE-2016-4948
|
2024-11-21 11:53 |
2017-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269159
|
5.3 |
MEDIUM
Network
|
cloudera
|
hue
|
Cloudera HUE 3.9.0 and earlier allows remote attackers to enumerate user accounts via a request to desktop/api/users/autocomplete.
|
CWE-200
Information Exposure
|
CVE-2016-4947
|
2024-11-21 11:53 |
2017-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269160
|
6.1 |
MEDIUM
Network
|
cloudera
|
hue
|
Multiple cross-site scripting (XSS) vulnerabilities in Cloudera HUE 3.9.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name or (2) Last name field in th…
|
CWE-79
Cross-site Scripting
|
CVE-2016-4946
|
2024-11-21 11:53 |
2017-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
