|
268121
|
4.8 |
MEDIUM
Network
|
apache
|
ranger
|
Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal us…
|
CWE-79
Cross-site Scripting
|
CVE-2016-8751
|
2024-11-21 11:59 |
2017-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268122
|
5.9 |
MEDIUM
Network
|
apache
|
ranger
|
Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has recursion flag set to true.
|
CWE-426
Untrusted Search Path
|
CVE-2016-8746
|
2024-11-21 11:59 |
2017-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268123
|
6.5 |
MEDIUM
Network
|
cloudfoundry
|
capi-release
cf-release
|
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to 250 and CAPI-release versions prior to 1.12.0. A user with the SpaceAuditor role is over-privileged with the ability t…
|
CWE-269
Improper Privilege Management
|
CVE-2016-8219
|
2024-11-21 11:59 |
2017-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268124
|
9.8 |
CRITICAL
Network
|
cloudfoundry
|
cf-release
routing-release
|
An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token (JWT) libraries can all…
|
CWE-20
Improper Input Validation
|
CVE-2016-8218
|
2024-11-21 11:59 |
2017-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268125
|
7.5 |
HIGH
Network
|
lenovo
|
lenovo_service_bridge
|
In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificat…
|
CWE-295
Improper Certificate Validation
|
CVE-2016-8231
|
2024-11-21 11:59 |
2017-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268126
|
7.5 |
HIGH
Network
|
lenovo
|
lenovo_service_bridge
|
In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers.
|
CWE-200
Information Exposure
|
CVE-2016-8230
|
2024-11-21 11:59 |
2017-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268127
|
8.8 |
HIGH
Network
|
lenovo
|
lenovo_service_bridge
|
A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed.
|
CWE-352
Origin Validation Error
|
CVE-2016-8229
|
2024-11-21 11:59 |
2017-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268128
|
7.8 |
HIGH
Local
|
lenovo
|
lenovo_service_bridge
|
In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-8228
|
2024-11-21 11:59 |
2017-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268129
|
7.5 |
HIGH
Network
|
apache
|
qpid_broker-j
|
The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 Authenticat…
|
CWE-200
Information Exposure
|
CVE-2016-8741
|
2024-11-21 11:59 |
2017-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268130
|
9.1 |
CRITICAL
Network
|
linuxcontainers
|
lxc
|
lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's f…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-8649
|
2024-11-21 11:59 |
2017-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
