|
270801
|
6.1 |
MEDIUM
Network
|
juniper
|
junos
|
Insufficient cross site scripting protection in J-Web component in Juniper Networks Junos OS may potentially allow a remote unauthenticated user to inject web script or HTML and steal sensitive data …
|
CWE-79
Cross-site Scripting
|
CVE-2016-4923
|
2024-11-21 11:53 |
2017-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270802
|
7.8 |
HIGH
Local
|
juniper
|
junos
|
Certain combinations of Junos OS CLI commands and arguments have been found to be exploitable in a way that can allow unauthorized access to the operating system. This may allow any user with permiss…
|
CWE-77
Command Injection
|
CVE-2016-4922
|
2024-11-21 11:53 |
2017-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270803
|
7.5 |
HIGH
Network
|
juniper
|
junos
|
By flooding a Juniper Networks router running Junos OS with specially crafted IPv6 traffic, all available resources can be consumed, leading to the inability to store next hop information for legitim…
|
CWE-399
Resource Management Errors
|
CVE-2016-4921
|
2024-11-21 11:53 |
2017-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270804
|
5.5 |
MEDIUM
Local
|
apache
|
hadoop
|
This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. A local user on an HDFS DataNode may be able to craft …
|
CWE-200
Information Exposure
|
CVE-2016-5001
|
2024-11-21 11:53 |
2017-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270805
|
9.1 |
CRITICAL
Network
|
apache
netapp
canonical
debian
redhat
oracle
|
tomcat
snap_creator_framework
oncommand_insight
oncommand_shift
ubuntu_linux
debian_linux
enterprise_linux_desktop
enterprise_linux_workstation
jboss_enterprise_application_pl…
|
In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomca…
|
NVD-CWE-noinfo
|
CVE-2016-5018
|
2024-11-21 11:53 |
2017-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270806
|
7.0 |
HIGH
Local
|
redhat
|
satellite
|
discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in, which allows local u…
|
CWE-255
Credentials Management
|
CVE-2016-4996
|
2024-11-21 11:53 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270807
|
4.7 |
MEDIUM
Local
|
openldap
|
openldap-servers
|
/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition …
|
CWE-362
Race Condition
|
CVE-2016-4984
|
2024-11-21 11:53 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270808
|
4.7 |
MEDIUM
Local
|
teether
|
authd
|
authd sets weak permissions for /etc/ident.key, which allows local users to obtain the key by leveraging a race condition between the creation of the key, and the chmod to protect it.
|
CWE-362
Race Condition
|
CVE-2016-4982
|
2024-11-21 11:53 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270809
|
8.1 |
HIGH
Network
|
netapp
|
oncommand_system_manager
|
NetApp OnCommand System Manager before 9.0 allows remote attackers to obtain sensitive credentials via vectors related to cluster peering setup.
|
CWE-200
Information Exposure
|
CVE-2016-5045
|
2024-11-21 11:53 |
2017-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270810
|
4.3 |
MEDIUM
Network
|
cybozu
|
garoon
|
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors.
|
CWE-284
Improper Access Control
|
CVE-2016-4910
|
2024-11-21 11:53 |
2017-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
