|
268721
|
7.5 |
HIGH
Network
|
docker
|
docker
|
Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or m…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-8867
|
2024-11-21 12:00 |
2016-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268722
|
6.1 |
MEDIUM
Network
|
hp
|
airwave
|
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerability is present in the VisualRF component of AirWave. By exploiting …
|
CWE-79
Cross-site Scripting
|
CVE-2016-8527
|
2024-11-21 11:59 |
2018-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268723
|
8.8 |
HIGH
Network
|
hp
|
airwave
|
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities (XXE). XXEs are a way to permit XML parsers to access storage that exist on external systems. If…
|
CWE-611
XXE
|
CVE-2016-8526
|
2024-11-21 11:59 |
2018-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268724
|
9.1 |
CRITICAL
Network
|
pycsw
|
pycsw
|
A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5 and 1.8.6 that leads to read and extract of any data from any table in the pycsw database that the database user has access to…
|
CWE-89
SQL Injection
|
CVE-2016-8640
|
2024-11-21 11:59 |
2018-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268725
|
8.1 |
HIGH
Network
|
redhat
|
keycloak
|
It was found that the keycloak before 2.3.0 did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack the user's session…
|
CWE-287
Improper Authentication
|
CVE-2016-8609
|
2024-11-21 11:59 |
2018-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268726
|
7.8 |
HIGH
Local
|
jasper_project
redhat
debian
|
jasper
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
debian_linux
enterprise_linux_server_aus
enterprise_linux_server_eus
|
A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-8654
|
2024-11-21 11:59 |
2018-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268727
|
3.5 |
LOW
Adjacent
|
redhat
|
openshift
openshift_container_platform
|
An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access …
|
-
|
CVE-2016-8651
|
2024-11-21 11:59 |
2018-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268728
|
5.3 |
MEDIUM
Network
|
redhat
|
jboss_a-mq
jboss_fuse
|
It was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Hat A-MQ 6 deserializes the credentials passed to it. An attacker could use this flaw to launch a denial of service attack.
|
-
|
CVE-2016-8653
|
2024-11-21 11:59 |
2018-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268729
|
7.2 |
HIGH
Network
|
redhat
|
jboss_a-mq
jboss_fuse
|
It was found that the Karaf container used by Red Hat JBoss Fuse 6.x, and Red Hat JBoss A-MQ 6.x, deserializes objects passed to MBeans via JMX operations. An attacker could use this flaw to execute …
|
-
|
CVE-2016-8648
|
2024-11-21 11:59 |
2018-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268730
|
7.8 |
HIGH
Local
|
nagios
|
nagios
|
A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the loca…
|
-
|
CVE-2016-8641
|
2024-11-21 11:59 |
2018-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
