2016 VULNERABILITY DATABASE

 

CVE-2015-5158

Summary: Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAP_SYS_RAWIO permissions to cause a denial of service (instance crash) via an invalid opcode in a SCSI command descriptor block.

Published: 4/11/2016 9:59:20 PM

 

CVE-2015-8710

Summary: The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment.

Published: 4/11/2016 5:59:15 PM

 

CVE-2015-8708

Summary: Stack-based buffer overflow in the conv_euctojis function in codeconv.c in Claws Mail 3.13.1 allows remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8614.

Published: 4/11/2016 5:59:14 PM

 

CVE-2015-8614

Summary: Multiple stack-based buffer overflows in the (1) conv_jistoeuc, (2) conv_euctojis, and (3) conv_sjistoeuc functions in codeconv.c in Claws Mail before 3.13.1 allow remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion.

Published: 4/11/2016 5:59:13 PM

 

CVE-2015-8604

Summary: SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in a save action.

Published: 4/11/2016 5:59:12 PM

 

CVE-2015-8399

Summary: Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.

Published: 4/11/2016 5:59:11 PM

 

CVE-2015-8398

Summary: Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.8.17 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to rest/prototype/1/session/check.

Published: 4/11/2016 5:59:10 PM

 

CVE-2015-7528

Summary: Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name.

Published: 4/11/2016 5:59:09 PM

 

CVE-2015-7502

Summary: Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users to obtain sensitive data and consequently gain privileges by leveraging access to (1) database exports or (2) log files.

Published: 4/11/2016 5:59:08 PM

 

CVE-2015-7330

Summary: Puppet Enterprise 2015.3 before 2015.3.1 allows remote attackers to bypass a host whitelist protection mechanism by leveraging the Puppet communications protocol.

Published: 4/11/2016 5:59:07 PM

 

CVE-2015-5349

Summary: The CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values, which might allow attackers to execute arbitrary commands by leveraging a crafted LDAP entry that is interpreted as a formula when imported into a spreadsheet.

Published: 4/11/2016 5:59:06 PM

 

CVE-2015-5329

Summary: The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for remote attackers to obtain access to services in deployed overclouds by leveraging knowledge of the default credentials.

Published: 4/11/2016 5:59:05 PM

 

CVE-2015-5313

Summary: Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.

Published: 4/11/2016 5:59:04 PM

 

CVE-2015-5303

Summary: The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter.

Published: 4/11/2016 5:59:03 PM

 

CVE-2015-5233

Summary: Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary hosts or (2) remote authenticated users with the destroy_reports permission to delete reports from arbitrary hosts via direct access to the (a) individual report show/delete pages or (b) APIs.

Published: 4/11/2016 5:59:01 PM

 

CVE-2014-9759

Summary: Incomplete blacklist vulnerability in the config_is_private function in config_api.php in MantisBT 1.3.x before 1.3.0 allows remote attackers to obtain sensitive master salt configuration information via a SOAP API request.

Published: 4/11/2016 5:59:00 PM

 

CVE-2016-0735

Summary: Apache Ranger 0.5.x before 0.5.2 allows remote authenticated users to bypass intended parent resource-level access restrictions by leveraging mishandling of a resource-level exclude policy.

Published: 4/11/2016 3:59:02 PM

 

CVE-2015-0266

Summary: The Policy Admin Tool in Apache Ranger before 0.5.0 allows remote authenticated users to bypass intended access restrictions via direct access to module URLs.

Published: 4/11/2016 3:59:01 PM

 

CVE-2015-0265

Summary: Cross-site scripting (XSS) vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header.

Published: 4/11/2016 3:59:00 PM

 

CVE-2016-3678

Summary: Huawei Quidway S9700, S5700, S5300, S9300, and S7700 switches with software before V200R003SPH012 allow remote attackers to cause a denial of service (switch restart) via crafted traffic.

Published: 4/11/2016 11:59:10 AM

 

 

<<< Newer  Older >>>