The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2016-8656 | Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to an unsafe file handling in the jboss init script which could result in local privilege escalation. | MEDIUM | May 23, 2018 |
CVE-2016-8655 | Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions. | HIGH | Dec 8, 2016 |
CVE-2016-8654 | A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected. | MEDIUM | Aug 2, 2018 |
CVE-2016-8653 | It was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Hat A-MQ 6 deserializes the credentials passed to it. An attacker could use this flaw to launch a denial of service attack. | MEDIUM | Aug 2, 2018 |
CVE-2016-8652 | The auth component in Dovecot before 2.2.27, when auth-policy is configured, allows a remote attackers to cause a denial of service (crash) by aborting authentication without setting a username. | MEDIUM | Feb 22, 2017 |
CVE-2016-8651 | An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image. | LOW | Aug 2, 2018 |
CVE-2016-8650 | The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent. | MEDIUM | Nov 28, 2016 |
CVE-2016-8649 | lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host\'s /proc, to access the rest of the host\'s filesystem via the openat() family of syscalls. | HIGH | May 1, 2017 |
CVE-2016-8648 | It was found that the Karaf container used by Red Hat JBoss Fuse 6.x, and Red Hat JBoss A-MQ 6.x, deserializes objects passed to MBeans via JMX operations. An attacker could use this flaw to execute remote code on the server as the user running the Java Virtual Machine if the target MBean contain deserialization gadgets in its classpath. | MEDIUM | Aug 2, 2018 |
CVE-2016-8647 | An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed. | MEDIUM | Jul 26, 2018 |
CVE-2016-8646 | The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data. | MEDIUM | Nov 28, 2016 |
CVE-2016-8645 | It was discovered that the Linux kernel, from at least v4.0 until v4.9-rc1, can hit BUG() statement in tcp_collapse() function after making a number of certain syscalls leading to a possible system crash. | MEDIUM | Nov 10, 2016 |
CVE-2016-8644 | In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context. | MEDIUM | Jan 25, 2017 |
CVE-2016-8643 | In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services. | MEDIUM | Jan 25, 2017 |
CVE-2016-8642 | In Moodle 2.x and 3.x, the question engine allows access to files that should not be available. | MEDIUM | Jan 25, 2017 |
CVE-2016-8641 | A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change. | HIGH | Aug 2, 2018 |
CVE-2016-8640 | A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5 and 1.8.6 that leads to read and extract of any data from any table in the pycsw database that the database user has access to. Also on PostgreSQL (at least) it is possible to perform updates/inserts/deletes and database modifications to any table the database user has access to. | HIGH | Aug 2, 2018 |
CVE-2016-8639 | It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the web interface. | LOW | Aug 2, 2018 |
CVE-2016-8638 | A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. | MEDIUM | Jul 12, 2017 |
CVE-2016-8637 | A local information disclosure issue was found in dracut before 045 when generating initramfs images with world-readable permissions when \'early cpio\' is used, such as when including microcode updates. Local attacker can use this to obtain sensitive information from these files, such as encryption keys or credentials. | LOW | Aug 2, 2018 |
CVE-2016-8636 | Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel before 4.9.10 allows local users to cause a denial of service (memory corruption), obtain sensitive information from kernel memory, or possibly have unspecified other impact via a write or read request involving the RDMA protocol over infiniband (aka Soft RoCE) technology. | HIGH | Feb 23, 2017 |
CVE-2016-8635 | It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. | MEDIUM | Aug 2, 2018 |
CVE-2016-8634 | A vulnerability was found in foreman 1.14.0. When creating an organization or location in Foreman, if the name contains HTML then the second step of the wizard (/organizations/id/step2) will render the HTML. This occurs in the alertbox on the page. The result is a stored XSS attack if an organization/location with HTML in the name is created, then a user is linked directly to this URL. | LOW | Aug 2, 2018 |
CVE-2016-8633 | drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets. | MEDIUM | Nov 28, 2016 |
CVE-2016-8632 | The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability. | HIGH | Nov 28, 2016 |
CVE-2016-8631 | The OpenShift Enterprise 3 router does not properly sort routes when processing newly added routes. An attacker with access to create routes can potentially overwrite existing routes and redirect network traffic for other users to their own site. | MEDIUM | Aug 1, 2018 |
CVE-2016-8630 | The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M byte in an undefined instruction. | MEDIUM | Nov 28, 2016 |
CVE-2016-8629 | Red Hat Keycloak before version 2.4.0 did not correctly check permissions when handling service account user deletion requests sent to the rest server. An attacker with service account authentication could use this flaw to bypass normal permissions and delete users in a separate realm. | MEDIUM | Mar 12, 2018 |
CVE-2016-8628 | Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as. | HIGH | Aug 1, 2018 |
CVE-2016-8627 | admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired. | MEDIUM | May 12, 2018 |
CVE-2016-8626 | A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests. | MEDIUM | Aug 1, 2018 |
CVE-2016-8625 | curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host. | MEDIUM | Nov 11, 2016 |
CVE-2016-8624 | curl before version 7.51.0 doesn\'t parse the authority component of the URL correctly when the host name part ends with a \'#\' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them. | MEDIUM | Nov 11, 2016 |
CVE-2016-8623 | A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure. | MEDIUM | Nov 11, 2016 |
CVE-2016-8622 | The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer. | HIGH | Nov 11, 2016 |
CVE-2016-8621 | The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short. | MEDIUM | Nov 11, 2016 |
CVE-2016-8620 | The \'globbing\' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input. | HIGH | Nov 11, 2016 |
CVE-2016-8619 | The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free. | HIGH | Nov 11, 2016 |
CVE-2016-8618 | The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables. | HIGH | Nov 11, 2016 |
CVE-2016-8617 | The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`. | MEDIUM | Nov 11, 2016 |
CVE-2016-8616 | A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password. | MEDIUM | Nov 11, 2016 |
CVE-2016-8615 | A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar. | MEDIUM | Nov 11, 2016 |
CVE-2016-8614 | A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key. | MEDIUM | Aug 1, 2018 |
CVE-2016-8613 | A flaw was found in foreman 1.5.1. The remote execution plugin runs commands on hosts over SSH from the Foreman web UI. When a job is submitted that contains HTML tags, the console output shown in the web UI does not escape the output causing any HTML or JavaScript to run in the user's browser. The output of the job is stored, making this a stored XSS vulnerability. | MEDIUM | Aug 1, 2018 |
CVE-2016-8612 | Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process. | LOW | Mar 10, 2018 |
CVE-2016-8611 | A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 `/images` API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation. | MEDIUM | Aug 2, 2018 |
CVE-2016-8610 | A denial of service flaw was found in the way the SSL/TLS protocol, defined processing of ALERT packets during an SSL handshake. An attacker could use this flaw to DoS servers compiled against cryptographic libraries, which do not allocate an extra thread to process ClientHello packets. | MEDIUM | Nov 11, 2016 |
CVE-2016-8609 | It was found that the keycloak before 2.3.0 did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack the user's session. This could lead to information disclosure, or permit further possible attacks. | MEDIUM | Aug 2, 2018 |
CVE-2016-8608 | JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via business process editor. The flaw is due to an incomplete fix for CVE-2016-5398. Remote, authenticated attackers that have privileges to create business processes can store scripts in them, which are not properly sanitized before showing to other users, including admins. | LOW | Aug 2, 2018 |
CVE-2016-8606 | The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack. | HIGH | Jan 12, 2017 |