CVE-2016-4972 (mitaka-murano, murano, murano-dashboard, python-muranoclient)

OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), Murano-dashboard before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), and python-muranoclient before 0.7.3 (liberty) and 0.8.x before 0.8.5 (mitaka) improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files, which allows remote attackers to create arbitrary Python objects and execute arbitrary code via crafted extended YAML tags in UI definitions in packages.

Source: CVE-2016-4972 (mitaka-murano, murano, murano-dashboard, python-muranoclient)

CVE-2016-4972

OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), Murano-dashboard before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), and python-muranoclient before 0.7.3 (liberty) and 0.8.x before 0.8.5 (mitaka) improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files, which allows remote attackers to create arbitrary Python objects and execute arbitrary code via crafted extended YAML tags in UI definitions in packages.

Source: CVE-2016-4972

CVE-2016-3639 (hana_db)

SAP HANA DB 1.00.091.00.1418659308 allows remote attackers to obtain sensitive topology information via an unspecified HTTP request, aka SAP Security Note 2176128.

Source: CVE-2016-3639 (hana_db)

CVE-2016-3639

SAP HANA DB 1.00.091.00.1418659308 allows remote attackers to obtain sensitive topology information via an unspecified HTTP request, aka SAP Security Note 2176128.

Source: CVE-2016-3639

CVE-2016-7162 (file_roller, ubuntu_linux)

The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive.

Source: CVE-2016-7162 (file_roller, ubuntu_linux)

CVE-2016-7162

The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive.

Source: CVE-2016-7162

CVE-2016-7142 (debian_linux, inspircd)

The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message.

Source: CVE-2016-7142 (debian_linux, inspircd)

CVE-2016-7142

The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message.

Source: CVE-2016-7142

CVE-2016-6518 (s12700_firmware, s5300_firmware, s5700_firmware, s6300_firmware, s6700_firmware, s7700_firmware, s9300_firmware, s9700_firmware)

Memory leak in Huawei S9300, S5300, S5700, S6700, S7700, S9700, and S12700 devices allows remote attackers to cause a denial of service (memory consumption and restart) via a large number of malformed packets.

Source: CVE-2016-6518 (s12700_firmware, s5300_firmware, s5700_firmware, s6300_firmware, s6700_firmware, s7700_firmware, s9300_firmware, s9700_firmware)

CVE-2016-6518

Memory leak in Huawei S9300, S5300, S5700, S6700, S7700, S9700, and S12700 devices allows remote attackers to cause a denial of service (memory consumption and restart) via a large number of malformed packets.

Source: CVE-2016-6518