CVE-2016-4947
Cloudera HUE 3.9.0 and earlier allows remote attackers to enumerate user accounts via a request to desktop/api/users/autocomplete.
Source: CVE-2016-4947
[월:] 2017년 03월
CVE-2016-6241
CVE-2016-6241
Integer overflow in the amap_alloc1 function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value.
Source: CVE-2016-6241
CVE-2016-6243
CVE-2016-6243
thrsleep in kern/kern_synch.c in OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (kernel panic) via a crafted value in the tsp parameter of the __thrsleep system call.
Source: CVE-2016-6243
CVE-2016-4946
CVE-2016-4946
Multiple cross-site scripting (XSS) vulnerabilities in Cloudera HUE 3.9.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name or (2) Last name field in the HUE Users page.
Source: CVE-2016-4946
CVE-2016-6242
CVE-2016-6242
OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (assertion failure and kernel panic) via a large ident value in a kevent system call.
Source: CVE-2016-6242
CVE-2016-6245
CVE-2016-6245
OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (kernel panic) via a large size in a getdents system call.
Source: CVE-2016-6245
CVE-2016-6247
CVE-2016-6247
OpenBSD 5.8 and 5.9 allows certain local users to cause a denial of service (kernel panic) by unmounting a filesystem with an open vnode on the mnt_vnodelist.
Source: CVE-2016-6247
CVE-2016-7135
CVE-2016-7135
Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. (dot dot) in the path parameter in a getFile action to Plone/++theme++barceloneta/@@plone.resourceeditor.filemanager-actions.
Source: CVE-2016-7135
CVE-2016-6350
CVE-2016-6350
OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (NULL pointer derference and panic) via a sysctl call with a path starting with 10,9.
Source: CVE-2016-6350
CVE-2016-7136
CVE-2016-7136
z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted GET request.
Source: CVE-2016-7136