Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-09-30 | CVE-2016-0617 | Unspecified vulnerability in Oracle Linux 6.0 Unspecified vulnerability in the kernel-uek component in Oracle Linux 6 allows local users to affect availability via unknown vectors. | 5.5 |
| 2016-09-30 | CVE-2016-6651 | Permissions, Privileges, and Access Controls vulnerability in multiple products The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x before 3.4.5; UAA BOSH before 11.7 and 12.x before 12.6; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allows remote authenticated users to gain privileges by leveraging possession of a token. | 8.8 |
| 2016-09-30 | CVE-2016-6647 | Cross-site Scripting vulnerability in EMC Vipr SRM Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2016-09-30 | CVE-2016-6637 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allow remote attackers to hijack the authentication of unspecified victims for requests that approve or deny a scope via a profile or authorize approval page. | 9.6 |
| 2016-09-30 | CVE-2016-6636 | Open Redirect vulnerability in multiple products The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.1; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 mishandles redirect_uri subdomains, which allows remote attackers to obtain implicit access tokens via a modified subdomain. | 5.3 |
| 2016-09-29 | CVE-2016-4386 | Unspecified vulnerability in HP Network Automation 10.10 HPE Network Automation Software 10.10 allows local users to write to arbitrary files via unspecified vectors. | 7.8 |
| 2016-09-29 | CVE-2016-4385 | Deserialization of Untrusted Data vulnerability in HP Network Automation The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) and Commons BeanUtils libraries. | 7.3 |
| 2016-09-29 | CVE-2016-7090 | Information Exposure vulnerability in Siemens Scalance M-800 Firmware and Scalance S615 Firmware The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware before 4.02 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | 4.0 |
| 2016-09-29 | CVE-2016-5176 | Improper Access Control vulnerability in Google Chrome Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors. | 6.5 |
| 2016-09-29 | CVE-2016-5062 | Incorrect Resource Transfer Between Spheres vulnerability in Aternity 9.0 The web server in Aternity before 9.0.1 does not require authentication for getMBeansFromURL loading of Java MBeans, which allows remote attackers to execute arbitrary Java code by registering MBeans. | 9.8 |