Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-09-07 | CVE-2016-1241 | Information Exposure vulnerability in Tryton Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors. | 5.3 |
| 2016-09-07 | CVE-2016-7034 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Jboss BPM Suite 6.3.2 The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to (1) bypass CSRF protection mechanisms or (2) conduct cross-site request forgery (CSRF) attacks by obtaining an old token. | 8.8 |
| 2016-09-07 | CVE-2016-7033 | Cross-site Scripting vulnerability in Redhat Jboss BPM Suite 6.3.2 Multiple cross-site scripting (XSS) vulnerabilities in the admin pages in dashbuilder in Red Hat JBoss BPM Suite 6.3.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2016-09-07 | CVE-2016-6855 | Out-of-bounds Write vulnerability in multiple products Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup. | 7.5 |
| 2016-09-07 | CVE-2016-6351 | The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the QEMU host via vectors involving DMA read into ESP command buffer. | 6.7 |
| 2016-09-07 | CVE-2016-6346 | Unspecified vulnerability in Redhat Resteasy RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors. | 7.5 |
| 2016-09-07 | CVE-2016-6345 | Information Exposure vulnerability in Redhat Resteasy RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs. | 6.5 |
| 2016-09-07 | CVE-2016-6344 | Information Exposure vulnerability in Redhat Jboss BPM Suite 6.3 Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a Set-Cookie header for session cookies, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies. | 5.3 |
| 2016-09-06 | CVE-2016-7153 | Information Exposure vulnerability in multiple products The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack. | 5.3 |
| 2016-09-06 | CVE-2016-7152 | Information Exposure vulnerability in multiple products The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack. | 5.3 |