Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-08-05 | CVE-2016-4999 | SQL Injection vulnerability in Redhat products SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set Authoring or (2) Displayer editor UI. | 9.8 |
| 2016-08-05 | CVE-2016-1278 | Improper Authentication vulnerability in Juniper Junos 12.1X44/12.1X46 Juniper Junos OS before 12.1X46-D50 on SRX Series devices reverts to "safe mode" authentication and allows root CLI logins without a password after a failed upgrade to 12.1X46, which might allow local users to gain privileges by leveraging use of the "request system software" command with the "partition" option. | 7.8 |
| 2016-08-05 | CVE-2016-1276 | Resource Management Errors vulnerability in Juniper Junos Juniper Junos OS before 12.1X46-D50, 12.1X47 before 12.1X47-D23, 12.3X48 before 12.3X48-D25, and 15.1X49 before 15.1X49-D40 on a High-End SRX-Series chassis system with one or more Application Layer Gateways (ALGs) enabled allow remote attackers to cause a denial of service (CPU consumption, fab link failure, or flip-flop failovers) via vectors related to in-transit traffic matching ALG rules. | 5.9 |
| 2016-08-05 | CVE-2016-0782 | Cross-site Scripting vulnerability in Apache Activemq The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting (XSS) attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a queue. | 5.4 |
| 2016-08-05 | CVE-2015-8945 | Credentials Management vulnerability in Openshift Origin openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the --credentials option is used, which allows local users to obtain sensitive private key information by reading the systemd journal. | 5.1 |
| 2016-08-05 | CVE-2016-6150 | Improper Access Control vulnerability in SAP Hana The multi-tenant database container feature in SAP HANA does not properly encrypt communications, which allows remote attackers to bypass intended access restrictions and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2233550. | 9.8 |
| 2016-08-05 | CVE-2016-6149 | Information Exposure vulnerability in SAP Hana Sps09 1.00.091.00.14186593 SAP HANA SPS09 1.00.091.00.14186593 allows local users to obtain sensitive information by leveraging the EXPORT statement to export files, aka SAP Security Note 2252941. | 5.5 |
| 2016-08-05 | CVE-2016-6148 | Improper Input Validation vulnerability in SAP Hana 1.00.73.00.389160 SAP HANA DB 1.00.73.00.389160 allows remote attackers to cause a denial of service (process termination) or execute arbitrary code via vectors related to an IMPORT statement, aka SAP Security Note 2233136. | 7.5 |
| 2016-08-05 | CVE-2016-6147 | OS Command Injection vulnerability in SAP Trex 7.10 An unspecified interface in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands with SIDadm privileges via unspecified vectors, aka SAP Security Note 2234226. | 9.8 |
| 2016-08-05 | CVE-2016-6145 | Information Exposure vulnerability in SAP Hana DB 1.00.091.00.1418659308 The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides different error messages for failed login attempts depending on whether the username exists and is locked when the detailed_error_on_connect option is not supported or is configured as "False," which allows remote attackers to enumerate database users via a series of login attempts, aka SAP Security Note 2216869. | 5.3 |