Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-11 | CVE-2015-8604 | SQL Injection vulnerability in Cacti SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in a save action. | 6.5 |
| 2016-04-11 | CVE-2015-8399 | Information Exposure vulnerability in Atlassian Confluence Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action. | 4.0 |
| 2016-04-11 | CVE-2015-8398 | Cross-site Scripting vulnerability in Atlassian Confluence Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.8.17 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to rest/prototype/1/session/check. | 4.3 |
| 2016-04-11 | CVE-2015-7528 | Information Exposure vulnerability in multiple products Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name. | 5.3 |
| 2016-04-11 | CVE-2015-7502 | Information Exposure vulnerability in Redhat Cloudforms and Cloudforms Management Engine Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users to obtain sensitive data and consequently gain privileges by leveraging access to (1) database exports or (2) log files. | 5.1 |
| 2016-04-11 | CVE-2015-7330 | 7PK - Security Features vulnerability in Puppet Enterprise 2015.3.0 Puppet Enterprise 2015.3 before 2015.3.1 allows remote attackers to bypass a host whitelist protection mechanism by leveraging the Puppet communications protocol. | 6.5 |
| 2016-04-11 | CVE-2015-5303 | 7PK - Security Features vulnerability in Openstack Tripleo Heat Templates The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter. | 5.0 |
| 2016-04-11 | CVE-2015-5233 | Permissions, Privileges, and Access Controls vulnerability in multiple products Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary hosts or (2) remote authenticated users with the destroy_reports permission to delete reports from arbitrary hosts via direct access to the (a) individual report show/delete pages or (b) APIs. | 4.2 |
| 2016-04-11 | CVE-2014-9759 | Information Exposure vulnerability in Mantisbt 1.3.0 Incomplete blacklist vulnerability in the config_is_private function in config_api.php in MantisBT 1.3.x before 1.3.0 allows remote attackers to obtain sensitive master salt configuration information via a SOAP API request. | 5.0 |
| 2016-04-11 | CVE-2016-0735 | Permissions, Privileges, and Access Controls vulnerability in Apache Ranger 0.5.0/0.5.1 Apache Ranger 0.5.x before 0.5.2 allows remote authenticated users to bypass intended parent resource-level access restrictions by leveraging mishandling of a resource-level exclude policy. | 6.5 |