Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2016
LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container directory via unspecified vectors.
CVSS Score
5.5
EPSS Score
0.0
Published
2016-06-09
LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors.
CVSS Score
5.5
EPSS Score
0.0
Published
2016-06-09
The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.
CVSS Score
9.8
EPSS Score
0.205
Published
2016-06-09
Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname.
CVSS Score
9.1
EPSS Score
0.039
Published
2016-06-09
CVE-2016-4523
Known exploited
The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.686
Published
2016-06-09
The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to bypass authentication and read arbitrary files via unspecified vectors.
CVSS Score
9.1
EPSS Score
0.021
Published
2016-06-09
HPE Project and Portfolio Management Center (PPM) 9.2x and 9.3x before 9.32.0002 allows remote authenticated users to execute arbitrary commands or obtain sensitive information via unspecified vectors.
CVSS Score
8.8
EPSS Score
0.005
Published
2016-06-09
General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web interface.
CVSS Score
9.8
EPSS Score
0.002
Published
2016-06-09
Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod.
CVSS Score
8.8
EPSS Score
0.01
Published
2016-06-08
HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie.
CVSS Score
3.3
EPSS Score
0.001
Published
2016-06-08


Contact Us

Shodan ® - All rights reserved