Vulnerabilities

08.06.2016

CVE-2016-4365

HPE Insight Control server deployment allows remote attackers to obtain sensitive information via unspecified vectors.
08.06.2016

CVE-2016-4364

HPE Insight Control server deployment allows local users to gain privileges via unspecified vectors.
08.06.2016

CVE-2016-4363

HPE Insight Control server deployment allows remote attackers to modify data via unspecified vectors.
08.06.2016

CVE-2016-4362

HPE Insight Control server deployment allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
08.06.2016

CVE-2016-4361

HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allow remote attackers to cause a denial of service via unspecified vectors.
08.06.2016

CVE-2016-4360

web/admin/data.js in the Performance Center Virtual Table Server (VTS) component in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 do not restrict file paths sent to an unlink call, which allows remote attackers to delete arbitrary files via the path parameter to data/import_csv, aka ZDI-CAN-3555.
08.06.2016

CVE-2016-4359

Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allows remote attackers to execute arbitrary code via a long -server_name value, aka ZDI-CAN-3516.
08.06.2016

CVE-2016-4358

HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2029.
08.06.2016

CVE-2016-4357

HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2028.
08.06.2016

CVE-2016-3738

Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod.
08.06.2016

CVE-2016-3711

HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie.
08.06.2016

CVE-2016-3708

Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder image that (1) contains ONBUILD commands or (2) does not contain a tar binary.
08.06.2016

CVE-2016-3703

Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote attackers to access API credentials in the web browser localStorage via an access_token in the query parameter.
08.06.2016

CVE-2016-2160

Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image.
08.06.2016

CVE-2016-2149

Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another namespace by using the same name as a previously deleted namespace when creating a new namespace.
08.06.2016

CVE-2016-2142

Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file.
08.06.2016

CVE-2016-2078

Cross-site scripting (XSS) vulnerability in the Web Client in VMware vCenter Server 5.1 before update 3d, 5.5 before update 3d, and 6.0 before update 2 on Windows allows remote attackers to inject arbitrary web script or HTML via the flashvars parameter.
08.06.2016

CVE-2016-2030

HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, and CVE-2016-2022.
08.06.2016

CVE-2016-2029

HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4358.
08.06.2016

CVE-2016-2028

HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4357.