Skip to main content
CVE-2016-4425 MEDIUM PATCH This Month

Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service (deep recursion, stack consumption, and crash) via crafted JSON data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Jansson
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2016-3724 MEDIUM PATCH This Month

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Jenkins Information Disclosure Openshift
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2016-0323 MEDIUM This Month

The Auto-Scaling agent in Liberty for Java in IBM Bluemix before 2.7-20160321-1358 allows remote authenticated users to disable X.509 certificate validation, and consequently bypass an intended HTTPS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Java Authentication Bypass Bluemix
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2016-0306 MEDIUM This Month

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.41, 8.0 before 8.0.0.13, and 8.5 before 8.5.5.10, when FIPS 140-2 is enabled, misconfigures TLS, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2016-3721 MEDIUM PATCH This Month

Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Jenkins Code Injection Openshift
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2016-3722 MEDIUM PATCH This Month

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the "full name.". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Jenkins Denial Of Service Privilege Escalation Openshift
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-3725 MEDIUM PATCH This Month

Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Jenkins Denial Of Service Privilege Escalation Openshift
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-3727 MEDIUM PATCH This Month

The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Jenkins Information Disclosure Openshift
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2016-3723 MEDIUM PATCH This Month

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Jenkins Information Disclosure Openshift
NVD
CVSS 3.0
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy