CVE-2016-4004
published 2016-04-12CVE-2016-4004: Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a…
PriorityP340medium4.9CVSS 3.0
AVNACLPRHUINSUCHINAN
EXPLOIT
EPSS
8.95%
94.6th percentile
Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file parameter to ViewFile.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dell | openmanage_server_administrator | — | — |
| linux | linux_kernel | >= 0 < 3.13.0-87.133 | 3.13.0-87.133 |
CVSS provenance
nvdv3.04.9MEDIUMCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
osv8.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8j88-pw27-gh88: Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8
ghsa_unreviewed·2022-05-17
CVE-2016-4004 [MEDIUM] CWE-22 GHSA-8j88-pw27-gh88: Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8
Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file parameter to ViewFile.
OSV
linux vulnerabilities
osv·2016-06-01·CVSS 8.5
CVE-2016-2117 linux vulnerabilities
linux vulnerabilities
Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux
kernel incorrectly enables scatter/gather I/O. A remote attacker could use
this to obtain potentially sensitive information from kernel memory.
(CVE-2016-2117)
Jason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB
over wifi device drivers in the Linux kernel. A remote attacker could use
this to cause a denial of service (system crash) or obtain potentially
sensitive information from kernel memory. (CVE-2015-4004)
Andy Lutomirski discovered a race condition in the Linux kernel's
translation lookaside buffer (TLB) handling of flush events. A local
attacker could use this to cause a denial of service or possibly leak
sensitive information. (CVE-2016-2069)
Ralf Spenneberg
No detection rules found.
No writeups or analysis indexed.
2016-04-12
Published