Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5577 | 1 Linux | 1 Linux Kernel | 2017-02-08 | 4.9 MEDIUM | 5.5 MEDIUM |
| The vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 does not set an errno value upon certain overflow detections, which allows local users to cause a denial of service (incorrect pointer dereference and OOPS) via inconsistent size values in a VC4_SUBMIT_CL ioctl call. | |||||
| CVE-2016-6085 | 1 Ibm | 1 Bigfix Platform | 2017-02-08 | 3.3 LOW | 6.5 MEDIUM |
| IBM BigFix Platform could allow an attacker on the local network to crash the BES and relay servers. | |||||
| CVE-2016-6122 | 1 Ibm | 1 Kenexa Lms On Cloud | 2017-02-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 discloses answers to security questions in a response to authenticated users. | |||||
| CVE-2016-5026 | 1 Onionshare | 1 Onionshare | 2017-02-08 | 2.1 LOW | 5.5 MEDIUM |
| hs.py in OnionShare before 0.9.1 allows local users to modify the hiddenservice by pre-creating the /tmp/onionshare directory. | |||||
| CVE-2016-6040 | 1 Ibm | 1 Rational Collaborative Lifecycle Management | 2017-02-08 | 6.0 MEDIUM | 5.0 MEDIUM |
| IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user due to session expiration not being enforced. | |||||
| CVE-2016-6099 | 1 Ibm | 1 Security Key Lifecycle Manager | 2017-02-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. | |||||
| CVE-2017-5882 | 1 Sanadata | 1 Sanacms | 2017-02-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in index.asp in SANADATA SanaCMS 7.3 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||||
| CVE-2016-6163 | 1 Gnome | 1 Librsvg | 2017-02-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted svg file. | |||||
| CVE-2016-6234 | 1 Lepton Project | 1 Lepton | 2017-02-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| The process_file function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (crash) via a crafted jpeg file. | |||||
| CVE-2016-5966 | 1 Ibm | 1 Security Privileged Identity Manager | 2017-02-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | |||||
| CVE-2016-6236 | 1 Lepton Project | 1 Lepton | 2017-02-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg file. | |||||
| CVE-2016-6116 | 1 Ibm | 1 Security Key Lifecycle Manager | 2017-02-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | |||||
| CVE-2016-4352 | 1 Libavformat Project | 1 Libavformat | 2017-02-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| Integer overflow in the demuxer function in libmpdemux/demux_gif.c in Mplayer allows remote attackers to cause a denial of service (crash) via large dimensions in a gif file. | |||||
| CVE-2016-8929 | 1 Ibm | 1 Kenexa Lms | 2017-02-07 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. | |||||
| CVE-2016-6084 | 1 Ibm | 1 Bigfix Platform | 2017-02-07 | 3.3 LOW | 6.5 MEDIUM |
| IBM BigFix Platform could allow an attacker on the local network to crash the BES server using a specially crafted XMLSchema request. | |||||
| CVE-2016-5988 | 1 Ibm | 1 Security Privileged Identity Manager | 2017-02-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Security Privileged Identity Manager Virtual Appliance could disclose sensitive information in generated error messages that would be available to an authenticated user. | |||||
| CVE-2016-5990 | 1 Ibm | 1 Security Privileged Identity Manager | 2017-02-07 | 6.5 MEDIUM | 6.3 MEDIUM |
| IBM Security Privileged Identity Manager Virtual Appliance allows an authenticated user to upload malicious files that would be automatically executed by the server. | |||||
| CVE-2016-6126 | 1 Ibm | 1 Kenexa Lms On Cloud | 2017-02-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | |||||
| CVE-2016-8933 | 1 Ibm | 1 Kenexa Lms | 2017-02-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system. | |||||
| CVE-2016-6235 | 1 Lepton Project | 1 Lepton | 2017-02-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (segmentation fault) via a crafted jpeg file. | |||||
| CVE-2016-6080 | 1 Ibm | 1 Websphere Message Broker | 2017-02-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| The WebAdmin context for WebSphere Message Broker allows directory listings which could disclose sensitive information to the attacker. | |||||
| CVE-2016-6238 | 1 Lepton Project | 1 Lepton | 2017-02-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| The write_ujpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds read) via a crafted jpeg file. | |||||
| CVE-2016-8911 | 1 Ibm | 1 Kenexa Lms On Cloud | 2017-02-07 | 3.5 LOW | 5.4 MEDIUM |
| IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. | |||||
| CVE-2016-8913 | 1 Ibm | 1 Kenexa Lms On Cloud | 2017-02-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | |||||
| CVE-2016-3176 | 1 Saltstack | 1 Salt | 2017-02-07 | 4.3 MEDIUM | 5.6 MEDIUM |
| Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient. | |||||
| CVE-2016-6237 | 1 Lepton Project | 1 Lepton | 2017-02-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| The build_huffcodes function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds write) via a crafted jpeg file. | |||||
| CVE-2016-8912 | 1 Ibm | 1 Kenexa Lms On Cloud | 2017-02-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sensitive information in in log files that could be read by an authenticated user. | |||||
| CVE-2016-5115 | 1 Libavformat Project | 1 Libavformat | 2017-02-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| The avcodec_decode_audio4 function in libavcodec in libavformat 57.34.103, as used in MPlayer, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mp3 file. | |||||
| CVE-2016-2987 | 1 Ibm | 6 Rational Doors Next Generation, Rational Engineering Lifecycle Manager, Rational Quality Manager and 3 more | 2017-02-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. | |||||
| CVE-2016-5897 | 1 Ibm | 1 Jazz Reporting Service | 2017-02-07 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Reporting Service (JRS) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | |||||
| CVE-2016-5898 | 1 Ibm | 1 Jazz Reporting Service | 2017-02-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Jazz Reporting Service (JRS) could allow a remote attacker to obtain sensitive information, caused by not restricting JSON serialization. By sending a direct request, an attacker could exploit this vulnerability to obtain sensitive information. | |||||
| CVE-2016-5899 | 1 Ibm | 1 Jazz Reporting Service | 2017-02-07 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2016-6047 | 1 Ibm | 1 Jazz Reporting Service | 2017-02-07 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2016-6039 | 1 Ibm | 1 Jazz Reporting Service | 2017-02-07 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2016-6030 | 1 Ibm | 1 Rational Collaborative Lifecycle Management | 2017-02-07 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2016-6061 | 1 Ibm | 1 Rational Collaborative Lifecycle Management | 2017-02-07 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2016-6054 | 1 Ibm | 1 Jazz Reporting Service | 2017-02-07 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2016-6028 | 1 Ibm | 1 Rational Collaborative Lifecycle Management | 2017-02-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Jazz technology based products might allow an attacker to view work item titles that they do not have privilege to view. | |||||
| CVE-2016-9411 | 1 Mybb | 2 Merge System, Mybb | 2017-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to obtain the installation path via vectors involving sending mails. | |||||
| CVE-2016-9413 | 1 Mybb | 2 Merge System, Mybb | 2017-02-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||||
| CVE-2016-7569 | 1 Docker2aci Project | 1 Docker2aci | 2017-02-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| Directory traversal vulnerability in docker2aci before 0.13.0 allows remote attackers to write to arbitrary files via a .. (dot dot) in the embedded layer data in an image. | |||||
| CVE-2016-5941 | 1 Ibm | 1 Kenexa Lms | 2017-02-05 | 3.5 LOW | 5.7 MEDIUM |
| IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system. | |||||
| CVE-2016-3035 | 1 Ibm | 1 Security Appscan Source | 2017-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM AppScan Source could reveal some sensitive information through the browsing of testlinks on the server. | |||||
| CVE-2016-2050 | 1 Libdwarf Project | 1 Libdwarf | 2017-02-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| The get_abbrev_array_info function in libdwarf-20151114 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted elf file. | |||||
| CVE-2016-5942 | 1 Ibm | 1 Kenexa Lms | 2017-02-05 | 3.5 LOW | 5.4 MEDIUM |
| IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2016-6125 | 1 Ibm | 1 Kenexa Lms On Cloud | 2017-02-05 | 3.5 LOW | 5.4 MEDIUM |
| IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2016-6123 | 1 Ibm | 1 Kenexa Lms On Cloud | 2017-02-05 | 3.5 LOW | 5.4 MEDIUM |
| IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2016-5940 | 1 Ibm | 1 Kenexa Lms | 2017-02-05 | 3.5 LOW | 5.4 MEDIUM |
| IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2016-8920 | 1 Ibm | 1 Kenexa Lms On Cloud | 2017-02-05 | 3.5 LOW | 5.4 MEDIUM |
| IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2016-0265 | 1 Ibm | 1 Campaign | 2017-02-05 | 3.5 LOW | 5.4 MEDIUM |
| IBM Campaign is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | |||||