Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-6235 | 1 Lepton Project | 1 Lepton | 2017-02-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (segmentation fault) via a crafted jpeg file. | |||||
| CVE-2016-5958 | 1 Ibm | 1 Security Privileged Identity Manager | 2017-02-07 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Privileged Identity Manager could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. | |||||
| CVE-2016-8931 | 1 Ibm | 1 Kenexa Lms | 2017-02-07 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | |||||
| CVE-2016-0396 | 1 Ibm | 1 Bigfix Platform | 2017-02-07 | 6.8 MEDIUM | 8.1 HIGH |
| IBM Tivoli Endpoint Manager could allow a user under special circumstances to inject commands that would be executed with unnecessary higher privileges than expected. | |||||
| CVE-2016-0394 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2017-02-07 | 2.1 LOW | 3.3 LOW |
| IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files. | |||||
| CVE-2016-6103 | 1 Ibm | 1 Security Key Lifecycle Manager | 2017-02-07 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | |||||
| CVE-2016-8930 | 1 Ibm | 1 Kenexa Lms | 2017-02-07 | 6.5 MEDIUM | 7.6 HIGH |
| IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. | |||||
| CVE-2016-6080 | 1 Ibm | 1 Websphere Message Broker | 2017-02-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| The WebAdmin context for WebSphere Message Broker allows directory listings which could disclose sensitive information to the attacker. | |||||
| CVE-2016-6238 | 1 Lepton Project | 1 Lepton | 2017-02-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| The write_ujpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds read) via a crafted jpeg file. | |||||
| CVE-2016-8911 | 1 Ibm | 1 Kenexa Lms On Cloud | 2017-02-07 | 3.5 LOW | 5.4 MEDIUM |
| IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. | |||||
| CVE-2016-6095 | 1 Ibm | 1 Security Key Lifecycle Manager | 2017-02-07 | 5.0 MEDIUM | 9.8 CRITICAL |
| IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | |||||
| CVE-2016-8913 | 1 Ibm | 1 Kenexa Lms On Cloud | 2017-02-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | |||||
| CVE-2016-3176 | 1 Saltstack | 1 Salt | 2017-02-07 | 4.3 MEDIUM | 5.6 MEDIUM |
| Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient. | |||||
| CVE-2016-6237 | 1 Lepton Project | 1 Lepton | 2017-02-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| The build_huffcodes function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds write) via a crafted jpeg file. | |||||
| CVE-2016-8932 | 1 Ibm | 1 Kenexa Lms | 2017-02-07 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | |||||
| CVE-2016-8912 | 1 Ibm | 1 Kenexa Lms On Cloud | 2017-02-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sensitive information in in log files that could be read by an authenticated user. | |||||
| CVE-2016-5115 | 1 Libavformat Project | 1 Libavformat | 2017-02-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| The avcodec_decode_audio4 function in libavcodec in libavformat 57.34.103, as used in MPlayer, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mp3 file. | |||||
| CVE-2016-8411 | 1 Google | 1 Android | 2017-02-07 | 10.0 HIGH | 9.8 CRITICAL |
| Buffer overflow vulnerability while processing QMI QOS TLVs. Product: Android. Versions: versions that have qmi_qos_srvc.c. Android ID: 31805216. References: QC CR#912775. | |||||
| CVE-2016-2987 | 1 Ibm | 6 Rational Doors Next Generation, Rational Engineering Lifecycle Manager, Rational Quality Manager and 3 more | 2017-02-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. | |||||
| CVE-2016-5897 | 1 Ibm | 1 Jazz Reporting Service | 2017-02-07 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Reporting Service (JRS) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | |||||