Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:linux:linux_kernel:2.3.39
There are 2,518 matching records.
Displaying matches 681 through 700.
Vuln ID Summary CVSS Severity
CVE-2016-8963

IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user.

Published: February 01, 2017; 5:59:00 PM -0500
V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2016-6110

IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user.

Published: February 01, 2017; 5:59:00 PM -0500
V3.0: 6.5 MEDIUM
V2.0: 2.1 LOW
CVE-2016-8967

IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user.

Published: February 01, 2017; 4:59:00 PM -0500
V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2016-0371

The Tivoli Storage Manager (TSM) password may be displayed in plain text via application trace output while application tracing is enabled.

Published: February 01, 2017; 4:59:00 PM -0500
V3.0: 4.7 MEDIUM
V2.0: 1.9 LOW
CVE-2016-8981

IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system.

Published: February 01, 2017; 3:59:03 PM -0500
V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2016-8980

IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources.

Published: February 01, 2017; 3:59:03 PM -0500
V3.0: 8.1 HIGH
V2.0: 7.5 HIGH
CVE-2016-8966

IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

Published: February 01, 2017; 3:59:03 PM -0500
V3.0: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-8961

IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.

Published: February 01, 2017; 3:59:03 PM -0500
V3.0: 6.1 MEDIUM
V2.0: 5.8 MEDIUM
CVE-2016-9795

The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validation.

Published: January 27, 2017; 5:59:02 PM -0500
V3.0: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2016-10086

RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions applied to a RESTful request.

Published: January 18, 2017; 5:59:00 PM -0500
V3.0: 8.1 HIGH
V2.0: 5.5 MEDIUM
CVE-2016-10147

crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an AF_ALG socket with an incompatible algorithm, as demonstrated by mcryptd(md5).

Published: January 18, 2017; 4:59:00 PM -0500
V3.0: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2017-2584

arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt.

Published: January 14, 2017; 9:59:02 PM -0500
V3.0: 7.1 HIGH
V2.0: 3.6 LOW
CVE-2017-2938

Adobe Flash Player versions 24.0.0.186 and earlier have a security bypass vulnerability related to handling TCP connections.

Published: January 10, 2017; 11:59:00 PM -0500
V3.0: 7.3 HIGH
V2.0: 7.5 HIGH
CVE-2017-2937

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class, when using class inheritance. Successful exploitation could lead to arbitrary code execution.

Published: January 10, 2017; 11:59:00 PM -0500
V3.0: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2017-2936

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class. Successful exploitation could lead to arbitrary code execution.

Published: January 10, 2017; 11:59:00 PM -0500
V3.0: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2017-2935

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing the Flash Video container file format. Successful exploitation could lead to arbitrary code execution.

Published: January 10, 2017; 11:59:00 PM -0500
V3.0: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2017-2934

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when parsing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execution.

Published: January 10, 2017; 11:59:00 PM -0500
V3.0: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2017-2933

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability related to texture compression. Successful exploitation could lead to arbitrary code execution.

Published: January 10, 2017; 11:59:00 PM -0500
V3.0: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2017-2932

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript MovieClip class. Successful exploitation could lead to arbitrary code execution.

Published: January 10, 2017; 11:59:00 PM -0500
V3.0: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2017-2931

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to the parsing of SWF metadata. Successful exploitation could lead to arbitrary code execution.

Published: January 10, 2017; 11:59:00 PM -0500
V3.0: 9.8 CRITICAL
V2.0: 10.0 HIGH