Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2016-1894 |
NetApp OnCommand Workflow Automation before 3.1P2 allows remote attackers to bypass authentication via unspecified vectors. Published: February 07, 2017; 12:59:00 PM -0500 |
V3.0: 8.1 HIGH V2.0: 9.3 HIGH |
CVE-2016-1502 |
NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to partially bypass authentication and then list and delete backups via unspecified vectors. Published: February 07, 2017; 12:59:00 PM -0500 |
V3.0: 7.3 HIGH V2.0: 7.5 HIGH |
CVE-2015-8544 |
NetApp SnapDrive for Windows before 7.0.2P4, 7.0.3, and 7.1 before 7.1.3P1 allows remote attackers to obtain sensitive information via unspecified vectors. Published: February 07, 2017; 12:59:00 PM -0500 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2015-8322 |
NetApp OnCommand System Manager 8.3.x before 8.3.2 allows remote authenticated users to execute arbitrary code via unspecified vectors. Published: February 07, 2017; 12:59:00 PM -0500 |
V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2015-7599 |
Integer overflow in the _authenticate function in svc_auth.c in Wind River VxWorks 5.5 through 6.9.4.1, when the Remote Procedure Call (RPC) protocol is enabled, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a username and password. Published: February 07, 2017; 12:59:00 PM -0500 |
V3.0: 8.1 HIGH V2.0: 9.3 HIGH |
CVE-2016-6104 |
IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute arbitrary code on the vulnerable system. Published: February 07, 2017; 11:59:00 AM -0500 |
V3.0: 7.2 HIGH V2.0: 6.5 MEDIUM |
CVE-2016-6097 |
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system. Published: February 07, 2017; 11:59:00 AM -0500 |
V3.0: 4.0 MEDIUM V2.0: 2.1 LOW |
CVE-2016-6096 |
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Published: February 07, 2017; 11:59:00 AM -0500 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-6094 |
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates an error message that includes sensitive information about its environment, users, or associated data. Published: February 07, 2017; 11:59:00 AM -0500 |
V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2016-6092 |
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user. Published: February 07, 2017; 11:59:00 AM -0500 |
V3.0: 6.2 MEDIUM V2.0: 2.1 LOW |
CVE-2016-3020 |
IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass validation and load a page with malicious content. Published: February 07, 2017; 11:59:00 AM -0500 |
V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-7400 |
Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action, (2) title parameter in a show blog controller action, or (3) content_id parameter in a showComments expComment controller action. Published: February 07, 2017; 10:59:00 AM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2016-7164 |
The construct function in puff.cpp in Libtorrent 1.1.0 allows remote torrent trackers to cause a denial of service (segmentation fault and crash) via a crafted GZIP response. Published: February 07, 2017; 10:59:00 AM -0500 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-6199 |
ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object. Published: February 07, 2017; 10:59:00 AM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2016-6175 |
Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header. Published: February 07, 2017; 10:59:00 AM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2016-6131 |
The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types. Published: February 07, 2017; 10:59:00 AM -0500 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-2781 |
chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. Published: February 07, 2017; 10:59:00 AM -0500 |
V3.0: 6.5 MEDIUM V2.0: 2.1 LOW |
CVE-2016-2779 |
runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. Published: February 07, 2017; 10:59:00 AM -0500 |
V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2016-2539 |
Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files and execute arbitrary PHP code via vectors involving a crafted zip file. Published: February 07, 2017; 10:59:00 AM -0500 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2016-1504 |
dhcpcd before 6.10.0 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to the option length. Published: February 07, 2017; 10:59:00 AM -0500 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |