IDCVSSSummaryLast (major) updatePublished
CVE-2016-8974 None
IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consu
23-02-2017 - 16:59 23-02-2017 - 16:59
CVE-2016-6055 None
IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials d
23-02-2017 - 16:59 23-02-2017 - 16:59
CVE-2016-5883 None
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted ses
23-02-2017 - 16:59 23-02-2017 - 16:59
CVE-2017-6206 None
D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Information Disclosure attacks via unspecified vecto
23-02-2017 - 06:59 23-02-2017 - 06:59
CVE-2017-6205 None
D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Command Bypass attacks via unspecified vectors.
23-02-2017 - 06:59 23-02-2017 - 06:59
CVE-2017-6187 None
Buffer overflow in the built-in web server in DiskSavvy Enterprise 9.4.18 allows remote attackers to execute arbitrary code via a long URI in a GET request.
22-02-2017 - 23:59 22-02-2017 - 23:59
CVE-2017-6077 None
ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping_IPAddr field of an HTTP POST request.
22-02-2017 - 23:59 22-02-2017 - 23:59
CVE-2016-1245 None
It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BU
22-02-2017 - 23:59 22-02-2017 - 23:59
CVE-2017-6188 None
Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting any file accessible to the www-data user.
22-02-2017 - 19:59 22-02-2017 - 19:59
CVE-2016-8986 None
IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTTP requests. IBM Reference #: 1998648.
22-02-2017 - 19:59 22-02-2017 - 19:59
CVE-2016-8915 None
IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager and queue, to deny service to other channels running under the same process. IBM Reference #: 1998649.
22-02-2017 - 19:59 22-02-2017 - 19:59
CVE-2016-3052 None
IBM WebSphere MQ 8.0, under nonstandard configurations, sends password data in cleartext over the network that could be intercepted using main in the middle techniques. IBM Reference #: 1998660.
22-02-2017 - 19:59 22-02-2017 - 19:59
CVE-2016-3013 None
IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ channel due to improper data conversion handling. IBM Reference #: 1998661.
22-02-2017 - 19:59 22-02-2017 - 19:59
CVE-2017-5586 None
OpenText Documentum D2 (formerly EMC Documentum D2) 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell (bsh) and Apache Commons Collections (ACC) libraries.
22-02-2017 - 16:59 22-02-2017 - 16:59
CVE-2017-5585 None
OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and return_top_results_row_based config option is false, does not properly restrict DQL hints, which allows remote authenticated users t
22-02-2017 - 16:59 22-02-2017 - 16:59
CVE-2016-9956 None
The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script.
22-02-2017 - 16:59 22-02-2017 - 16:59
CVE-2016-9910 None
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of special characters in attribute values, a different vulnerability than CVE-2016-9909.
22-02-2017 - 16:59 22-02-2017 - 16:59
CVE-2016-9909 None
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of the < (less than) character in attribute values.
22-02-2017 - 16:59 22-02-2017 - 16:59
CVE-2016-9400 None
The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code via vectors involving snap handling.
22-02-2017 - 16:59 22-02-2017 - 16:59
CVE-2016-9384 None
Xen 4.7 allows local guest OS users to obtain sensitive host information by loading a 32-bit ELF symbol table.
22-02-2017 - 16:59 22-02-2017 - 16:59
CVE-2016-9378 None
Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging an incorrect choice for software
22-02-2017 - 16:59 22-02-2017 - 16:59
CVE-2016-9377 None
Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging IDT entry miscalculation.
22-02-2017 - 16:59 22-02-2017 - 16:59
CVE-2016-8636 None
Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel before 4.9.10 allows local users to cause a denial of service (memory corruption), obtain sensitive information from kernel memory, or possibly
22-02-2017 - 16:59 22-02-2017 - 16:59
CVE-2014-4677 None
The installPackage function in the installerHelper subcomponent in Libmacgpg in GPG Suite before 2015.06 allows local users to execute arbitrary commands with root privileges via shell metacharacters in the xmlPath argument.
22-02-2017 - 16:59 22-02-2017 - 16:59
CVE-2016-9684 10.0
The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'viewcert' CGI (/cgi-bin/viewcert) component responsible
22-02-2017 - 05:59 22-02-2017 - 05:59
CVE-2016-9683 10.0
The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'extensionsettings' CGI (/cgi-bin/extensionsettings) comp
22-02-2017 - 05:59 22-02-2017 - 05:59
CVE-2016-9682 10.0
The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to two Remote Command Injection vulnerabilities in its web administrative interface. These vulnerabilities occur in the diagnostics CGI (/cgi-bin/diagnostics) component re
22-02-2017 - 05:59 22-02-2017 - 05:59
CVE-2017-3847 3.5
A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. More Information: CSCvc72741. Known Affected R
22-02-2017 - 02:59 22-02-2017 - 02:59
CVE-2017-3845 4.3
A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an aff
22-02-2017 - 02:59 22-02-2017 - 02:59
CVE-2017-3844 4.0
A vulnerability in exporting functions of the user interface for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to view file directory listings and download files. Affected Products: Cisco Prime Collaboration Assura
22-02-2017 - 02:59 22-02-2017 - 02:59
CVE-2017-3843 4.0
A vulnerability in the file download functions for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to download system files that should be restricted. More Information: CSCvc99446. Known Affected Releases: 11.5(0).
22-02-2017 - 02:59 22-02-2017 - 02:59
CVE-2017-3842 5.0
A vulnerability in the web-based management interface of the Cisco Intrusion Prevention System Device Manager (IDM) could allow an unauthenticated, remote attacker to view sensitive information stored in certain HTML comments. More Information: CSCuh
22-02-2017 - 02:59 22-02-2017 - 02:59
CVE-2017-3841 5.0
A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to disclose sensitive information. More Information: CSCvc04854. Known Affected Releases: 5.8(2.5).
22-02-2017 - 02:59 22-02-2017 - 02:59
CVE-2017-3840 5.8
A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect Vulnerability. More Information: CSCvc04849. Known A
22-02-2017 - 02:59 22-02-2017 - 02:59
CVE-2017-3839 4.0
An XML External Entity vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to have read access to part of the information stored in the affected system. More In
22-02-2017 - 02:59 22-02-2017 - 02:59
CVE-2017-3838 4.3
A vulnerability in Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to conduct a DOM-based cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCvc
22-02-2017 - 02:59 22-02-2017 - 02:59
CVE-2017-3837 5.5
An HTTP Packet Processing vulnerability in the Web Bridge interface of the Cisco Meeting Server (CMS), formerly Acano Conferencing Server, could allow an authenticated, remote attacker to retrieve memory contents, which could lead to the disclosure o
22-02-2017 - 02:59 22-02-2017 - 02:59
CVE-2017-3836 None
A vulnerability in the web framework Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. More Information: CSCvb61689. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.980
22-02-2017 - 02:59 22-02-2017 - 02:59
CVE-2017-3835 None
A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access notices owned by other users, because of SQL Injection. More Information: CSCvb15627. Known Affected Releases: 1.4(0
22-02-2017 - 02:59 22-02-2017 - 02:59
CVE-2017-3833 None
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. More Information
22-02-2017 - 02:59 22-02-2017 - 02:59
CVE-2017-3830 None
A vulnerability in an internal API of the Cisco Meeting Server (CMS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected appliance. More Information: CSCvc89678. Known Affected Releases: 2.1. K
22-02-2017 - 02:59 22-02-2017 - 02:59
CVE-2017-3829 None
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface
22-02-2017 - 02:59 22-02-2017 - 02:59
CVE-2017-3828 None
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface
22-02-2017 - 02:59 22-02-2017 - 02:59
CVE-2017-3827 None
A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass configured use
22-02-2017 - 02:59 22-02-2017 - 02:59
CVE-2017-3821 None
A vulnerability in the serviceability page of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. More Information: CSCvc49348. Known Affected Releases: 10.5(2.
22-02-2017 - 02:59 22-02-2017 - 02:59
CVE-2017-2684 None
Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level authentication.
22-02-2017 - 02:59 22-02-2017 - 02:59
CVE-2016-9053 7.5
An exploitable out-of-bounds indexing vulnerability exists within the RW fabric message particle type of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server to fetch a function table outside the bounds of an array resu
21-02-2017 - 22:59 21-02-2017 - 22:59
CVE-2016-9051 7.5
An exploitable out-of-bounds write vulnerability exists in the batch transaction field parsing functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause an out-of-bounds write resulting in memory corruption which can l
21-02-2017 - 22:59 21-02-2017 - 22:59
CVE-2016-9049 5.0
An exploitable denial-of-service vulnerability exists in the fabric-worker component of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server process to dereference a null pointer. An attacker can simply connect to a TCP
21-02-2017 - 22:59 21-02-2017 - 22:59
CVE-2017-6127 None
Multiple cross-site request forgery (CSRF) vulnerabilities in the access portal on the DIGISOL DG-HR1400 Wireless Router with firmware 1.00.02 allow remote attackers to hijack the authentication of administrators for requests that (1) change the SSID
21-02-2017 - 20:59 21-02-2017 - 20:59
Back to Top Mark selected
Back to Top