CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2010-5328 20 DoS 2017-02-06 2017-03-29
4.9
None Local Low Not required None None Complete
include/linux/init_task.h in the Linux kernel before 2.6.35 does not prevent signals with a process group ID of zero from reaching the swapper process, which allows local users to cause a denial of service (system crash) by leveraging access to this process group.
2 CVE-2013-7459 119 Exec Code Overflow 2017-02-15 2017-07-01
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.
3 CVE-2014-4677 77 Exec Code 2017-02-22 2018-05-02
7.2
None Local Low Not required Complete Complete Complete
The installPackage function in the installerHelper subcomponent in Libmacgpg in GPG Suite before 2015.06 allows local users to execute arbitrary commands with root privileges via shell metacharacters in the xmlPath argument.
4 CVE-2014-9760 79 XSS 2017-02-13 2020-02-24
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the displayLogin function in html/index.php in GOsa allows remote attackers to inject arbitrary web script or HTML via the username.
5 CVE-2014-9905 79 XSS 2017-02-17 2019-11-07
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title of an appointment or (2) contact fields.
6 CVE-2014-9914 362 DoS +Priv 2017-02-07 2017-07-25
7.2
None Local Low Not required Complete Complete Complete
Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations about locking during multithreaded access to internal data structures for IPv4 UDP sockets.
7 CVE-2014-9916 79 1 XSS 2017-02-24 2020-02-24
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Bilboplanet 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) tribe_name or (2) tags parameter in a tribes page request to user/ or the (3) user_id or (4) fullname parameter to signup.php.
8 CVE-2015-1976 284 Exec Code 2017-02-08 2019-02-04
2.1
None Local Low Not required None None Partial
IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash.
9 CVE-2015-2794 264 2017-02-06 2017-03-02
7.5
None Remote Low Not required Partial Partial Partial
The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.
10 CVE-2015-4049 119 DoS Overflow Mem. Corr. 2017-02-03 2017-03-14
5.6
None Remote High ??? None Partial Complete
Unisys Libra 43xx, 63xx, and 83xx, and FS600 class systems with MCP-FIRMWARE 40.0 before 40.0IC4 Build 270 might allow remote authenticated users to cause a denial of service (data corruption or system crash) via vectors related to using program operators during EPSILON (level 5) based codefiles at peak memory usage, which triggers CPM stack corruption.
11 CVE-2015-4056 310 2017-02-21 2021-09-09
2.1
None Local Low Not required Partial None None
The System Library in VCE Vision Intelligent Operations before 2.6.5 does not properly implement cryptography, which makes it easier for local users to discover credentials by leveraging administrative access.
12 CVE-2015-4057 200 +Info 2017-02-21 2021-09-09
5.0
None Remote Low Not required Partial None None
The "Plug-in for VMware vCenter" in VCE Vision Intelligent Operations before 2.6.5 sends a cleartext HTTP response upon a request for the Settings screen, which allows remote attackers to discover the admin user password by sniffing the network.
13 CVE-2015-5013 522 2017-02-08 2021-11-09
2.1
None Local Low Not required Partial None None
The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access.
14 CVE-2015-5677 200 +Info 2017-02-07 2017-09-10
2.1
None Local Low Not required Partial None None
bsnmpd, as used in FreeBSD 9.3, 10.1, and 10.2, uses world-readable permissions on the snmpd.config file, which allows local users to obtain the secret key for USM authentication by reading the file.
15 CVE-2015-6023 284 Exec Code Bypass 2017-02-09 2018-10-09
7.5
None Remote Low Not required Partial Partial Partial
ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote attackers to bypass intended access restrictions via a direct request. NOTE: this issue can be combined with CVE-2015-6024 to execute arbitrary commands.
16 CVE-2015-6024 77 Exec Code 2017-02-09 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the DIA_IPADDRESS parameter.
17 CVE-2015-7418 200 +Info 2017-02-08 2017-02-14
2.1
None Local Low Not required Partial None None
IBM WebSphere eXtreme Scale and the WebSphere DataPower XC10 Appliance allow some sensitive data to linger in memory instead of being overwritten which could allow a local user with administrator privileges to obtain sensitive information.
18 CVE-2015-7493 200 Exec Code +Info 2017-02-08 2017-02-13
1.9
None Local Medium Not required Partial None None
IBM InfoSphere Information Server could allow a local user under special circumstances to execute commands during installation processes that could expose sensitive information.
19 CVE-2015-7494 284 2017-02-08 2017-02-14
1.7
None Local Low ??? None Partial None
A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API call, provided it would have been possible for the domain admin user to gain access to a resource identifier of the other domain.
20 CVE-2015-7599 190 DoS Exec Code Overflow 2017-02-07 2017-11-16
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the _authenticate function in svc_auth.c in Wind River VxWorks 5.5 through 6.9.4.1, when the Remote Procedure Call (RPC) protocol is enabled, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a username and password.
21 CVE-2015-8322 Exec Code 2017-02-07 2017-11-16
6.5
None Remote Low ??? Partial Partial Partial
NetApp OnCommand System Manager 8.3.x before 8.3.2 allows remote authenticated users to execute arbitrary code via unspecified vectors.
22 CVE-2015-8544 200 +Info 2017-02-07 2017-11-16
5.0
None Remote Low Not required Partial None None
NetApp SnapDrive for Windows before 7.0.2P4, 7.0.3, and 7.1 before 7.1.3P1 allows remote attackers to obtain sensitive information via unspecified vectors.
23 CVE-2015-8608 125 DoS Exec Code 2017-02-07 2020-07-15
7.5
None Remote Low Not required Partial Partial Partial
The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.
24 CVE-2015-8750 476 DoS 2017-02-13 2022-03-01
4.3
None Remote Medium Not required None None Partial
libdwarf 20151114 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a debug_abbrev section marked NOBITS in an ELF file.
25 CVE-2015-8768 264 +Priv 2017-02-13 2017-10-03
7.5
None Remote Low Not required Partial Partial Partial
click/install.py in click does not require files in package filesystem tarballs to start with ./ (dot slash), which allows remote attackers to install an alternate security policy and gain privileges via a crafted package, as demonstrated by the test.mmrow app for Ubuntu phone.
26 CVE-2015-8771 94 Exec Code 2017-02-13 2017-03-02
7.5
None Remote Low Not required Partial Partial Partial
The generate_smb_nt_hash function in include/functions.inc in GOsa allows remote attackers to execute arbitrary commands via a crafted password.
27 CVE-2015-8831 79 XSS 2017-02-09 2017-03-02
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in admin/comments.php in Dotclear before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the author name in a comment.
28 CVE-2015-8832 284 Exec Code 2017-02-09 2017-03-02
6.5
None Remote Low ??? Partial Partial Partial
Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php in Dotclear before 2.8.2 allow remote authenticated users with "manage their own media items" and "manage their own entries and comments" permissions to execute arbitrary PHP code by uploading a file with a (1) .pht, (2) .phps, or (3) .phtml extension.
29 CVE-2015-8900 835 DoS 2017-02-27 2020-07-31
4.3
None Remote Medium Not required None None Partial
The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file.
30 CVE-2015-8901 835 DoS 2017-02-27 2020-07-31
4.3
None Remote Medium Not required None None Partial
ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file.
31 CVE-2015-8902 835 DoS 2017-02-27 2020-07-31
4.3
None Remote Medium Not required None None Partial
The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted PDB file.
32 CVE-2015-8903 835 DoS 2017-02-27 2020-07-31
4.3
None Remote Medium Not required None None Partial
The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted VICAR file.
33 CVE-2015-8936 79 XSS 2017-02-09 2017-02-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in squidGuard.cgi in squidGuard before 1.5 allows remote attackers to inject arbitrary web script or HTML via a blocked site link.
34 CVE-2015-8979 119 DoS Overflow 2017-02-15 2017-02-23
5.0
None Remote Low Not required None None Partial
Stack-based buffer overflow in the parsePresentationContext function in storescp in DICOM dcmtk-3.6.0 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a long string sent to TCP port 4242.
35 CVE-2016-0202 200 +Info 2017-02-08 2017-02-15
2.1
None Local Low Not required Partial None None
A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. It is possible for an authenticated user to view any task of the current users domain.
36 CVE-2016-0203 200 +Info 2017-02-08 2017-02-15
2.1
None Local Low Not required Partial None None
A vulnerability has been identified in the IBM Cloud Orchestrator task API. The task API might allow an authenticated user to view background information associated with actions performed on virtual machines in projects where the user belongs to.
37 CVE-2016-0206 20 2017-02-08 2017-02-15
2.1
None Local Low Not required None None Partial
IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of time by using a specially crafted and malformed URL.
38 CVE-2016-0210 200 +Info 2017-02-08 2017-02-15
5.0
None Remote Low Not required Partial None None
IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to obtain sensitive information. By allowing HTTP OPTIONS method, a remote attacker could send a specially-crafted query to a vulnerable server running to cause the server to disclose sensitive information in the HTTP response.
39 CVE-2016-0214 284 2017-02-08 2017-02-15
6.8
None Remote Medium Not required Partial Partial Partial
IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. A remote attacker could exploit this vulnerability to upload a malicious file. The only way that file would be executed would be through a phishing attack to trick an unsuspecting victim to execute the file.
40 CVE-2016-0217 79 XSS 2017-02-01 2019-09-30
3.5
None Remote Medium ??? None Partial None
IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
41 CVE-2016-0218 79 XSS 2017-02-01 2017-04-06
3.5
None Remote Medium ??? None Partial None
IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
42 CVE-2016-0265 79 XSS 2017-02-01 2017-02-05
3.5
None Remote Medium ??? None Partial None
IBM Campaign is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
43 CVE-2016-0270 200 +Info 2017-02-08 2017-11-15
4.3
None Remote Medium Not required Partial None None
IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden attack." NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue.
44 CVE-2016-0296 532 2017-02-01 2017-02-05
2.1
None Local Low Not required Partial None None
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user.
45 CVE-2016-0297 200 +Info 2017-02-01 2017-02-05
4.3
None Remote Medium Not required Partial None None
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could allow a remote attacker to obtain sensitive information due to a missing HTTP Strict-Transport-Security Header through man in the middle techniques.
46 CVE-2016-0305 79 XSS 2017-02-08 2017-02-10
3.5
None Remote Medium ??? None Partial None
IBM Connections is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
47 CVE-2016-0307 200 +Info 2017-02-08 2017-02-10
4.0
None Remote Low ??? Partial None None
IBM Connections 5.5 and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned responses.
48 CVE-2016-0308 284 2017-02-08 2017-02-10
4.0
None Remote Low ??? None Partial None
IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images.
49 CVE-2016-0310 79 XSS 2017-02-08 2017-02-10
3.5
None Remote Medium ??? None Partial None
IBM Connections 5.5 and earlier is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain.
50 CVE-2016-0320 284 2017-02-01 2017-02-13
4.0
None Remote Low ??? None Partial None
IBM UrbanCode Deploy could allow an authenticated user to modify Ucd objects due to multiple REST endpoints not properly authorizing users editing UCD objects. This could affect the behavior of legitimately triggered processes.
Total number of vulnerabilities : 1041   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.