| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2010-5328 |
20 |
|
DoS |
2017-02-06 |
2017-03-29 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
include/linux/init_task.h in the Linux kernel before 2.6.35 does not prevent signals with a process group ID of zero from reaching the swapper process, which allows local users to cause a denial of service (system crash) by leveraging access to this process group. |
|
2 |
CVE-2013-7459 |
119 |
|
Exec Code Overflow |
2017-02-15 |
2017-07-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py. |
|
3 |
CVE-2014-4677 |
77 |
|
Exec Code |
2017-02-22 |
2018-05-02 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The installPackage function in the installerHelper subcomponent in Libmacgpg in GPG Suite before 2015.06 allows local users to execute arbitrary commands with root privileges via shell metacharacters in the xmlPath argument. |
|
4 |
CVE-2014-9760 |
79 |
|
XSS |
2017-02-13 |
2020-02-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the displayLogin function in html/index.php in GOsa allows remote attackers to inject arbitrary web script or HTML via the username. |
|
5 |
CVE-2014-9905 |
79 |
|
XSS |
2017-02-17 |
2019-11-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title of an appointment or (2) contact fields. |
|
6 |
CVE-2014-9914 |
362 |
|
DoS +Priv |
2017-02-07 |
2017-07-25 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations about locking during multithreaded access to internal data structures for IPv4 UDP sockets. |
|
7 |
CVE-2014-9916 |
79 |
1
|
XSS |
2017-02-24 |
2020-02-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Bilboplanet 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) tribe_name or (2) tags parameter in a tribes page request to user/ or the (3) user_id or (4) fullname parameter to signup.php. |
|
8 |
CVE-2015-1976 |
284 |
|
Exec Code |
2017-02-08 |
2019-02-04 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash. |
|
9 |
CVE-2015-2794 |
264 |
|
|
2017-02-06 |
2017-03-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx. |
|
10 |
CVE-2015-4049 |
119 |
|
DoS Overflow Mem. Corr. |
2017-02-03 |
2017-03-14 |
5.6 |
None |
Remote |
High |
??? |
None |
Partial |
Complete |
|
Unisys Libra 43xx, 63xx, and 83xx, and FS600 class systems with MCP-FIRMWARE 40.0 before 40.0IC4 Build 270 might allow remote authenticated users to cause a denial of service (data corruption or system crash) via vectors related to using program operators during EPSILON (level 5) based codefiles at peak memory usage, which triggers CPM stack corruption. |
|
11 |
CVE-2015-4056 |
310 |
|
|
2017-02-21 |
2021-09-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The System Library in VCE Vision Intelligent Operations before 2.6.5 does not properly implement cryptography, which makes it easier for local users to discover credentials by leveraging administrative access. |
|
12 |
CVE-2015-4057 |
200 |
|
+Info |
2017-02-21 |
2021-09-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The "Plug-in for VMware vCenter" in VCE Vision Intelligent Operations before 2.6.5 sends a cleartext HTTP response upon a request for the Settings screen, which allows remote attackers to discover the admin user password by sniffing the network. |
|
13 |
CVE-2015-5013 |
522 |
|
|
2017-02-08 |
2021-11-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access. |
|
14 |
CVE-2015-5677 |
200 |
|
+Info |
2017-02-07 |
2017-09-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
bsnmpd, as used in FreeBSD 9.3, 10.1, and 10.2, uses world-readable permissions on the snmpd.config file, which allows local users to obtain the secret key for USM authentication by reading the file. |
|
15 |
CVE-2015-6023 |
284 |
|
Exec Code Bypass |
2017-02-09 |
2018-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote attackers to bypass intended access restrictions via a direct request. NOTE: this issue can be combined with CVE-2015-6024 to execute arbitrary commands. |
|
16 |
CVE-2015-6024 |
77 |
|
Exec Code |
2017-02-09 |
2018-10-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the DIA_IPADDRESS parameter. |
|
17 |
CVE-2015-7418 |
200 |
|
+Info |
2017-02-08 |
2017-02-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM WebSphere eXtreme Scale and the WebSphere DataPower XC10 Appliance allow some sensitive data to linger in memory instead of being overwritten which could allow a local user with administrator privileges to obtain sensitive information. |
|
18 |
CVE-2015-7493 |
200 |
|
Exec Code +Info |
2017-02-08 |
2017-02-13 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
IBM InfoSphere Information Server could allow a local user under special circumstances to execute commands during installation processes that could expose sensitive information. |
|
19 |
CVE-2015-7494 |
284 |
|
|
2017-02-08 |
2017-02-14 |
1.7 |
None |
Local |
Low |
??? |
None |
Partial |
None |
|
A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API call, provided it would have been possible for the domain admin user to gain access to a resource identifier of the other domain. |
|
20 |
CVE-2015-7599 |
190 |
|
DoS Exec Code Overflow |
2017-02-07 |
2017-11-16 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the _authenticate function in svc_auth.c in Wind River VxWorks 5.5 through 6.9.4.1, when the Remote Procedure Call (RPC) protocol is enabled, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a username and password. |
|
21 |
CVE-2015-8322 |
|
|
Exec Code |
2017-02-07 |
2017-11-16 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
NetApp OnCommand System Manager 8.3.x before 8.3.2 allows remote authenticated users to execute arbitrary code via unspecified vectors. |
|
22 |
CVE-2015-8544 |
200 |
|
+Info |
2017-02-07 |
2017-11-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
NetApp SnapDrive for Windows before 7.0.2P4, 7.0.3, and 7.1 before 7.1.3P1 allows remote attackers to obtain sensitive information via unspecified vectors. |
|
23 |
CVE-2015-8608 |
125 |
|
DoS Exec Code |
2017-02-07 |
2020-07-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument. |
|
24 |
CVE-2015-8750 |
476 |
|
DoS |
2017-02-13 |
2022-03-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
libdwarf 20151114 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a debug_abbrev section marked NOBITS in an ELF file. |
|
25 |
CVE-2015-8768 |
264 |
|
+Priv |
2017-02-13 |
2017-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
click/install.py in click does not require files in package filesystem tarballs to start with ./ (dot slash), which allows remote attackers to install an alternate security policy and gain privileges via a crafted package, as demonstrated by the test.mmrow app for Ubuntu phone. |
|
26 |
CVE-2015-8771 |
94 |
|
Exec Code |
2017-02-13 |
2017-03-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The generate_smb_nt_hash function in include/functions.inc in GOsa allows remote attackers to execute arbitrary commands via a crafted password. |
|
27 |
CVE-2015-8831 |
79 |
|
XSS |
2017-02-09 |
2017-03-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in admin/comments.php in Dotclear before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the author name in a comment. |
|
28 |
CVE-2015-8832 |
284 |
|
Exec Code |
2017-02-09 |
2017-03-02 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php in Dotclear before 2.8.2 allow remote authenticated users with "manage their own media items" and "manage their own entries and comments" permissions to execute arbitrary PHP code by uploading a file with a (1) .pht, (2) .phps, or (3) .phtml extension. |
|
29 |
CVE-2015-8900 |
835 |
|
DoS |
2017-02-27 |
2020-07-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file. |
|
30 |
CVE-2015-8901 |
835 |
|
DoS |
2017-02-27 |
2020-07-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file. |
|
31 |
CVE-2015-8902 |
835 |
|
DoS |
2017-02-27 |
2020-07-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted PDB file. |
|
32 |
CVE-2015-8903 |
835 |
|
DoS |
2017-02-27 |
2020-07-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted VICAR file. |
|
33 |
CVE-2015-8936 |
79 |
|
XSS |
2017-02-09 |
2017-02-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in squidGuard.cgi in squidGuard before 1.5 allows remote attackers to inject arbitrary web script or HTML via a blocked site link. |
|
34 |
CVE-2015-8979 |
119 |
|
DoS Overflow |
2017-02-15 |
2017-02-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Stack-based buffer overflow in the parsePresentationContext function in storescp in DICOM dcmtk-3.6.0 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a long string sent to TCP port 4242. |
|
35 |
CVE-2016-0202 |
200 |
|
+Info |
2017-02-08 |
2017-02-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. It is possible for an authenticated user to view any task of the current users domain. |
|
36 |
CVE-2016-0203 |
200 |
|
+Info |
2017-02-08 |
2017-02-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A vulnerability has been identified in the IBM Cloud Orchestrator task API. The task API might allow an authenticated user to view background information associated with actions performed on virtual machines in projects where the user belongs to. |
|
37 |
CVE-2016-0206 |
20 |
|
|
2017-02-08 |
2017-02-15 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of time by using a specially crafted and malformed URL. |
|
38 |
CVE-2016-0210 |
200 |
|
+Info |
2017-02-08 |
2017-02-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to obtain sensitive information. By allowing HTTP OPTIONS method, a remote attacker could send a specially-crafted query to a vulnerable server running to cause the server to disclose sensitive information in the HTTP response. |
|
39 |
CVE-2016-0214 |
284 |
|
|
2017-02-08 |
2017-02-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. A remote attacker could exploit this vulnerability to upload a malicious file. The only way that file would be executed would be through a phishing attack to trick an unsuspecting victim to execute the file. |
|
40 |
CVE-2016-0217 |
79 |
|
XSS |
2017-02-01 |
2019-09-30 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. |
|
41 |
CVE-2016-0218 |
79 |
|
XSS |
2017-02-01 |
2017-04-06 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. |
|
42 |
CVE-2016-0265 |
79 |
|
XSS |
2017-02-01 |
2017-02-05 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Campaign is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. |
|
43 |
CVE-2016-0270 |
200 |
|
+Info |
2017-02-08 |
2017-11-15 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden attack." NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue. |
|
44 |
CVE-2016-0296 |
532 |
|
|
2017-02-01 |
2017-02-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user. |
|
45 |
CVE-2016-0297 |
200 |
|
+Info |
2017-02-01 |
2017-02-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could allow a remote attacker to obtain sensitive information due to a missing HTTP Strict-Transport-Security Header through man in the middle techniques. |
|
46 |
CVE-2016-0305 |
79 |
|
XSS |
2017-02-08 |
2017-02-10 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Connections is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. |
|
47 |
CVE-2016-0307 |
200 |
|
+Info |
2017-02-08 |
2017-02-10 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Connections 5.5 and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned responses. |
|
48 |
CVE-2016-0308 |
284 |
|
|
2017-02-08 |
2017-02-10 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images. |
|
49 |
CVE-2016-0310 |
79 |
|
XSS |
2017-02-08 |
2017-02-10 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Connections 5.5 and earlier is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. |
|
50 |
CVE-2016-0320 |
284 |
|
|
2017-02-01 |
2017-02-13 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
IBM UrbanCode Deploy could allow an authenticated user to modify Ucd objects due to multiple REST endpoints not properly authorizing users editing UCD objects. This could affect the behavior of legitimately triggered processes. |
