CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
451 CVE-2016-9314 200 +Info 2017-02-21 2017-07-25
4.0
None Remote Low ??? Partial None None
Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to backup the system configuration and download it onto their local machine. This backup file contains sensitive information like passwd/shadow files, RSA certificates, Private Keys and Default Passphrase, etc. This was resolved in Version 6.5 CP 1737.
452 CVE-2016-9269 264 Exec Code 2017-02-21 2017-07-25
9.0
None Remote Low ??? Complete Complete Complete
Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to run arbitrary commands on the system as root via Patch Update functionality. This was resolved in Version 6.5 CP 1737.
453 CVE-2016-9261 79 XSS 2017-02-28 2021-08-31
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in Tenable Log Correlation Engine (aka LCE) before 4.8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
454 CVE-2016-9259 79 XSS 2017-02-28 2017-03-01
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
455 CVE-2016-9244 200 +Info 2017-02-09 2019-06-06
5.0
None Remote Low Not required Partial None None
A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer (SSL) session IDs from other sessions. It is possible that other data from uninitialized memory may be returned as well.
456 CVE-2016-9225 399 DoS 2017-02-01 2019-10-09
7.8
None Remote Low Not required None None Complete
A vulnerability in the data plane IP fragment handler of the Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security module could allow an unauthenticated, remote attacker to cause the CX module to be unable to process further traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of IP fragments. An attacker could exploit this vulnerability by sending crafted fragmented IP traffic across the CX module. An exploit could allow the attacker to exhaust free packet buffers in shared memory (SHM), causing the CX module to be unable to process further traffic, resulting in a DoS condition. This vulnerability affects all versions of the ASA CX Context-Aware Security module. Cisco has not released and will not release software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCva62946.
457 CVE-2016-9139 79 XSS 2017-02-17 2017-02-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment.
458 CVE-2016-9108 190 DoS Overflow 2017-02-03 2020-04-22
5.0
None Remote Low Not required None None Partial
Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc. MuJS before commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e allows attackers to cause a denial of service (application crash) via a crafted regular expression.
459 CVE-2016-9085 190 Overflow 2017-02-03 2021-02-25
2.1
None Local Low Not required None None Partial
Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors.
460 CVE-2016-9082 190 DoS Overflow 2017-02-03 2019-04-02
4.3
None Remote Medium Not required None None Partial
Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file.
461 CVE-2016-9053 129 Exec Code 2017-02-21 2022-04-19
7.5
None Remote Low Not required Partial Partial Partial
An exploitable out-of-bounds indexing vulnerability exists within the RW fabric message particle type of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server to fetch a function table outside the bounds of an array resulting in remote code execution. An attacker can simply connect to the port to trigger this vulnerability.
462 CVE-2016-9051 787 Exec Code Mem. Corr. 2017-02-21 2022-04-19
7.5
None Remote Low Not required Partial Partial Partial
An exploitable out-of-bounds write vulnerability exists in the batch transaction field parsing functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause an out-of-bounds write resulting in memory corruption which can lead to remote code execution. An attacker can simply connect to the port to trigger this vulnerability.
463 CVE-2016-9049 476 2017-02-21 2022-04-19
5.0
None Remote Low Not required None None Partial
An exploitable denial-of-service vulnerability exists in the fabric-worker component of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server process to dereference a null pointer. An attacker can simply connect to a TCP port in order to trigger this vulnerability.
464 CVE-2016-9010 254 2017-02-15 2017-03-07
4.3
None Remote Medium Not required None Partial None
IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM Reference #: 1997906.
465 CVE-2016-9009 264 DoS 2017-02-24 2017-03-02
4.0
None Remote Low ??? None None Partial
IBM WebSphere MQ 8.0 could allow an authenticated user with authority to create a cluster object to cause a denial of service to MQ clustering. IBM Reference #: 1998647.
466 CVE-2016-9008 284 2017-02-01 2017-02-13
5.0
None Remote Low Not required None Partial None
IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent.
467 CVE-2016-9005 284 2017-02-08 2017-02-17
7.5
None Remote Low Not required Partial Partial Partial
IBM System Storage TS3100-TS3200 Tape Library could allow an unauthenticated user with access to the company network, to change a user's password and gain remote access to the system.
468 CVE-2016-9000 79 XSS 2017-02-01 2017-07-27
4.3
None Remote Medium Not required None Partial None
IBM InfoSphere DataStage is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to navigate to a web page the attacker controls. An attacker could use this vulnerability to conduct clickjacking or other client-side browser attacks.
469 CVE-2016-8999 79 XSS 2017-02-01 2017-07-27
3.5
None Remote Medium ??? None Partial None
IBM InfoSphere Information Server contains a Path-relative stylesheet import vulnerability that allows attackers to render a page in quirks mode thereby facilitating an attacker to inject malicious CSS.
470 CVE-2016-8998 119 Exec Code Overflow 2017-02-24 2017-03-02
6.0
None Remote Medium ??? Partial Partial Partial
IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on the server. IBM Reference #: 1998747.
471 CVE-2016-8986 284 2017-02-22 2017-03-02
4.0
None Remote Low ??? None None Partial
IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTTP requests. IBM Reference #: 1998648.
472 CVE-2016-8982 200 +Info 2017-02-01 2017-07-26
5.0
None Remote Low Not required Partial None None
IBM InfoSphere Information Server stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.
473 CVE-2016-8981 200 +Info 2017-02-01 2017-02-13
2.1
None Local Low Not required Partial None None
IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system.
474 CVE-2016-8980 611 DoS 2017-02-01 2017-02-13
7.5
None Remote Low ??? Partial None Complete
IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources.
475 CVE-2016-8977 200 +Info 2017-02-01 2017-02-13
5.0
None Remote Low Not required Partial None None
IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. This information could be used to mount further attacks against the system.
476 CVE-2016-8974 611 DoS 2017-02-23 2017-03-02
7.5
None Remote Low ??? Partial None Complete
IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997798.
477 CVE-2016-8972 264 +Priv 2017-02-15 2021-08-31
7.2
None Local Low Not required Complete Complete Complete
IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011.
478 CVE-2016-8968 79 XSS 2017-02-15 2017-07-25
3.5
None Remote Medium ??? None Partial None
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998515.
479 CVE-2016-8967 255 2017-02-01 2017-02-09
2.1
None Local Low Not required Partial None None
IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user.
480 CVE-2016-8966 200 +Info 2017-02-01 2017-02-13
4.3
None Remote Medium Not required Partial None None
IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
481 CVE-2016-8963 200 +Info 2017-02-01 2017-02-13
2.1
None Local Low Not required Partial None None
IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user.
482 CVE-2016-8961 601 +Info 2017-02-01 2017-02-13
5.8
None Remote Medium Not required Partial Partial None
IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.
483 CVE-2016-8954 798 2017-02-08 2017-02-15
7.5
None Remote Low Not required Partial Partial Partial
IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database.
484 CVE-2016-8944 20 2017-02-15 2017-07-25
4.9
None Local Low Not required None None Complete
IBM AIX 7.1 and 7.2 allows a local user to open a file with a specially crafted argument that would crash the system. IBM APARs: IV91488, IV91487, IV91456, IV90234.
485 CVE-2016-8943 79 XSS 2017-02-01 2017-02-13
3.5
None Remote Medium ??? None Partial None
IBM Tivoli Storage Productivity Center is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
486 CVE-2016-8942 284 2017-02-01 2017-02-13
3.5
None Remote Medium ??? None Partial None
IBM Tivoli Storage Productivity Center could allow an authenticated user with intimate knowledge of the system to edit a limited set of properties on the server.
487 CVE-2016-8941 352 CSRF 2017-02-01 2017-06-08
6.8
None Remote Medium Not required Partial Partial Partial
IBM Tivoli Storage Productivity Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
488 CVE-2016-8938 284 Exec Code 2017-02-01 2017-02-13
10.0
None Remote Low Not required Complete Complete Complete
IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host customer's production applications.
489 CVE-2016-8936 79 XSS 2017-02-01 2017-02-15
4.3
None Remote Medium Not required None Partial None
IBM Social Rendering Templates for Digital Data Connector is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
490 CVE-2016-8934 79 XSS 2017-02-01 2017-02-09
3.5
None Remote Medium ??? None Partial None
IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
491 CVE-2016-8933 22 Dir. Trav. 2017-02-01 2017-02-07
4.0
None Remote Low ??? Partial None None
IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system.
492 CVE-2016-8932 284 Exec Code 2017-02-01 2017-02-07
6.5
None Remote Low ??? Partial Partial Partial
IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
493 CVE-2016-8931 284 Exec Code 2017-02-01 2017-02-07
6.5
None Remote Low ??? Partial Partial Partial
IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
494 CVE-2016-8930 89 Sql 2017-02-01 2017-02-07
6.5
None Remote Low ??? Partial Partial Partial
IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
495 CVE-2016-8929 89 Sql 2017-02-01 2017-02-07
5.5
None Remote Low ??? None Partial Partial
IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
496 CVE-2016-8928 89 Sql 2017-02-01 2017-02-07
6.5
None Remote Low ??? Partial Partial Partial
IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
497 CVE-2016-8922 79 XSS 2017-02-01 2017-02-28
4.3
None Remote Medium Not required None Partial None
Exphox WebRadar is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
498 CVE-2016-8921 434 Exec Code 2017-02-01 2017-02-13
6.5
None Remote Low ??? Partial Partial Partial
IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
499 CVE-2016-8920 79 XSS 2017-02-01 2017-02-05
3.5
None Remote Medium ??? None Partial None
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
500 CVE-2016-8919 399 DoS 2017-02-01 2017-02-13
7.8
None Remote Low Not required None None Complete
IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources.
Total number of vulnerabilities : 1041   Page : 1 2 3 4 5 6 7 8 9 10 (This Page)11 12 13 14 15 16 17 18 19 20 21
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.