| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
701 |
CVE-2016-6874 |
|
|
|
2017-02-17 |
2017-02-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The array_*_recursive functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, related to recursion. |
|
702 |
CVE-2016-6873 |
|
|
|
2017-02-17 |
2017-02-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Self recursion in compact in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. |
|
703 |
CVE-2016-6872 |
190 |
|
Overflow |
2017-02-17 |
2017-02-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in StringUtil::implode in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. |
|
704 |
CVE-2016-6871 |
190 |
|
Overflow |
2017-02-17 |
2017-02-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow. |
|
705 |
CVE-2016-6870 |
787 |
|
|
2017-02-17 |
2017-02-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. |
|
706 |
CVE-2016-6866 |
476 |
|
Bypass |
2017-02-15 |
2017-02-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash. |
|
707 |
CVE-2016-6832 |
119 |
|
DoS Overflow |
2017-02-15 |
2017-02-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Heap-based buffer overflow in the ff_audio_resample function in resample.c in libav before 11.4 allows remote attackers to cause a denial of service (crash) via vectors related to buffer resizing. |
|
708 |
CVE-2016-6667 |
|
|
Exec Code |
2017-02-07 |
2017-02-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
NetApp OnCommand Unified Manager for Clustered Data ONTAP 6.3 through 6.4P1 contain a default privileged account, which allows remote attackers to execute arbitrary code via unspecified vectors. |
|
709 |
CVE-2016-6649 |
77 |
|
Bypass |
2017-02-03 |
2017-03-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by multiple command injection vulnerabilities where a malicious administrator with configuration privileges may bypass the user interface and escalate his privileges to root. |
|
710 |
CVE-2016-6648 |
275 |
|
|
2017-02-03 |
2017-03-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by sensitive information disclosure vulnerability as a result of incorrect permissions set on a sensitive system file. A malicious administrator with configuration privileges may access this sensitive system file and compromise the affected system. |
|
711 |
CVE-2016-6500 |
20 |
|
Exec Code |
2017-02-03 |
2017-03-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Unspecified methods in the RACF Connector component before 1.1.1.0 in ForgeRock OpenIDM and OpenICF improperly call the SearchControls constructor with returnObjFlag set to true, which allows remote attackers to execute arbitrary code via a crafted serialized Java object, aka LDAP entry poisoning. |
|
712 |
CVE-2016-6495 |
200 |
|
+Info |
2017-02-07 |
2017-02-24 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
NetApp Data ONTAP before 8.2.4P5, when operating in 7-Mode, allows remote attackers to obtain information about the volumes configured for HTTP access. |
|
713 |
CVE-2016-6252 |
190 |
|
Overflow +Priv |
2017-02-17 |
2017-11-04 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap. |
|
714 |
CVE-2016-6249 |
200 |
|
+Info |
2017-02-20 |
2017-07-25 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may allow local users to obtain sensitive information by reading these files. |
|
715 |
CVE-2016-6238 |
125 |
|
DoS |
2017-02-02 |
2017-02-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The write_ujpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds read) via a crafted jpeg file. |
|
716 |
CVE-2016-6237 |
787 |
|
DoS |
2017-02-02 |
2017-02-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The build_huffcodes function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds write) via a crafted jpeg file. |
|
717 |
CVE-2016-6236 |
125 |
|
DoS |
2017-02-02 |
2017-02-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg file. |
|
718 |
CVE-2016-6235 |
399 |
|
DoS |
2017-02-02 |
2017-02-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (segmentation fault) via a crafted jpeg file. |
|
719 |
CVE-2016-6234 |
20 |
|
DoS |
2017-02-02 |
2017-02-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The process_file function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (crash) via a crafted jpeg file. |
|
720 |
CVE-2016-6233 |
89 |
|
Sql |
2017-02-17 |
2018-10-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression. |
|
721 |
CVE-2016-6210 |
200 |
|
+Info |
2017-02-13 |
2019-02-07 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided. |
|
722 |
CVE-2016-6199 |
502 |
|
Exec Code |
2017-02-07 |
2017-02-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object. |
|
723 |
CVE-2016-6191 |
79 |
|
XSS |
2017-02-17 |
2019-11-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the View Raw Source page in the Web Calendar in SOGo before 3.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Description, (2) Location, (3) URL, or (4) Title field. |
|
724 |
CVE-2016-6190 |
200 |
|
+Info |
2017-02-17 |
2017-02-22 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the "View the Date & Time" restriction, as demonstrated by correlating UIDs and DTSTAMPs between all users. |
|
725 |
CVE-2016-6189 |
184 |
|
+Info |
2017-02-17 |
2019-11-07 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds. |
|
726 |
CVE-2016-6188 |
399 |
|
DoS |
2017-02-03 |
2019-11-07 |
6.8 |
None |
Remote |
Low |
??? |
None |
None |
Complete |
|
Memory leak in SOGo 2.3.7 allows remote attackers to cause a denial of service (memory consumption) via a large number of attempts to upload a large attachment, related to temporary files. |
|
727 |
CVE-2016-6175 |
94 |
|
Exec Code |
2017-02-07 |
2017-09-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header. |
|
728 |
CVE-2016-6173 |
399 |
|
DoS |
2017-02-09 |
2017-02-24 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data. |
|
729 |
CVE-2016-6171 |
400 |
|
DoS |
2017-02-09 |
2020-06-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Knot DNS before 2.3.0 allows remote DNS servers to cause a denial of service (memory exhaustion and slave server crash) via a large zone transfer for (1) DDNS, (2) AXFR, or (3) IXFR. |
|
730 |
CVE-2016-6163 |
125 |
|
DoS |
2017-02-03 |
2017-02-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted svg file. |
|
731 |
CVE-2016-6131 |
20 |
|
DoS Overflow |
2017-02-07 |
2017-02-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types. |
|
732 |
CVE-2016-6129 |
20 |
|
|
2017-02-13 |
2017-03-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a Bleichenbacher signature forgery attack. |
|
733 |
CVE-2016-6126 |
22 |
|
Dir. Trav. |
2017-02-01 |
2017-02-07 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. |
|
734 |
CVE-2016-6125 |
79 |
|
XSS |
2017-02-01 |
2017-02-05 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. |
|
735 |
CVE-2016-6124 |
434 |
|
Exec Code |
2017-02-01 |
2017-02-07 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. |
|
736 |
CVE-2016-6123 |
79 |
|
XSS |
2017-02-01 |
2017-02-05 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. |
|
737 |
CVE-2016-6122 |
200 |
|
+Info |
2017-02-01 |
2017-02-08 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 discloses answers to security questions in a response to authenticated users. |
|
738 |
CVE-2016-6117 |
200 |
|
+Info |
2017-02-01 |
2017-02-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 can be deployed with active debugging code that can disclose sensitive information. |
|
739 |
CVE-2016-6116 |
200 |
|
+Info |
2017-02-02 |
2017-02-07 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. |
|
740 |
CVE-2016-6115 |
119 |
|
Exec Code Overflow |
2017-02-01 |
2017-02-15 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
IBM General Parallel File System is vulnerable to a buffer overflow. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with root privileges or cause the server to crash. |
|
741 |
CVE-2016-6113 |
79 |
|
XSS |
2017-02-01 |
2017-07-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM Verse is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. |
|
742 |
CVE-2016-6110 |
255 |
|
|
2017-02-01 |
2017-05-25 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user. |
|
743 |
CVE-2016-6105 |
284 |
|
|
2017-02-01 |
2017-02-11 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 do not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. |
|
744 |
CVE-2016-6104 |
434 |
|
Exec Code |
2017-02-07 |
2017-02-13 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute arbitrary code on the vulnerable system. |
|
745 |
CVE-2016-6103 |
352 |
|
CSRF |
2017-02-02 |
2017-02-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. |
|
746 |
CVE-2016-6099 |
200 |
|
+Info |
2017-02-02 |
2017-02-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. |
|
747 |
CVE-2016-6097 |
200 |
|
+Info |
2017-02-07 |
2017-02-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system. |
|
748 |
CVE-2016-6096 |
79 |
|
XSS |
2017-02-07 |
2017-02-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. |
|
749 |
CVE-2016-6095 |
284 |
|
|
2017-02-02 |
2017-02-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. |
|
750 |
CVE-2016-6094 |
200 |
|
+Info |
2017-02-07 |
2017-02-09 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates an error message that includes sensitive information about its environment, users, or associated data. |
