CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
951 CVE-2016-3016 345 2017-02-01 2020-10-27
3.5
None Remote Medium ??? None Partial None
IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker to load malicious code.
952 CVE-2016-3013 19 2017-02-22 2017-03-02
4.0
None Remote Low ??? None None Partial
IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ channel due to improper data conversion handling. IBM Reference #: 1998661.
953 CVE-2016-2992 79 XSS 2017-02-01 2017-02-15
3.5
None Remote Medium ??? None Partial None
IBM Infosphere BigInsights is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
954 CVE-2016-2987 200 +Info 2017-02-01 2017-02-07
4.0
None Remote Low ??? Partial None None
An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker.
955 CVE-2016-2942 284 2017-02-01 2017-02-13
6.0
None Remote Medium ??? Partial Partial Partial
IBM UrbanCode Deploy could allow an authenticated attacker with special permissions to craft a script on the server in a way that will cause processes to run on a remote UCD agent machine.
956 CVE-2016-2941 200 Exec Code +Info 2017-02-01 2017-02-10
2.1
None Local Low Not required Partial None None
IBM UrbanCode Deploy creates temporary files during step execution that could contain sensitive information including passwords that could be read by a local user.
957 CVE-2016-2939 79 XSS 2017-02-01 2017-07-28
4.3
None Remote Medium Not required None Partial None
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
958 CVE-2016-2938 79 XSS 2017-02-01 2017-07-28
4.3
None Remote Medium Not required None Partial None
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
959 CVE-2016-2924 79 XSS 2017-02-01 2017-02-15
3.5
None Remote Medium ??? None Partial None
IBM Infosphere BigInsights is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
960 CVE-2016-2908 611 DoS +Info 2017-02-01 2020-10-27
6.4
None Remote Low Not required Partial None Partial
IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service.
961 CVE-2016-2866 200 +Info 2017-02-08 2017-02-13
4.0
None Remote Low ??? Partial None None
An unspecified vulnerability in IBM Jazz Team Server may disclose some deployment information to an authenticated user.
962 CVE-2016-2788 284 Exec Code 2017-02-13 2022-01-24
7.5
None Remote Low Not required Partial Partial Partial
MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command.
963 CVE-2016-2787 284 2017-02-13 2019-07-10
5.0
None Remote Low Not required None None Partial
The Puppet Communications Protocol in Puppet Enterprise 2015.3.x before 2015.3.3 does not properly validate certificates for the broker node, which allows remote non-whitelisted hosts to prevent runs from triggering via unspecified vectors.
964 CVE-2016-2781 20 2017-02-07 2021-02-25
2.1
None Local Low Not required None Partial None
chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
965 CVE-2016-2779 264 2017-02-07 2019-01-04
7.2
None Local Low Not required Complete Complete Complete
runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
966 CVE-2016-2568 116 2017-02-13 2022-04-18
4.4
None Local Medium Not required Partial Partial Partial
pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
967 CVE-2016-2539 352 Exec Code CSRF 2017-02-07 2017-09-08
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files and execute arbitrary PHP code via vectors involving a crafted zip file.
968 CVE-2016-2403 287 Bypass 2017-02-07 2018-08-06
7.5
None Remote Low Not required Partial Partial Partial
Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind.
969 CVE-2016-2318 476 DoS 2017-02-03 2018-10-30
4.3
None Remote Medium Not required None None Partial
GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c.
970 CVE-2016-2317 119 DoS Overflow 2017-02-03 2018-10-30
4.3
None Remote Medium Not required None None Partial
Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c.
971 CVE-2016-2274 79 XSS 2017-02-13 2017-02-17
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Adcon Telemetry A850 Telemetry Gateway Base Station. The Web Interface does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the output; this could allow for cross-site scripting.
972 CVE-2016-2226 119 Exec Code Overflow 2017-02-24 2017-08-12
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.
973 CVE-2016-2148 119 Overflow 2017-02-09 2021-02-22
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing.
974 CVE-2016-2147 190 DoS Overflow 2017-02-09 2021-02-18
5.0
None Remote Low Not required None None Partial
Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write.
975 CVE-2016-1894 284 Bypass 2017-02-07 2017-11-16
9.3
None Remote Medium Not required Complete Complete Complete
NetApp OnCommand Workflow Automation before 3.1P2 allows remote attackers to bypass authentication via unspecified vectors.
976 CVE-2016-1889 190 Overflow +Priv 2017-02-15 2017-02-16
7.2
None Local Low Not required Complete Complete Complete
Integer overflow in the bhyve hypervisor in FreeBSD 10.1, 10.2, 10.3, and 11.0 when configured with a large amount of guest memory, allows local users to gain privilege via a crafted device descriptor.
977 CVE-2016-1888 287 Bypass 2017-02-15 2017-02-17
5.0
None Remote Low Not required None Partial None
The telnetd service in FreeBSD 9.3, 10.1, 10.2, 10.3, and 11.0 allows remote attackers to inject arguments to login and bypass authentication via vectors involving a "sequence of memory allocation failures."
978 CVE-2016-1883 264 +Priv 2017-02-15 2017-02-17
7.2
None Local Low Not required Complete Complete Complete
The issetugid system call in the Linux compatibility layer in FreeBSD 9.3, 10.1, and 10.2 allows local users to gain privilege via unspecified vectors.
979 CVE-2016-1881 264 DoS +Priv 2017-02-15 2018-01-30
7.2
None Local Low Not required Complete Complete Complete
The kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to cause a denial of service (crash) or potentially gain privilege via a crafted Linux compatibility layer setgroups system call.
980 CVE-2016-1880 264 +Priv 2017-02-15 2017-02-17
7.2
None Local Low Not required Complete Complete Complete
The Linux compatibility layer in the kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to read portions of kernel memory and potentially gain privilege via unspecified vectors, related to "handling of Linux futex robust lists."
981 CVE-2016-1566 79 XSS 2017-02-02 2017-02-05
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users, allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. NOTE: this vulnerability was fixed in guacamole.war on 2016-01-13, but the version number was not changed.
982 CVE-2016-1504 119 DoS Overflow 2017-02-07 2017-09-10
5.0
None Remote Low Not required None None Partial
dhcpcd before 6.10.0 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to the option length.
983 CVE-2016-1502 287 Bypass 2017-02-07 2017-02-24
7.5
None Remote Low Not required Partial Partial Partial
NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to partially bypass authentication and then list and delete backups via unspecified vectors.
984 CVE-2016-1249 125 DoS 2017-02-17 2021-08-09
4.3
None Remote Medium Not required None None Partial
The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service (out-of-bounds read) via vectors involving an unaligned number of placeholders in WHERE condition and output fields in SELECT expression.
985 CVE-2016-1245 119 Overflow 2017-02-22 2018-01-05
7.5
None Remote Low Not required Partial Partial Partial
It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent.
986 CVE-2016-0919 79 XSS 2017-02-03 2021-08-12
4.3
None Remote Medium Not required None Partial None
EMC RSA Web Threat Detection version 5.0, RSA Web Threat Detection version 5.1, RSA Web Threat Detection version 5.1.2 has a cross site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.
987 CVE-2016-0890 200 +Info 2017-02-03 2017-03-02
6.0
None Remote Medium ??? Partial Partial Partial
EMC PowerPath Virtual (Management) Appliance 2.0, EMC PowerPath Virtual (Management) Appliance 2.0 SP1 is affected by a sensitive information disclosure vulnerability that may potentially be exploited by malicious users to compromise the affected system.
988 CVE-2016-0396 77 Exec Code 2017-02-01 2017-02-07
6.8
None Remote Medium Not required Partial Partial Partial
IBM Tivoli Endpoint Manager could allow a user under special circumstances to inject commands that would be executed with unnecessary higher privileges than expected.
989 CVE-2016-0394 275 2017-02-01 2017-02-07
2.1
None Local Low Not required None Partial None
IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files.
990 CVE-2016-0371 200 +Info 2017-02-01 2017-02-15
1.9
None Local Medium Not required Partial None None
The Tivoli Storage Manager (TSM) password may be displayed in plain text via application trace output while application tracing is enabled.
991 CVE-2016-0360 502 Exec Code 2017-02-15 2017-07-27
7.5
None Remote Low Not required Partial Partial Partial
IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding vulnerable classes to the classpath. IBM Reference #: 1983457.
992 CVE-2016-0320 284 2017-02-01 2017-02-13
4.0
None Remote Low ??? None Partial None
IBM UrbanCode Deploy could allow an authenticated user to modify Ucd objects due to multiple REST endpoints not properly authorizing users editing UCD objects. This could affect the behavior of legitimately triggered processes.
993 CVE-2016-0310 79 XSS 2017-02-08 2017-02-10
3.5
None Remote Medium ??? None Partial None
IBM Connections 5.5 and earlier is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain.
994 CVE-2016-0308 284 2017-02-08 2017-02-10
4.0
None Remote Low ??? None Partial None
IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images.
995 CVE-2016-0307 200 +Info 2017-02-08 2017-02-10
4.0
None Remote Low ??? Partial None None
IBM Connections 5.5 and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned responses.
996 CVE-2016-0305 79 XSS 2017-02-08 2017-02-10
3.5
None Remote Medium ??? None Partial None
IBM Connections is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
997 CVE-2016-0297 200 +Info 2017-02-01 2017-02-05
4.3
None Remote Medium Not required Partial None None
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could allow a remote attacker to obtain sensitive information due to a missing HTTP Strict-Transport-Security Header through man in the middle techniques.
998 CVE-2016-0296 532 2017-02-01 2017-02-05
2.1
None Local Low Not required Partial None None
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user.
999 CVE-2016-0270 200 +Info 2017-02-08 2017-11-15
4.3
None Remote Medium Not required Partial None None
IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden attack." NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue.
1000 CVE-2016-0265 79 XSS 2017-02-01 2017-02-05
3.5
None Remote Medium ??? None Partial None
IBM Campaign is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
Total number of vulnerabilities : 1041   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 (This Page)21
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.