Users login

Create an account »

JOIN XATRIX

Users login

Home » CVE vulnerabilities

CVE Vulnerabilities

CVE vulnerabilities is a database of publicly known information security vulnerabilities and exposures.
Page: 123456 out of 2740

CVE-2017-2766 | February 03, 2017
EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified password change vulnerability that could potentially be exploited by malicious users to compromise the affected system.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-9873 | February 03, 2017
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a DQL Injection Vulnerability that could potentially be exploited by malicious users to compromise the affected system. An authenticated low-privileged attacker could potentially exploit this vulnerability to access information, modify data or disrupt services by causing execution of arbitrary DQL commands on the application.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-9872 | February 03, 2017
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has Reflected Cross-Site Scripting Vulnerabilities that could potentially be exploited by malicious users to compromise the affected system.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-9871 | February 03, 2017
EMC Isilon OneFS 7.2.1.0 - 7.2.1.3, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, EMC Isilon OneFS 7.1.0.x is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-9642 | February 03, 2017
JavaScriptCore in WebKit allows attackers to cause a denial of service (out-of-bounds heap read) via a crafted Javascript file.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-9108 | February 03, 2017
Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc. MuJS before commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e allows attackers to cause a denial of service (application crash) via a crafted regular expression.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-9085 | February 03, 2017
Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-9082 | February 03, 2017
Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-8569 | February 03, 2017
The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-8568 | February 03, 2017
The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-8217 | February 03, 2017
EMC RSA BSAFE Crypto-J versions prior to 6.2.2 has a PKCS#12 Timing Attack Vulnerability. A possible timing attack could be carried out by modifying a PKCS#12 file that has an integrity MAC for which the password is not known. An attacker could then feed the modified PKCS#12 file to the toolkit and guess the current MAC one byte at a time. This is possible because Crypto-J uses a non-constant-time method to compare the stored MAC with the calculated MAC. This vulnerability is similar to the issue described in CVE-2015-2601.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-8216 | February 03, 2017
EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS (DD OS) 5.5 family all versions prior to 5.5.5.0, EMC Data Domain OS (DD OS) 5.6 family all versions prior to 5.6.2.0, EMC Data Domain OS (DD OS) 5.7 family all versions prior to 5.7.2.10 has a command injection vulnerability that could potentially be exploited by malicious users to compromise the affected system.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-8212 | February 03, 2017
An issue was discovered in EMC RSA BSAFE Crypto-J versions prior to 6.2.2. There is an Improper OCSP Validation Vulnerability. OCSP responses have two time values: thisUpdate and nextUpdate. These specify a validity period; however, both values are optional. Crypto-J treats the lack of a nextUpdate as indicating that the OCSP response is valid indefinitely instead of restricting its validity for a brief period surrounding the thisUpdate time. This vulnerability is similar to the issue described in CVE-2015-4748.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-8211 | February 03, 2017
EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users to compromise the affected system.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-6649 | February 03, 2017
EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by multiple command injection vulnerabilities where a malicious administrator with configuration privileges may bypass the user interface and escalate his privileges to root.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-6648 | February 03, 2017
EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by sensitive information disclosure vulnerability as a result of incorrect permissions set on a sensitive system file. A malicious administrator with configuration privileges may access this sensitive system file and compromise the affected system.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-6500 | February 03, 2017
Unspecified methods in the RACF Connector component before 1.1.1.0 in ForgeRock OpenIDM and OpenICF improperly call the SearchControls constructor with returnObjFlag set to true, which allows remote attackers to execute arbitrary code via a crafted serialized Java object, aka LDAP entry poisoning.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-6188 | February 03, 2017
Memory leak in SOGo 2.3.7 allows remote attackers to cause a denial of service (memory consumption) via a large number of attempts to upload a large attachment, related to temporary files.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-6163 | February 03, 2017
The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted svg file.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-5241 | February 03, 2017
magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-5115 | February 03, 2017
The avcodec_decode_audio4 function in libavcodec in libavformat 57.34.103, as used in MPlayer, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mp3 file.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-4797 | February 03, 2017
Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for CVE-2014-7947.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-4796 | February 03, 2017
Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-4571 | February 03, 2017
The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-4570 | February 03, 2017
The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.
Severity: | Impact score: 0.00 | Exploit score: 0.00

Page: 123456 out of 2740

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »