Users login

Create an account »

JOIN XATRIX

Users login

Home » CVE vulnerabilities

CVE Vulnerabilities

CVE vulnerabilities is a database of publicly known information security vulnerabilities and exposures.
Page: 123456 out of 2740

CVE-2017-3791 | February 01, 2017
A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges. The vulnerability is due to a processing error in the role-based access control (RBAC) of URLs. An attacker could exploit this vulnerability by sending API commands via HTTP to a particular URL without prior authentication. An exploit could allow the attacker to perform any actions in Cisco Prime Home with administrator privileges. This vulnerability affects Cisco Prime Home versions from 6.3.0.0 to the first fixed release 6.5.0.1. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCvb49837.
Severity: High | Impact score: 10.00 | Exploit score: 10.00
Vendors affected: Cisco

CVE-2017-3790 | February 01, 2017
A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software could allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient size validation of user-supplied data. An attacker could exploit this vulnerability by sending crafted H.224 data in Real-Time Transport Protocol (RTP) packets in an H.323 call. An exploit could allow the attacker to overflow a buffer in a cache that belongs to the received packet parser, which will result in a crash of the application, resulting in a DoS condition. All versions of Cisco Expressway Series Software and Cisco TelePresence VCS Software prior to version X8.8.2 are vulnerable. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCus99263.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-9963 | February 01, 2017
Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-9739 | February 01, 2017
IBM Security Identity Manager Virtual Appliance stores user credentials in plain in clear text which can be read by a local user.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-9731 | February 01, 2017
IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-9704 | February 01, 2017
IBM Security Identity Manager Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-9703 | February 01, 2017
IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-9225 | February 01, 2017
A vulnerability in the data plane IP fragment handler of the Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security module could allow an unauthenticated, remote attacker to cause the CX module to be unable to process further traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of IP fragments. An attacker could exploit this vulnerability by sending crafted fragmented IP traffic across the CX module. An exploit could allow the attacker to exhaust free packet buffers in shared memory (SHM), causing the CX module to be unable to process further traffic, resulting in a DoS condition. This vulnerability affects all versions of the ASA CX Context-Aware Security module. Cisco has not released and will not release software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCva62946.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-9008 | February 01, 2017
IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-9000 | February 01, 2017
IBM InfoSphere DataStage is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to navigate to a web page the attacker controls. An attacker could use this vulnerability to conduct clickjacking or other client-side browser attacks.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-8999 | February 01, 2017
IBM InfoSphere Information Server contains a Path-relative stylesheet import vulnerability that allows attackers to render a page in quirks mode thereby facilitating an attacker to inject malicious CSS.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-8982 | February 01, 2017
IBM InfoSphere Information Server stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-8981 | February 01, 2017
IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-8980 | February 01, 2017
IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-8977 | February 01, 2017
IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. This information could be used to mount further attacks against the system.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-8967 | February 01, 2017
IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-8966 | February 01, 2017
IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-8963 | February 01, 2017
IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-8961 | February 01, 2017
IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-8943 | February 01, 2017
IBM Tivoli Storage Productivity Center is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-8942 | February 01, 2017
IBM Tivoli Storage Productivity Center could allow an authenticated user with intimate knowledge of the system to edit a limited set of properties on the server.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-8941 | February 01, 2017
IBM Tivoli Storage Productivity Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-8938 | February 01, 2017
IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host customer's production applications.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-8936 | February 01, 2017
IBM Social Rendering Templates for Digital Data Connector is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-8934 | February 01, 2017
IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: | Impact score: 0.00 | Exploit score: 0.00

Page: 123456 out of 2740

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »