The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2016-1502 | NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to partially bypass authentication and then list and delete backups via unspecified vectors. | HIGH | Feb 7, 2017 | n/a |
CVE-2016-1504 | dhcpcd before 6.10.0 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to the option length. | MEDIUM | Feb 7, 2017 | n/a |
CVE-2016-1894 | NetApp OnCommand Workflow Automation before 3.1P2 allows remote attackers to bypass authentication via unspecified vectors. | HIGH | Feb 7, 2017 | n/a |
CVE-2016-2317 | Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c. | MEDIUM | Feb 7, 2017 | n/a |
CVE-2016-2318 | GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c. | MEDIUM | Feb 7, 2017 | n/a |
CVE-2016-2403 | Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. | HIGH | Feb 7, 2017 | n/a |
CVE-2016-2539 | Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files and execute arbitrary PHP code via vectors involving a crafted zip file. | MEDIUM | Feb 7, 2017 | n/a |
CVE-2016-2779 | runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal\'s input buffer. | HIGH | Feb 7, 2017 | n/a |
CVE-2016-2781 | chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal\'s input buffer. | LOW | Feb 7, 2017 | n/a |
CVE-2016-2908 | IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service. | MEDIUM | Feb 7, 2017 | n/a |
CVE-2016-2987 | An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. | MEDIUM | Feb 7, 2017 | n/a |
CVE-2016-3016 | IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker to load malicious code. | LOW | Feb 7, 2017 | n/a |
CVE-2016-3017 | IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information due to security misconfigurations. | MEDIUM | Feb 7, 2017 | n/a |
CVE-2016-3020 | IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass validation and load a page with malicious content. | MEDIUM | Feb 7, 2017 | n/a |
CVE-2016-3021 | IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a specially crafted HTTP request. | MEDIUM | Feb 7, 2017 | n/a |
CVE-2016-3022 | IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due to incorrect file permissions. | MEDIUM | Feb 7, 2017 | n/a |
CVE-2016-3023 | IBM Security Access Manager for Web could allow an unauthenticated user to gain access to sensitive information by entering invalid file names. | MEDIUM | Feb 7, 2017 | n/a |
CVE-2016-3024 | IBM Security Access Manager for Web allows web pages to be stored locally which can be read by another user on the system. | LOW | Feb 7, 2017 | n/a |
CVE-2016-3027 | IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. | MEDIUM | Feb 7, 2017 | n/a |
CVE-2016-3029 | IBM Security Access Manager for Web is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | MEDIUM | Feb 7, 2017 | n/a |
CVE-2016-3053 | IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. | HIGH | Feb 7, 2017 | n/a |
CVE-2016-3063 | Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified vectors. | MEDIUM | Feb 7, 2017 | n/a |
CVE-2016-3124 | The sanitycheck module in SimpleSAMLphp before 1.14.1 allows remote attackers to learn the PHP version on the system via unspecified vectors. | MEDIUM | Feb 7, 2017 | n/a |
CVE-2016-3176 | Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient. | MEDIUM | Feb 7, 2017 | n/a |
CVE-2016-3180 | Tor Browser Launcher (aka torbrowser-launcher) before 0.2.4, during the initial run, allows man-in-the-middle attackers to bypass the PGP signature verification and execute arbitrary code via a Trojan horse tar file and a signature file with the valid tarball and signature. | MEDIUM | Feb 7, 2017 | n/a |
CVE-2016-3183 | The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg2000 file. | MEDIUM | Feb 7, 2017 | n/a |
CVE-2016-3996 | ClipboardDataMgr in Samsung KNOX 1.0.0 and 2.3.0 does not properly check the caller, which allows local users to read KNOX clipboard data via a crafted application. | MEDIUM | Feb 7, 2017 | n/a |
CVE-2016-4341 | NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to obtain SMB share information via unspecified vectors. | MEDIUM | Feb 7, 2017 | n/a |
CVE-2016-4352 | Integer overflow in the demuxer function in libmpdemux/demux_gif.c in Mplayer allows remote attackers to cause a denial of service (crash) via large dimensions in a gif file. | MEDIUM | Feb 7, 2017 | n/a |
CVE-2016-4570 | The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file. | HIGH | Feb 7, 2017 | n/a |
CVE-2016-4571 | The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file. | HIGH | Feb 7, 2017 | n/a |
CVE-2016-4796 | Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file. | MEDIUM | Feb 7, 2017 | n/a |
CVE-2016-4797 | Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for CVE-2014-7947. | MEDIUM | Feb 7, 2017 | n/a |
CVE-2016-5102 | Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file. | MEDIUM | Feb 7, 2017 | n/a |
CVE-2016-5115 | The avcodec_decode_audio4 function in libavcodec in libavformat 57.34.103, as used in MPlayer, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mp3 file. | MEDIUM | Feb 7, 2017 | n/a |
CVE-2016-5241 | magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file. | MEDIUM | Feb 7, 2017 | n/a |
CVE-2016-5372 | Cross-site request forgery (CSRF) vulnerability in NetApp Snap Creator Framework before 4.3.0P1 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. | MEDIUM | Feb 7, 2017 | n/a |
CVE-2016-5711 | NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a non-unique certificate, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors. | MEDIUM | Feb 7, 2017 | n/a |
CVE-2016-5897 | IBM Jazz Reporting Service (JRS) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | LOW | Feb 7, 2017 | n/a |
CVE-2016-5898 | IBM Jazz Reporting Service (JRS) could allow a remote attacker to obtain sensitive information, caused by not restricting JSON serialization. By sending a direct request, an attacker could exploit this vulnerability to obtain sensitive information. | MEDIUM | Feb 7, 2017 | n/a |
CVE-2016-5899 | IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | LOW | Feb 7, 2017 | n/a |
CVE-2016-5958 | IBM Security Privileged Identity Manager could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. | MEDIUM | Feb 7, 2017 | n/a |
CVE-2016-5966 | IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | MEDIUM | Feb 7, 2017 | n/a |
CVE-2016-5988 | IBM Security Privileged Identity Manager Virtual Appliance could disclose sensitive information in generated error messages that would be available to an authenticated user. | MEDIUM | Feb 7, 2017 | n/a |
CVE-2016-5990 | IBM Security Privileged Identity Manager Virtual Appliance allows an authenticated user to upload malicious files that would be automatically executed by the server. | MEDIUM | Feb 7, 2017 | n/a |
CVE-2016-6028 | IBM Jazz technology based products might allow an attacker to view work item titles that they do not have privilege to view. | MEDIUM | Feb 7, 2017 | n/a |
CVE-2016-6030 | IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | LOW | Feb 7, 2017 | n/a |
CVE-2016-6039 | IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | LOW | Feb 7, 2017 | n/a |
CVE-2016-6047 | IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | LOW | Feb 7, 2017 | n/a |
CVE-2016-6054 | IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | LOW | Feb 7, 2017 | n/a |