| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1001 |
CVE-2016-9087 |
89 |
|
Exec Code Sql |
2017-03-07 |
2017-04-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the fileid parameter. |
|
1002 |
CVE-2016-9020 |
89 |
|
Exec Code Sql |
2017-03-07 |
2017-04-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter. |
|
1003 |
CVE-2016-9019 |
89 |
|
Exec Code Sql |
2017-03-07 |
2017-04-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the is_what parameter. |
|
1004 |
CVE-2016-9011 |
119 |
|
DoS Overflow |
2017-03-23 |
2017-03-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The wmf_malloc function in api.c in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (application crash) via a crafted wmf file, which triggers a memory allocation failure. |
|
1005 |
CVE-2016-9006 |
79 |
|
XSS |
2017-03-08 |
2017-03-14 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM UrbanCode Deploy 6.1 and 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: C1000264. |
|
1006 |
CVE-2016-8973 |
434 |
|
|
2017-03-20 |
2017-03-23 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an authenticated user to upload infected malicious files to the server. IBM Reference #: 1999960. |
|
1007 |
CVE-2016-8971 |
119 |
|
Overflow |
2017-03-07 |
2017-03-09 |
6.8 |
None |
Remote |
Low |
??? |
None |
None |
Complete |
|
IBM WebSphere MQ 8.0 could allow an authenticated user with queue manager permissions to cause a segmentation fault which would result in the box having to be rebooted to resume normal operations. IBM Reference #: 1998663. |
|
1008 |
CVE-2016-8960 |
264 |
|
|
2017-03-27 |
2017-03-29 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
IBM Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to adopt the Capabilities of a higher-privilege user by intercepting the higher-privilege user's cookie value from its HTTP request and then reusing it in subsequent requests. IBM Reference #: 1993718. |
|
1009 |
CVE-2016-8940 |
200 |
|
+Info |
2017-03-07 |
2017-03-14 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946. |
|
1010 |
CVE-2016-8935 |
79 |
|
XSS |
2017-03-31 |
2017-04-04 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999483. |
|
1011 |
CVE-2016-8917 |
352 |
|
CSRF |
2017-03-31 |
2017-04-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 2000943. |
|
1012 |
CVE-2016-8887 |
476 |
|
DoS |
2017-03-23 |
2018-06-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference). |
|
1013 |
CVE-2016-8886 |
119 |
|
Overflow |
2017-03-23 |
2017-03-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure. |
|
1014 |
CVE-2016-8885 |
476 |
|
DoS |
2017-03-23 |
2018-01-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. |
|
1015 |
CVE-2016-8884 |
476 |
|
DoS |
2017-03-28 |
2018-01-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690. |
|
1016 |
CVE-2016-8863 |
119 |
|
DoS Exec Code Overflow |
2017-03-07 |
2017-11-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a valid URI followed by an invalid one in the CALLBACK header of an SUBSCRIBE request. |
|
1017 |
CVE-2016-8855 |
79 |
|
XSS |
2017-03-19 |
2017-03-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-Site Scripting (XSS) in "/sitecore/client/Applications/List Manager/Taskpages/Contact list" in Sitecore Experience Platform 8.1 rev. 160519 (8.1 Update-3) allows remote attacks via the Name or Description parameter. This is fixed in 8.2 Update-2. |
|
1018 |
CVE-2016-8749 |
502 |
|
Exec Code |
2017-03-28 |
2019-05-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks. |
|
1019 |
CVE-2016-8747 |
200 |
|
+Info |
2017-03-14 |
2019-04-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations. Http11InputBuffer.java allows remote attackers to read data that was intended to be associated with a different request. |
|
1020 |
CVE-2016-8714 |
119 |
|
Overflow Mem. Corr. |
2017-03-10 |
2022-04-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malicious R script to trigger this vulnerability. |
|
1021 |
CVE-2016-8508 |
254 |
|
|
2017-03-01 |
2020-07-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Yandex Browser for desktop before 17.1.1.227 does not show Protect (similar to Safebrowsing in Chromium) warnings in web-sites with special content-type, which could be used by remote attacker for prevention Protect warning on own malicious web-site. |
|
1022 |
CVE-2016-8507 |
200 |
|
+Info |
2017-03-01 |
2020-07-09 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Yandex Browser for iOS before 16.10.0.2357 does not properly restrict processing of facetime:// URLs, which allows remote attackers to initiate facetime-call without user's approval and obtain video and audio data from a device via a crafted web site. |
|
1023 |
CVE-2016-8483 |
200 |
|
+Info |
2017-03-08 |
2017-07-17 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Qualcomm power driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-33745862. References: QC-CR#1035099. |
|
1024 |
CVE-2016-8479 |
264 |
|
Exec Code |
2017-03-08 |
2017-07-17 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31824853. References: QC-CR#1093687. |
|
1025 |
CVE-2016-8478 |
200 |
|
+Info |
2017-03-08 |
2017-07-17 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32511270. References: QC-CR#1088206. |
|
1026 |
CVE-2016-8477 |
200 |
|
+Info |
2017-03-08 |
2017-07-17 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32720522. References: QC-CR#1090007. |
|
1027 |
CVE-2016-8417 |
264 |
|
Exec Code |
2017-03-08 |
2017-07-17 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32342399. References: QC-CR#1088824. |
|
1028 |
CVE-2016-8416 |
200 |
|
+Info |
2017-03-08 |
2017-07-17 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32510746. References: QC-CR#1088206. |
|
1029 |
CVE-2016-8413 |
200 |
|
+Info |
2017-03-08 |
2017-07-17 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32709702. References: QC-CR#518731. |
|
1030 |
CVE-2016-8236 |
284 |
|
|
2017-03-03 |
2017-03-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Reset to default settings may occur in Lenovo ThinkServer TSM RD350, RD450, RD550, RD650, TD350 during a prolonged broadcast storm in TSM versions earlier than 3.77. |
|
1031 |
CVE-2016-8233 |
532 |
|
|
2017-03-01 |
2017-03-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user. |
|
1032 |
CVE-2016-8232 |
79 |
|
XSS |
2017-03-01 |
2017-03-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM's IP address to send a crafted URL that could inject a malicious script to access a user's AMM data such as cookies or other session information. |
|
1033 |
CVE-2016-8032 |
284 |
|
Bypass |
2017-03-31 |
2017-07-12 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local attackers to bypass local security protection via a crafted input file. |
|
1034 |
CVE-2016-8031 |
264 |
|
Bypass |
2017-03-28 |
2021-05-21 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local users to bypass local security protection via a crafted input file. |
|
1035 |
CVE-2016-8027 |
89 |
|
Sql |
2017-03-14 |
2019-03-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without authentication via a specially crafted HTTP post. |
|
1036 |
CVE-2016-8026 |
264 |
|
Exec Code +Priv |
2017-03-14 |
2017-05-02 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Arbitrary command execution vulnerability in Intel Security McAfee Security Scan Plus (SSP) 3.11.469 and earlier allows authenticated users to gain elevated privileges via unspecified vectors. |
|
1037 |
CVE-2016-8025 |
89 |
|
Sql +Info |
2017-03-14 |
2017-09-03 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request parameter. |
|
1038 |
CVE-2016-8024 |
113 |
|
+Info |
2017-03-14 |
2017-09-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to obtain sensitive information via the server HTTP response spoofing. |
|
1039 |
CVE-2016-8023 |
287 |
|
Bypass |
2017-03-14 |
2017-09-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to bypass server authentication via a crafted authentication cookie. |
|
1040 |
CVE-2016-8022 |
287 |
|
DoS Exec Code Bypass |
2017-03-14 |
2017-09-03 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Authentication bypass by spoofing vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to execute arbitrary code or cause a denial of service via a crafted authentication cookie. |
|
1041 |
CVE-2016-8021 |
347 |
|
Exec Code |
2017-03-14 |
2017-09-03 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to spoof update server and execute arbitrary code via a crafted input file. |
|
1042 |
CVE-2016-8020 |
94 |
|
Exec Code |
2017-03-14 |
2017-09-03 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted HTTP request parameter. |
|
1043 |
CVE-2016-8019 |
79 |
|
XSS |
2017-03-14 |
2017-09-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in attributes in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows unauthenticated remote attackers to inject arbitrary web script or HTML via a crafted user input. |
|
1044 |
CVE-2016-8018 |
352 |
|
Exec Code CSRF |
2017-03-14 |
2017-09-03 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to execute unauthorized commands via a crafted user input. |
|
1045 |
CVE-2016-8017 |
20 |
|
|
2017-03-14 |
2017-09-03 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Special element injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to read files on the webserver via a crafted user input. |
|
1046 |
CVE-2016-8016 |
200 |
|
+Info |
2017-03-14 |
2017-09-03 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
Information exposure in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to obtain the existence of unauthorized files on the system via a URL parameter. |
|
1047 |
CVE-2016-8012 |
264 |
|
|
2017-03-14 |
2019-03-07 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Access control vulnerability in Intel Security Data Loss Prevention Endpoint (DLPe) 9.4.200 and 9.3.600 allows authenticated users with Read-Write-Execute permissions to inject hook DLLs into other processes via pages in the target process memory get. |
|
1048 |
CVE-2016-8011 |
79 |
|
XSS |
2017-03-14 |
2017-03-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting vulnerability in Intel Security McAfee Endpoint Security (ENS) Web Control before 10.2.0.408.10 allows attackers to inject arbitrary web script or HTML via a crafted web site. |
|
1049 |
CVE-2016-8010 |
284 |
|
Bypass |
2017-03-14 |
2017-03-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Application protections bypass vulnerability in Intel Security McAfee Application Control (MAC) 7.0 and earlier and Endpoint Security (ENS) 10.2 and earlier allows local users to bypass local security protection via a command-line utility. |
|
1050 |
CVE-2016-8009 |
264 |
|
Exec Code |
2017-03-14 |
2017-03-27 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Privilege escalation vulnerability in Intel Security McAfee Application Control (MAC) 7.0 and 6.x versions allows attackers to cause DoS, unexpected behavior, or potentially unauthorized code execution via an unauthorized use of IOCTL call. |
