CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1001 CVE-2016-9087 89 Exec Code Sql 2017-03-07 2017-04-04
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the fileid parameter.
1002 CVE-2016-9020 89 Exec Code Sql 2017-03-07 2017-04-04
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter.
1003 CVE-2016-9019 89 Exec Code Sql 2017-03-07 2017-04-01
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the is_what parameter.
1004 CVE-2016-9011 119 DoS Overflow 2017-03-23 2017-03-27
4.3
None Remote Medium Not required None None Partial
The wmf_malloc function in api.c in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (application crash) via a crafted wmf file, which triggers a memory allocation failure.
1005 CVE-2016-9006 79 XSS 2017-03-08 2017-03-14
3.5
None Remote Medium ??? None Partial None
IBM UrbanCode Deploy 6.1 and 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: C1000264.
1006 CVE-2016-8973 434 2017-03-20 2017-03-23
4.0
None Remote Low ??? None Partial None
IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an authenticated user to upload infected malicious files to the server. IBM Reference #: 1999960.
1007 CVE-2016-8971 119 Overflow 2017-03-07 2017-03-09
6.8
None Remote Low ??? None None Complete
IBM WebSphere MQ 8.0 could allow an authenticated user with queue manager permissions to cause a segmentation fault which would result in the box having to be rebooted to resume normal operations. IBM Reference #: 1998663.
1008 CVE-2016-8960 264 2017-03-27 2017-03-29
6.5
None Remote Low ??? Partial Partial Partial
IBM Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to adopt the Capabilities of a higher-privilege user by intercepting the higher-privilege user's cookie value from its HTTP request and then reusing it in subsequent requests. IBM Reference #: 1993718.
1009 CVE-2016-8940 200 +Info 2017-03-07 2017-03-14
4.0
None Remote Low ??? Partial None None
IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946.
1010 CVE-2016-8935 79 XSS 2017-03-31 2017-04-04
3.5
None Remote Medium ??? None Partial None
IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999483.
1011 CVE-2016-8917 352 CSRF 2017-03-31 2017-04-04
6.8
None Remote Medium Not required Partial Partial Partial
IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 2000943.
1012 CVE-2016-8887 476 DoS 2017-03-23 2018-06-29
4.3
None Remote Medium Not required None None Partial
The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).
1013 CVE-2016-8886 119 Overflow 2017-03-23 2017-03-27
6.8
None Remote Medium Not required Partial Partial Partial
The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure.
1014 CVE-2016-8885 476 DoS 2017-03-23 2018-01-05
4.3
None Remote Medium Not required None None Partial
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image.
1015 CVE-2016-8884 476 DoS 2017-03-28 2018-01-05
4.3
None Remote Medium Not required None None Partial
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690.
1016 CVE-2016-8863 119 DoS Exec Code Overflow 2017-03-07 2017-11-03
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a valid URI followed by an invalid one in the CALLBACK header of an SUBSCRIBE request.
1017 CVE-2016-8855 79 XSS 2017-03-19 2017-03-21
4.3
None Remote Medium Not required None Partial None
Cross-Site Scripting (XSS) in "/sitecore/client/Applications/List Manager/Taskpages/Contact list" in Sitecore Experience Platform 8.1 rev. 160519 (8.1 Update-3) allows remote attacks via the Name or Description parameter. This is fixed in 8.2 Update-2.
1018 CVE-2016-8749 502 Exec Code 2017-03-28 2019-05-24
7.5
None Remote Low Not required Partial Partial Partial
Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks.
1019 CVE-2016-8747 200 +Info 2017-03-14 2019-04-15
5.0
None Remote Low Not required Partial None None
An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations. Http11InputBuffer.java allows remote attackers to read data that was intended to be associated with a different request.
1020 CVE-2016-8714 119 Overflow Mem. Corr. 2017-03-10 2022-04-19
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malicious R script to trigger this vulnerability.
1021 CVE-2016-8508 254 2017-03-01 2020-07-10
4.3
None Remote Medium Not required None Partial None
Yandex Browser for desktop before 17.1.1.227 does not show Protect (similar to Safebrowsing in Chromium) warnings in web-sites with special content-type, which could be used by remote attacker for prevention Protect warning on own malicious web-site.
1022 CVE-2016-8507 200 +Info 2017-03-01 2020-07-09
4.3
None Remote Medium Not required Partial None None
Yandex Browser for iOS before 16.10.0.2357 does not properly restrict processing of facetime:// URLs, which allows remote attackers to initiate facetime-call without user's approval and obtain video and audio data from a device via a crafted web site.
1023 CVE-2016-8483 200 +Info 2017-03-08 2017-07-17
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in the Qualcomm power driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-33745862. References: QC-CR#1035099.
1024 CVE-2016-8479 264 Exec Code 2017-03-08 2017-07-17
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31824853. References: QC-CR#1093687.
1025 CVE-2016-8478 200 +Info 2017-03-08 2017-07-17
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32511270. References: QC-CR#1088206.
1026 CVE-2016-8477 200 +Info 2017-03-08 2017-07-17
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32720522. References: QC-CR#1090007.
1027 CVE-2016-8417 264 Exec Code 2017-03-08 2017-07-17
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32342399. References: QC-CR#1088824.
1028 CVE-2016-8416 200 +Info 2017-03-08 2017-07-17
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32510746. References: QC-CR#1088206.
1029 CVE-2016-8413 200 +Info 2017-03-08 2017-07-17
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32709702. References: QC-CR#518731.
1030 CVE-2016-8236 284 2017-03-03 2017-03-09
5.0
None Remote Low Not required None Partial None
Reset to default settings may occur in Lenovo ThinkServer TSM RD350, RD450, RD550, RD650, TD350 during a prolonged broadcast storm in TSM versions earlier than 3.77.
1031 CVE-2016-8233 532 2017-03-01 2017-03-03
5.0
None Remote Low Not required Partial None None
Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user.
1032 CVE-2016-8232 79 XSS 2017-03-01 2017-03-15
4.3
None Remote Medium Not required None Partial None
Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM's IP address to send a crafted URL that could inject a malicious script to access a user's AMM data such as cookies or other session information.
1033 CVE-2016-8032 284 Bypass 2017-03-31 2017-07-12
4.4
None Local Medium Not required Partial Partial Partial
Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local attackers to bypass local security protection via a crafted input file.
1034 CVE-2016-8031 264 Bypass 2017-03-28 2021-05-21
4.4
None Local Medium Not required Partial Partial Partial
Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local users to bypass local security protection via a crafted input file.
1035 CVE-2016-8027 89 Sql 2017-03-14 2019-03-07
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without authentication via a specially crafted HTTP post.
1036 CVE-2016-8026 264 Exec Code +Priv 2017-03-14 2017-05-02
4.6
None Local Low Not required Partial Partial Partial
Arbitrary command execution vulnerability in Intel Security McAfee Security Scan Plus (SSP) 3.11.469 and earlier allows authenticated users to gain elevated privileges via unspecified vectors.
1037 CVE-2016-8025 89 Sql +Info 2017-03-14 2017-09-03
6.0
None Remote Medium ??? Partial Partial Partial
SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request parameter.
1038 CVE-2016-8024 113 +Info 2017-03-14 2017-09-03
6.8
None Remote Medium Not required Partial Partial Partial
Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to obtain sensitive information via the server HTTP response spoofing.
1039 CVE-2016-8023 287 Bypass 2017-03-14 2017-09-03
6.8
None Remote Medium Not required Partial Partial Partial
Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to bypass server authentication via a crafted authentication cookie.
1040 CVE-2016-8022 287 DoS Exec Code Bypass 2017-03-14 2017-09-03
5.1
None Remote High Not required Partial Partial Partial
Authentication bypass by spoofing vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to execute arbitrary code or cause a denial of service via a crafted authentication cookie.
1041 CVE-2016-8021 347 Exec Code 2017-03-14 2017-09-03
3.5
None Remote Medium ??? None Partial None
Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to spoof update server and execute arbitrary code via a crafted input file.
1042 CVE-2016-8020 94 Exec Code 2017-03-14 2017-09-03
6.0
None Remote Medium ??? Partial Partial Partial
Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted HTTP request parameter.
1043 CVE-2016-8019 79 XSS 2017-03-14 2017-09-03
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in attributes in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows unauthenticated remote attackers to inject arbitrary web script or HTML via a crafted user input.
1044 CVE-2016-8018 352 Exec Code CSRF 2017-03-14 2017-09-03
6.0
None Remote Medium ??? Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to execute unauthorized commands via a crafted user input.
1045 CVE-2016-8017 20 2017-03-14 2017-09-03
4.0
None Remote Low ??? Partial None None
Special element injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to read files on the webserver via a crafted user input.
1046 CVE-2016-8016 200 +Info 2017-03-14 2017-09-03
3.5
None Remote Medium ??? Partial None None
Information exposure in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to obtain the existence of unauthorized files on the system via a URL parameter.
1047 CVE-2016-8012 264 2017-03-14 2019-03-07
4.6
None Local Low Not required Partial Partial Partial
Access control vulnerability in Intel Security Data Loss Prevention Endpoint (DLPe) 9.4.200 and 9.3.600 allows authenticated users with Read-Write-Execute permissions to inject hook DLLs into other processes via pages in the target process memory get.
1048 CVE-2016-8011 79 XSS 2017-03-14 2017-03-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting vulnerability in Intel Security McAfee Endpoint Security (ENS) Web Control before 10.2.0.408.10 allows attackers to inject arbitrary web script or HTML via a crafted web site.
1049 CVE-2016-8010 284 Bypass 2017-03-14 2017-03-30
4.6
None Local Low Not required Partial Partial Partial
Application protections bypass vulnerability in Intel Security McAfee Application Control (MAC) 7.0 and earlier and Endpoint Security (ENS) 10.2 and earlier allows local users to bypass local security protection via a command-line utility.
1050 CVE-2016-8009 264 Exec Code 2017-03-14 2017-03-27
4.6
None Local Low Not required Partial Partial Partial
Privilege escalation vulnerability in Intel Security McAfee Application Control (MAC) 7.0 and 6.x versions allows attackers to cause DoS, unexpected behavior, or potentially unauthorized code execution via an unauthorized use of IOCTL call.
Total number of vulnerabilities : 1305   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 (This Page)22 23 24 25 26 27
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.