| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1101 |
CVE-2016-6243 |
20 |
|
DoS |
2017-03-07 |
2017-03-09 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
thrsleep in kern/kern_synch.c in OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (kernel panic) via a crafted value in the tsp parameter of the __thrsleep system call. |
|
1102 |
CVE-2016-6242 |
189 |
|
DoS |
2017-03-07 |
2017-03-09 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (assertion failure and kernel panic) via a large ident value in a kevent system call. |
|
1103 |
CVE-2016-6241 |
190 |
|
Exec Code Overflow |
2017-03-07 |
2017-09-01 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the amap_alloc1 function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value. |
|
1104 |
CVE-2016-6240 |
189 |
|
Exec Code |
2017-03-07 |
2017-09-01 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer truncation error in the amap_alloc function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value. |
|
1105 |
CVE-2016-6239 |
20 |
|
DoS |
2017-03-07 |
2017-09-01 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The mmap extension __MAP_NOFAULT in OpenBSD 5.8 and 5.9 allows attackers to cause a denial of service (kernel panic and crash) via a large size value. |
|
1106 |
CVE-2016-6225 |
326 |
|
+Info |
2017-03-23 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394. |
|
1107 |
CVE-2016-6209 |
79 |
|
XSS |
2017-03-31 |
2017-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Nagios. |
|
1108 |
CVE-2016-6206 |
20 |
|
DoS Exec Code |
2017-03-24 |
2017-03-27 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Huawei AR3200 routers with software before V200R007C00SPC600 allow remote attackers to cause a denial of service or execute arbitrary code via a crafted packet. |
|
1109 |
CVE-2016-6111 |
611 |
|
DoS |
2017-03-31 |
2017-04-04 |
8.5 |
None |
Remote |
Low |
Not required |
Partial |
None |
Complete |
|
IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000833. |
|
1110 |
CVE-2016-6102 |
200 |
|
+Info |
2017-03-27 |
2017-07-12 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM Reference #: 2000359. |
|
1111 |
CVE-2016-6056 |
79 |
|
XSS |
2017-03-27 |
2017-03-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Call Center for Commerce 9.3 and 9.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000442. |
|
1112 |
CVE-2016-6036 |
79 |
|
XSS |
2017-03-31 |
2017-04-04 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Rational Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000784. |
|
1113 |
CVE-2016-6031 |
79 |
|
XSS |
2017-03-31 |
2017-04-04 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Rational Quality Manager 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000784. |
|
1114 |
CVE-2016-6022 |
79 |
|
XSS |
2017-03-31 |
2017-04-04 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000784. |
|
1115 |
CVE-2016-5933 |
254 |
|
Bypass |
2017-03-08 |
2017-03-09 |
4.9 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
None |
|
IBM Tivoli Monitoring 6.2 and 6.3 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM Reference #: 1997223. |
|
1116 |
CVE-2016-5932 |
79 |
|
XSS |
2017-03-01 |
2017-03-03 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998294. |
|
1117 |
CVE-2016-5894 |
200 |
|
+Info |
2017-03-08 |
2019-09-30 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 is vulnerable to information disclosure vulnerability. A local user could view a plain text password in a Unix console. IBM Reference #: 1997408. |
|
1118 |
CVE-2016-5857 |
264 |
|
Exec Code |
2017-03-20 |
2017-05-11 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Qualcomm SPCom driver in Android before 7.0 allows local users to execute arbitrary code within the context of the kernel via a crafted application, aka Android internal bug 34386529 and Qualcomm internal bug CR#1094140. |
|
1119 |
CVE-2016-5758 |
352 |
|
CSRF |
2017-03-23 |
2019-04-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be circumvented by repeated uploads causing a high load. |
|
1120 |
CVE-2016-5757 |
200 |
|
+Info |
2017-03-23 |
2017-03-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication credentials. |
|
1121 |
CVE-2016-5756 |
79 |
|
XSS |
2017-03-23 |
2017-03-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple components of the web tools in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 were vulnerable to Reflected Cross Site Scripting attacks which could be used to hijack user sessions: nps/servlet/frameservice, nps/servlet/webacc, roma/admin/cntl, roma/jsp/admin/appliance/devicedetail_edit.jsp, roma/jsp/admin/managementip/mgmt_ip_details_frameset.jsp, roma/jsp/admin/managementip/mgmt_ip_details_middleframe.jsp, roma/jsp/volsc/monitoring/appliance.jsp, and roma/jsp/volsc/monitoring/graph.jsp. |
|
1122 |
CVE-2016-5755 |
20 |
|
|
2017-03-23 |
2017-03-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to clickjacking attacks due to a missing SAMEORIGIN filter in the "high encryption" setting. |
|
1123 |
CVE-2016-5754 |
200 |
|
+Info |
2017-03-23 |
2017-03-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Presence of a .htaccess file could leak information in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before SP2. |
|
1124 |
CVE-2016-5752 |
200 |
|
+Info |
2017-03-23 |
2017-03-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The SAML2 implementation in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 was handling unsigned SAML requests incorrectly, leaking results to a potentially malicious "Assertion Consumer Service URL" instead of the original requester. |
|
1125 |
CVE-2016-5751 |
79 |
|
XSS |
2017-03-23 |
2017-03-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 could be used to trigger XSS and leak authentication credentials. |
|
1126 |
CVE-2016-5750 |
284 |
|
Exec Code |
2017-03-23 |
2017-03-24 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allowing code execution by logged-in remote users. |
|
1127 |
CVE-2016-5749 |
611 |
|
|
2017-03-23 |
2017-03-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML requests with external entity resolution enabled, which could lead to local file disclosure via an XML External Entity (XXE) attack. |
|
1128 |
CVE-2016-5748 |
611 |
|
|
2017-03-23 |
2017-03-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to disclose the content of local files to logged-in users. |
|
1129 |
CVE-2016-5747 |
284 |
|
Bypass |
2017-03-23 |
2017-03-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging predictable cookies. |
|
1130 |
CVE-2016-5374 |
264 |
|
Bypass |
2017-03-01 |
2017-03-14 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the owner_rights ACL entry. |
|
1131 |
CVE-2016-5315 |
125 |
|
DoS |
2017-03-07 |
2017-03-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image. |
|
1132 |
CVE-2016-5239 |
284 |
|
Exec Code |
2017-03-15 |
2018-08-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors. |
|
1133 |
CVE-2016-4976 |
200 |
|
+Info |
2017-03-29 |
2017-04-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Apache Ambari 2.x before 2.4.0 includes KDC administrator passwords on the kadmin command line, which allows local users to obtain sensitive information via a process listing. |
|
1134 |
CVE-2016-4950 |
200 |
|
+Info |
2017-03-07 |
2017-03-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cloudera Manager 5.5 and earlier allows remote attackers to enumerate user sessions via a request to /api/v11/users/sessions. |
|
1135 |
CVE-2016-4949 |
200 |
|
+Info |
2017-03-07 |
2017-03-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cloudera Manager 5.5 and earlier allows remote attackers to obtain sensitive information via a (1) stderr.log or (2) stdout.log value in the filename parameter to /cmf/process/<process_id>/logs. |
|
1136 |
CVE-2016-4948 |
79 |
|
XSS |
2017-03-07 |
2017-03-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Cloudera Manager 5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Template Name field when renaming a template; (2) KDC Server host, (3) Kerberos Security Realm, (4) Kerberos Encryption Types, (5) Advanced Configuration Snippet (Safety Valve) for [libdefaults] section of krb5.conf, (6) Advanced Configuration Snippet (Safety Valve) for the Default Realm in krb5.conf, (7) Advanced Configuration Snippet (Safety Valve) for remaining krb5.conf, or (8) Active Directory Account Prefix fields in the Kerberos wizard; or (9) classicWizard parameter to cmf/cloudera-director/redirect. |
|
1137 |
CVE-2016-4947 |
200 |
|
+Info |
2017-03-07 |
2017-03-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cloudera HUE 3.9.0 and earlier allows remote attackers to enumerate user accounts via a request to desktop/api/users/autocomplete. |
|
1138 |
CVE-2016-4946 |
79 |
|
XSS |
2017-03-07 |
2017-03-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Cloudera HUE 3.9.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name or (2) Last name field in the HUE Users page. |
|
1139 |
CVE-2016-4931 |
611 |
|
DoS |
2017-03-20 |
2017-03-22 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
XML entity injection in Junos Space before 15.2R2 allows attackers to cause a denial of service. |
|
1140 |
CVE-2016-4930 |
79 |
|
XSS |
2017-03-20 |
2017-03-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Junos Space before 15.2R2 allows remote attackers to steal sensitive information or perform certain administrative actions. |
|
1141 |
CVE-2016-4929 |
77 |
|
Exec Code |
2017-03-20 |
2017-03-22 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code as a root user. |
|
1142 |
CVE-2016-4928 |
352 |
|
CSRF |
2017-03-20 |
2017-03-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross site request forgery vulnerability in Junos Space before 15.2R2 allows remote attackers to perform certain administrative actions on Junos Space. |
|
1143 |
CVE-2016-4927 |
20 |
|
|
2017-03-20 |
2017-03-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle (MITM) type of attacks while a Space device is communicating with managed devices. |
|
1144 |
CVE-2016-4926 |
287 |
|
|
2017-03-20 |
2017-03-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Insufficient authentication vulnerability in Junos Space before 15.2R2 allows remote network based users with access to Junos Space web interface to perform certain administrative tasks without authentication. |
|
1145 |
CVE-2016-4912 |
476 |
|
DoS |
2017-03-27 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a large number of crafted packets, which triggers a memory allocation failure. |
|
1146 |
CVE-2016-4504 |
352 |
|
CSRF |
2017-03-21 |
2017-03-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per function. |
|
1147 |
CVE-2016-3179 |
416 |
|
DoS |
2017-03-24 |
2021-04-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a denial of service (invalid free and daemon crash) via vectors related to error handling. |
|
1148 |
CVE-2016-3178 |
125 |
|
DoS |
2017-03-24 |
2021-04-23 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a denial of service (out-of-bounds memory access and daemon crash) via vectors involving a negative length value. |
|
1149 |
CVE-2016-3127 |
200 |
|
+Info |
2017-03-03 |
2017-03-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the logging implementation of BlackBerry Good Control Server versions earlier than 2.3.53.62 allows remote attackers to gain and use logged encryption keys to access certain resources within a customer's Good deployment by gaining access to certain diagnostic log files through either a valid logon or an unrelated compromise of the server. |
|
1150 |
CVE-2016-2981 |
200 |
|
+Info |
2017-03-20 |
2017-03-23 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An undisclosed vulnerability in the CLM applications in IBM Jazz Team Server may allow unauthorized access to user credentials. IBM Reference #: 1999965. |
