CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1101 CVE-2016-6243 20 DoS 2017-03-07 2017-03-09
4.9
None Local Low Not required None None Complete
thrsleep in kern/kern_synch.c in OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (kernel panic) via a crafted value in the tsp parameter of the __thrsleep system call.
1102 CVE-2016-6242 189 DoS 2017-03-07 2017-03-09
4.9
None Local Low Not required None None Complete
OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (assertion failure and kernel panic) via a large ident value in a kevent system call.
1103 CVE-2016-6241 190 Exec Code Overflow 2017-03-07 2017-09-01
7.2
None Local Low Not required Complete Complete Complete
Integer overflow in the amap_alloc1 function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value.
1104 CVE-2016-6240 189 Exec Code 2017-03-07 2017-09-01
7.2
None Local Low Not required Complete Complete Complete
Integer truncation error in the amap_alloc function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value.
1105 CVE-2016-6239 20 DoS 2017-03-07 2017-09-01
4.9
None Local Low Not required None None Complete
The mmap extension __MAP_NOFAULT in OpenBSD 5.8 and 5.9 allows attackers to cause a denial of service (kernel panic and crash) via a large size value.
1106 CVE-2016-6225 326 +Info 2017-03-23 2018-10-30
4.3
None Remote Medium Not required Partial None None
xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394.
1107 CVE-2016-6209 79 XSS 2017-03-31 2017-04-04
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Nagios.
1108 CVE-2016-6206 20 DoS Exec Code 2017-03-24 2017-03-27
10.0
None Remote Low Not required Complete Complete Complete
Huawei AR3200 routers with software before V200R007C00SPC600 allow remote attackers to cause a denial of service or execute arbitrary code via a crafted packet.
1109 CVE-2016-6111 611 DoS 2017-03-31 2017-04-04
8.5
None Remote Low Not required Partial None Complete
IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000833.
1110 CVE-2016-6102 200 +Info 2017-03-27 2017-07-12
4.3
None Remote Medium Not required Partial None None
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM Reference #: 2000359.
1111 CVE-2016-6056 79 XSS 2017-03-27 2017-03-29
3.5
None Remote Medium ??? None Partial None
IBM Call Center for Commerce 9.3 and 9.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000442.
1112 CVE-2016-6036 79 XSS 2017-03-31 2017-04-04
3.5
None Remote Medium ??? None Partial None
IBM Rational Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000784.
1113 CVE-2016-6031 79 XSS 2017-03-31 2017-04-04
3.5
None Remote Medium ??? None Partial None
IBM Rational Quality Manager 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000784.
1114 CVE-2016-6022 79 XSS 2017-03-31 2017-04-04
3.5
None Remote Medium ??? None Partial None
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000784.
1115 CVE-2016-5933 254 Bypass 2017-03-08 2017-03-09
4.9
None Remote Medium ??? Partial Partial None
IBM Tivoli Monitoring 6.2 and 6.3 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM Reference #: 1997223.
1116 CVE-2016-5932 79 XSS 2017-03-01 2017-03-03
3.5
None Remote Medium ??? None Partial None
IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998294.
1117 CVE-2016-5894 200 +Info 2017-03-08 2019-09-30
1.9
None Local Medium Not required Partial None None
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 is vulnerable to information disclosure vulnerability. A local user could view a plain text password in a Unix console. IBM Reference #: 1997408.
1118 CVE-2016-5857 264 Exec Code 2017-03-20 2017-05-11
6.9
None Local Medium Not required Complete Complete Complete
The Qualcomm SPCom driver in Android before 7.0 allows local users to execute arbitrary code within the context of the kernel via a crafted application, aka Android internal bug 34386529 and Qualcomm internal bug CR#1094140.
1119 CVE-2016-5758 352 CSRF 2017-03-23 2019-04-23
6.8
None Remote Medium Not required Partial Partial Partial
A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be circumvented by repeated uploads causing a high load.
1120 CVE-2016-5757 200 +Info 2017-03-23 2017-03-24
7.5
None Remote Low Not required Partial Partial Partial
iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication credentials.
1121 CVE-2016-5756 79 XSS 2017-03-23 2017-03-24
4.3
None Remote Medium Not required None Partial None
Multiple components of the web tools in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 were vulnerable to Reflected Cross Site Scripting attacks which could be used to hijack user sessions: nps/servlet/frameservice, nps/servlet/webacc, roma/admin/cntl, roma/jsp/admin/appliance/devicedetail_edit.jsp, roma/jsp/admin/managementip/mgmt_ip_details_frameset.jsp, roma/jsp/admin/managementip/mgmt_ip_details_middleframe.jsp, roma/jsp/volsc/monitoring/appliance.jsp, and roma/jsp/volsc/monitoring/graph.jsp.
1122 CVE-2016-5755 20 2017-03-23 2017-03-24
4.3
None Remote Medium Not required None Partial None
NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to clickjacking attacks due to a missing SAMEORIGIN filter in the "high encryption" setting.
1123 CVE-2016-5754 200 +Info 2017-03-23 2017-03-24
5.0
None Remote Low Not required Partial None None
Presence of a .htaccess file could leak information in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before SP2.
1124 CVE-2016-5752 200 +Info 2017-03-23 2017-03-24
5.0
None Remote Low Not required Partial None None
The SAML2 implementation in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 was handling unsigned SAML requests incorrectly, leaking results to a potentially malicious "Assertion Consumer Service URL" instead of the original requester.
1125 CVE-2016-5751 79 XSS 2017-03-23 2017-03-24
4.3
None Remote Medium Not required None Partial None
An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 could be used to trigger XSS and leak authentication credentials.
1126 CVE-2016-5750 284 Exec Code 2017-03-23 2017-03-24
6.5
None Remote Low ??? Partial Partial Partial
The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allowing code execution by logged-in remote users.
1127 CVE-2016-5749 611 2017-03-23 2017-03-24
2.1
None Local Low Not required Partial None None
NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML requests with external entity resolution enabled, which could lead to local file disclosure via an XML External Entity (XXE) attack.
1128 CVE-2016-5748 611 2017-03-23 2017-03-24
2.1
None Local Low Not required Partial None None
External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to disclose the content of local files to logged-in users.
1129 CVE-2016-5747 284 Bypass 2017-03-23 2017-03-27
5.0
None Remote Low Not required Partial None None
A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging predictable cookies.
1130 CVE-2016-5374 264 Bypass 2017-03-01 2017-03-14
6.5
None Remote Low ??? Partial Partial Partial
NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the owner_rights ACL entry.
1131 CVE-2016-5315 125 DoS 2017-03-07 2017-03-08
4.3
None Remote Medium Not required None None Partial
The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.
1132 CVE-2016-5239 284 Exec Code 2017-03-15 2018-08-04
7.5
None Remote Low Not required Partial Partial Partial
The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors.
1133 CVE-2016-4976 200 +Info 2017-03-29 2017-04-03
2.1
None Local Low Not required Partial None None
Apache Ambari 2.x before 2.4.0 includes KDC administrator passwords on the kadmin command line, which allows local users to obtain sensitive information via a process listing.
1134 CVE-2016-4950 200 +Info 2017-03-07 2017-03-09
5.0
None Remote Low Not required Partial None None
Cloudera Manager 5.5 and earlier allows remote attackers to enumerate user sessions via a request to /api/v11/users/sessions.
1135 CVE-2016-4949 200 +Info 2017-03-07 2017-03-09
5.0
None Remote Low Not required Partial None None
Cloudera Manager 5.5 and earlier allows remote attackers to obtain sensitive information via a (1) stderr.log or (2) stdout.log value in the filename parameter to /cmf/process/<process_id>/logs.
1136 CVE-2016-4948 79 XSS 2017-03-07 2017-03-09
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Cloudera Manager 5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Template Name field when renaming a template; (2) KDC Server host, (3) Kerberos Security Realm, (4) Kerberos Encryption Types, (5) Advanced Configuration Snippet (Safety Valve) for [libdefaults] section of krb5.conf, (6) Advanced Configuration Snippet (Safety Valve) for the Default Realm in krb5.conf, (7) Advanced Configuration Snippet (Safety Valve) for remaining krb5.conf, or (8) Active Directory Account Prefix fields in the Kerberos wizard; or (9) classicWizard parameter to cmf/cloudera-director/redirect.
1137 CVE-2016-4947 200 +Info 2017-03-07 2017-03-09
5.0
None Remote Low Not required Partial None None
Cloudera HUE 3.9.0 and earlier allows remote attackers to enumerate user accounts via a request to desktop/api/users/autocomplete.
1138 CVE-2016-4946 79 XSS 2017-03-07 2017-03-09
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Cloudera HUE 3.9.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name or (2) Last name field in the HUE Users page.
1139 CVE-2016-4931 611 DoS 2017-03-20 2017-03-22
4.0
None Remote Low ??? None None Partial
XML entity injection in Junos Space before 15.2R2 allows attackers to cause a denial of service.
1140 CVE-2016-4930 79 XSS 2017-03-20 2017-03-22
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Junos Space before 15.2R2 allows remote attackers to steal sensitive information or perform certain administrative actions.
1141 CVE-2016-4929 77 Exec Code 2017-03-20 2017-03-22
9.0
None Remote Low ??? Complete Complete Complete
Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code as a root user.
1142 CVE-2016-4928 352 CSRF 2017-03-20 2017-03-22
6.8
None Remote Medium Not required Partial Partial Partial
Cross site request forgery vulnerability in Junos Space before 15.2R2 allows remote attackers to perform certain administrative actions on Junos Space.
1143 CVE-2016-4927 20 2017-03-20 2017-03-22
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle (MITM) type of attacks while a Space device is communicating with managed devices.
1144 CVE-2016-4926 287 2017-03-20 2017-03-22
7.5
None Remote Low Not required Partial Partial Partial
Insufficient authentication vulnerability in Junos Space before 15.2R2 allows remote network based users with access to Junos Space web interface to perform certain administrative tasks without authentication.
1145 CVE-2016-4912 476 DoS 2017-03-27 2017-07-11
5.0
None Remote Low Not required None None Partial
The _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a large number of crafted packets, which triggers a memory allocation failure.
1146 CVE-2016-4504 352 CSRF 2017-03-21 2017-03-24
6.8
None Remote Medium Not required Partial Partial Partial
A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per function.
1147 CVE-2016-3179 416 DoS 2017-03-24 2021-04-19
2.1
None Local Low Not required None None Partial
The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a denial of service (invalid free and daemon crash) via vectors related to error handling.
1148 CVE-2016-3178 125 DoS 2017-03-24 2021-04-23
2.1
None Local Low Not required None None Partial
The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a denial of service (out-of-bounds memory access and daemon crash) via vectors involving a negative length value.
1149 CVE-2016-3127 200 +Info 2017-03-03 2017-03-09
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in the logging implementation of BlackBerry Good Control Server versions earlier than 2.3.53.62 allows remote attackers to gain and use logged encryption keys to access certain resources within a customer's Good deployment by gaining access to certain diagnostic log files through either a valid logon or an unrelated compromise of the server.
1150 CVE-2016-2981 200 +Info 2017-03-20 2017-03-23
2.1
None Local Low Not required Partial None None
An undisclosed vulnerability in the CLM applications in IBM Jazz Team Server may allow unauthorized access to user credentials. IBM Reference #: 1999965.
Total number of vulnerabilities : 1305   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 (This Page)24 25 26 27
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.