|
246251
|
7.8 |
HIGH
ローカル
|
linux
|
linux_kernel
|
The crypto scatterlist API in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memor…
|
CWE-399
リソース管理の問題
|
CVE-2016-10153
|
2017-02-9 23:57 |
2017-02-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246252
|
6.1 |
MEDIUM
ネットワーク
|
ibm
|
tririga_application_platform
|
IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2016-6000
|
2017-02-9 04:04 |
2017-02-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246253
|
8.8 |
HIGH
ネットワーク
|
ibm
|
kenexa_lcms_premier
|
IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trust…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2016-5937
|
2017-02-9 04:03 |
2017-02-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246254
|
8.8 |
HIGH
ネットワーク
|
ibm
|
kenexa_lcms_premier
|
IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete informati…
|
CWE-89
SQLインジェクション
|
CVE-2016-5952
|
2017-02-9 03:52 |
2017-02-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246255
|
5.4 |
MEDIUM
ネットワーク
|
ibm
|
kenexa_lcms_premier
|
IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2016-5951
|
2017-02-9 03:51 |
2017-02-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246256
|
5.3 |
MEDIUM
ネットワーク
openafs
|
openafs
|
OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC re…
|
CWE-200
情報漏えい
|
CVE-2016-9772
|
2017-02-9 03:46 |
2017-02-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
246257
|
9.8 |
CRITICAL
ネットワーク
exponentcms
|
exponent_cms
|
An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to…
|
CWE-89
SQLインジェクション
|
CVE-2017-5879
|
2017-02-9 03:44 |
2017-02-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
246258
|
5.5 |
MEDIUM
ローカル
|
libtiff
debian
|
libtiff
debian_linux
|
Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file.
|
CWE-125
境界外読み取り
|
CVE-2016-9532
|
2017-02-9 03:43 |
2017-02-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246259
|
8.1 |
HIGH
ネットワーク
|
ibm
|
infosphere_datastage
infosphere_information_server
infosphere_information_server_on_cloud
|
IBM InfoSphere Information Server is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerabi…
|
CWE-611
XML 外部エンティティ参照の不適切な制限
|
CVE-2016-6059
|
2017-02-9 03:42 |
2017-02-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246260
|
5.5 |
MEDIUM
ローカル
|
linux
|
linux_kernel
|
The vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 does not set an errno value upon certain overflow detections, which allows local…
|
CWE-388
エラー処理
|
CVE-2017-5577
|
2017-02-9 03:32 |
2017-02-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246261
|
7.5 |
HIGH
ネットワーク
huawei
|
oceanstor_5800_v3
|
Huawei Oceanstor 5800 before V300R002C10SPC100 allows remote attackers to cause a denial of service (CPU consumption) via a large number of crafted HTTP packets.
|
CWE-399
リソース管理の問題
|
CVE-2016-5822
|
2017-02-9 03:23 |
2017-01-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
246262
|
6.5 |
MEDIUM
隣接
|
ibm
|
bigfix_platform
|
IBM BigFix Platform could allow an attacker on the local network to crash the BES and relay servers.
|
CWE-284
不適切なアクセス制御
|
CVE-2016-6085
|
2017-02-9 03:22 |
2017-02-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246263
|
4.3 |
MEDIUM
ネットワーク
|
ibm
|
kenexa_lms_on_cloud
|
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 discloses answers to security questions in a response to authenticated users.
|
CWE-200
情報漏えい
|
CVE-2016-6122
|
2017-02-9 03:22 |
2017-02-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246264
|
10.0 |
CRITICAL
ネットワーク
ibm
|
bigfix_platform
|
IBM BigFix Platform could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free race condition. An attacker could exploit this vulnerability to execute arbitrary…
|
CWE-416
解放済みメモリの使用
|
CVE-2016-6082
|
2017-02-9 03:20 |
2017-02-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
246265
|
5.5 |
MEDIUM
ローカル
|
onionshare
|
onionshare
|
hs.py in OnionShare before 0.9.1 allows local users to modify the hiddenservice by pre-creating the /tmp/onionshare directory.
|
CWE-284
不適切なアクセス制御
|
CVE-2016-5026
|
2017-02-9 02:14 |
2017-01-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246266
|
5.0 |
MEDIUM
ネットワーク
|
ibm
|
rational_collaborative_lifecycle_management
|
IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user due to session expiration not being enforced.
|
CWE-384
セッションの固定化
|
CVE-2016-6040
|
2017-02-9 02:03 |
2017-02-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246267
|
5.3 |
MEDIUM
ネットワーク
ibm
|
security_key_lifecycle_manager
|
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system.
|
CWE-200
情報漏えい
|
CVE-2016-6099
|
2017-02-9 01:50 |
2017-02-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
246268
|
4.3 |
MEDIUM
|
ibm
|
websphere_mq
|
Cross-site scripting (XSS) vulnerability in MQ XR WebSockets Listener in WMQ Telemetry in IBM WebSphere MQ 8.0 before 8.0.0.2 allows remote attackers to inject arbitrary web script or HTML via a craf…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2015-0176
|
2017-02-8 23:26 |
2015-04-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246269
|
6.1 |
MEDIUM
ネットワーク
|
sanadata
|
sanacms
|
Cross-site scripting (XSS) vulnerability in index.asp in SANADATA SanaCMS 7.3 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2017-5882
|
2017-02-8 11:59 |
2017-02-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246270
|
7.6 |
HIGH
ネットワーク
|
ibm
|
kenexa_lms
|
IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the…
|
CWE-89
SQLインジェクション
|
CVE-2016-8928
|
2017-02-8 08:00 |
2017-02-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246271
|
5.5 |
MEDIUM
ローカル
|
gnome
|
librsvg
|
The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted svg file.
|
CWE-125
境界外読み取り
|
CVE-2016-6163
|
2017-02-8 07:48 |
2017-02-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246272
|
5.5 |
MEDIUM
ローカル
|
lepton_project
|
lepton
|
The process_file function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (crash) via a crafted jpeg file.
|
CWE-20
不適切な入力確認
|
CVE-2016-6234
|
2017-02-8 07:28 |
2017-02-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246273
|
5.9 |
MEDIUM
ネットワーク
|
ibm
|
security_privileged_identity_manager
|
IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An a…
|
CWE-200
情報漏えい
|
CVE-2016-5966
|
2017-02-8 07:24 |
2017-02-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246274
|
8.8 |
HIGH
ネットワーク
|
ibm
|
kenexa_lms_on_cloud
|
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
|
CWE-434
危険なタイプのファイルの無制限アップロード
|
CVE-2016-6124
|
2017-02-8 07:23 |
2017-02-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246275
|
5.5 |
MEDIUM
ローカル
|
lepton_project
|
lepton
|
The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg file.
|
CWE-125
境界外読み取り
|
CVE-2016-6236
|
2017-02-8 07:03 |
2017-02-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246276
|
5.9 |
MEDIUM
ネットワーク
|
ibm
|
security_key_lifecycle_manager
|
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could …
|
CWE-200
情報漏えい
|
CVE-2016-6116
|
2017-02-8 06:59 |
2017-02-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246277
|
5.5 |
MEDIUM
ローカル
|
libavformat_project
|
libavformat
|
Integer overflow in the demuxer function in libmpdemux/demux_gif.c in Mplayer allows remote attackers to cause a denial of service (crash) via large dimensions in a gif file.
|
CWE-190
整数オーバーフローまたはラップアラウンド
|
CVE-2016-4352
|
2017-02-8 06:45 |
2017-02-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246278
|
5.4 |
MEDIUM
ネットワーク
|
ibm
|
kenexa_lms
|
IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the…
|
CWE-89
SQLインジェクション
|
CVE-2016-8929
|
2017-02-8 06:44 |
2017-02-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246279
|
6.5 |
MEDIUM
隣接
|
ibm
|
bigfix_platform
|
IBM BigFix Platform could allow an attacker on the local network to crash the BES server using a specially crafted XMLSchema request.
|
CWE-20
不適切な入力確認
|
CVE-2016-6084
|
2017-02-8 06:41 |
2017-02-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246280
|
6.5 |
MEDIUM
ネットワーク
|
ibm
|
security_privileged_identity_manager
|
IBM Security Privileged Identity Manager Virtual Appliance could disclose sensitive information in generated error messages that would be available to an authenticated user.
|
CWE-200
情報漏えい
|
CVE-2016-5988
|
2017-02-8 06:39 |
2017-02-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246281
|
6.3 |
MEDIUM
ネットワーク
|
ibm
|
security_privileged_identity_manager
|
IBM Security Privileged Identity Manager Virtual Appliance allows an authenticated user to upload malicious files that would be automatically executed by the server.
|
CWE-284
不適切なアクセス制御
|
CVE-2016-5990
|
2017-02-8 06:15 |
2017-02-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246282
|
6.5 |
MEDIUM
ネットワーク
|
ibm
|
kenexa_lms_on_cloud
|
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequenc…
|
CWE-22
パス・トラバーサル
|
CVE-2016-6126
|
2017-02-8 06:05 |
2017-02-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246283
|
7.5 |
HIGH
ネットワーク
cryptopp
|
crypto\+\+
|
Crypto++ 5.6.4 incorrectly uses Microsoft's stack-based _malloca and _freea functions. The library will request a block of memory to align a table in memory. If the table is later reallocated, then t…
|
CWE-399
リソース管理の問題
|
CVE-2016-7544
|
2017-02-8 05:59 |
2017-01-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
246284
|
7.8 |
HIGH
ローカル
|
ibm
|
security_guardium
|
IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject commands that would be executed as root.
|
CWE-78
OSコマンド・インジェクション
|
CVE-2016-6065
|
2017-02-8 05:43 |
2017-02-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246285
|
6.5 |
MEDIUM
ネットワーク
|
ibm
|
kenexa_lms
|
IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitra…
|
CWE-22
パス・トラバーサル
|
CVE-2016-8933
|
2017-02-8 05:31 |
2017-02-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246286
|
5.5 |
MEDIUM
ローカル
|
lepton_project
|
lepton
|
The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (segmentation fault) via a crafted jpeg file.
|
CWE-399
リソース管理の問題
|
CVE-2016-6235
|
2017-02-8 05:30 |
2017-02-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246287
|
7.5 |
HIGH
ネットワーク
ibm
|
security_privileged_identity_manager
|
IBM Security Privileged Identity Manager could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By interceptin…
|
CWE-200
情報漏えい
|
CVE-2016-5958
|
2017-02-8 05:26 |
2017-02-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
246288
|
8.8 |
HIGH
ネットワーク
|
ibm
|
kenexa_lms
|
IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
|
CWE-284
不適切なアクセス制御
|
CVE-2016-8931
|
2017-02-8 05:12 |
2017-02-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246289
|
8.1 |
HIGH
ネットワーク
|
ibm
|
bigfix_platform
|
IBM Tivoli Endpoint Manager could allow a user under special circumstances to inject commands that would be executed with unnecessary higher privileges than expected.
|
CWE-77
コマンドインジェクション
|
CVE-2016-0396
|
2017-02-8 04:44 |
2017-02-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246290
|
3.3 |
LOW
ローカル
|
ibm
|
integration_bus
websphere_message_broker
|
IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files.
|
CWE-275
パーミッションの問題
|
CVE-2016-0394
|
2017-02-8 04:43 |
2017-02-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246291
|
8.8 |
HIGH
ネットワーク
|
ibm
|
security_key_lifecycle_manager
|
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the w…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2016-6103
|
2017-02-8 04:32 |
2017-02-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246292
|
7.6 |
HIGH
ネットワーク
|
ibm
|
kenexa_lms
|
IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the…
|
CWE-89
SQLインジェクション
|
CVE-2016-8930
|
2017-02-8 04:32 |
2017-02-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246293
|
5.3 |
MEDIUM
ネットワーク
ibm
|
websphere_message_broker
|
The WebAdmin context for WebSphere Message Broker allows directory listings which could disclose sensitive information to the attacker.
|
CWE-200
情報漏えい
|
CVE-2016-6080
|
2017-02-8 04:20 |
2017-02-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
246294
|
5.5 |
MEDIUM
ローカル
|
lepton_project
|
lepton
|
The write_ujpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds read) via a crafted jpeg file.
|
CWE-125
境界外読み取り
|
CVE-2016-6238
|
2017-02-8 04:19 |
2017-02-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246295
|
5.4 |
MEDIUM
ネットワーク
|
ibm
|
kenexa_lms_on_cloud
|
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could…
|
CWE-254
セキュリティ機能
|
CVE-2016-8911
|
2017-02-8 04:11 |
2017-02-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246296
|
9.8 |
CRITICAL
ネットワーク
ibm
|
security_key_lifecycle_manager
|
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
|
CWE-284
不適切なアクセス制御
|
CVE-2016-6095
|
2017-02-8 03:49 |
2017-02-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
246297
|
6.5 |
MEDIUM
ネットワーク
|
ibm
|
kenexa_lms_on_cloud
|
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequenc…
|
CWE-22
パス・トラバーサル
|
CVE-2016-8913
|
2017-02-8 03:46 |
2017-02-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246298
|
5.6 |
MEDIUM
ネットワーク
|
saltstack
|
salt
|
Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with …
|
CWE-287
不適切な認証
|
CVE-2016-3176
|
2017-02-8 03:41 |
2017-02-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246299
|
5.5 |
MEDIUM
ローカル
|
lepton_project
|
lepton
|
The build_huffcodes function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds write) via a crafted jpeg file.
|
CWE-787
境界外書き込み
|
CVE-2016-6237
|
2017-02-8 03:40 |
2017-02-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246300
|
8.8 |
HIGH
ネットワーク
|
ibm
|
kenexa_lms
|
IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
|
CWE-284
不適切なアクセス制御
|
CVE-2016-8932
|
2017-02-8 03:36 |
2017-02-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
