|
265711
|
4.3 |
MEDIUM
Network
|
ibm
|
tivoli_key_lifecycle_manager
security_key_lifecycle_manager
|
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates an error message that includes sensitive information about its environment, users, or associated data.
|
CWE-200
Information Exposure
|
CVE-2016-6094
|
2024-11-21 11:55 |
2017-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265712
|
6.2 |
MEDIUM
Local
|
ibm
|
tivoli_key_lifecycle_manager
security_key_lifecycle_manager
|
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user.
|
CWE-200
Information Exposure
|
CVE-2016-6092
|
2024-11-21 11:55 |
2017-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265713
|
9.8 |
CRITICAL
Network
|
gradle
|
gradle
|
ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2016-6199
|
2024-11-21 11:55 |
2017-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265714
|
9.8 |
CRITICAL
Network
|
php-gettext_project
|
php-gettext
|
Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header.
|
CWE-94
Code Injection
|
CVE-2016-6175
|
2024-11-21 11:55 |
2017-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265715
|
7.5 |
HIGH
Network
|
gnu
|
libiberty
|
The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types.
|
CWE-20
Improper Input Validation
|
CVE-2016-6131
|
2024-11-21 11:55 |
2017-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265716
|
6.5 |
MEDIUM
Network
|
alinto
|
sogo
|
Memory leak in SOGo 2.3.7 allows remote attackers to cause a denial of service (memory consumption) via a large number of attempts to upload a large attachment, related to temporary files.
|
CWE-399
Resource Management Errors
|
CVE-2016-6188
|
2024-11-21 11:55 |
2017-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265717
|
5.5 |
MEDIUM
Local
|
gnome
|
librsvg
|
The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted svg file.
|
CWE-125
Out-of-bounds Read
|
CVE-2016-6163
|
2024-11-21 11:55 |
2017-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265718
|
5.9 |
MEDIUM
Network
|
ibm
|
security_key_lifecycle_manager
|
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could …
|
CWE-200
Information Exposure
|
CVE-2016-6116
|
2024-11-21 11:55 |
2017-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265719
|
8.8 |
HIGH
Network
|
ibm
|
security_key_lifecycle_manager
|
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the w…
|
CWE-352
Origin Validation Error
|
CVE-2016-6103
|
2024-11-21 11:55 |
2017-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265720
|
5.3 |
MEDIUM
Network
|
ibm
|
security_key_lifecycle_manager
|
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system.
|
CWE-200
Information Exposure
|
CVE-2016-6099
|
2024-11-21 11:55 |
2017-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
