|
268281
|
4.0 |
MEDIUM
Local
|
ibm
|
tivoli_key_lifecycle_manager
security_key_lifecycle_manager
|
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system.
|
CWE-200
Information Exposure
|
CVE-2016-6097
|
2024-11-21 11:55 |
2017-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268282
|
6.1 |
MEDIUM
Network
|
ibm
|
tivoli_key_lifecycle_manager
security_key_lifecycle_manager
|
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended…
|
CWE-79
Cross-site Scripting
|
CVE-2016-6096
|
2024-11-21 11:55 |
2017-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268283
|
4.3 |
MEDIUM
Network
|
ibm
|
tivoli_key_lifecycle_manager
security_key_lifecycle_manager
|
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates an error message that includes sensitive information about its environment, users, or associated data.
|
CWE-200
Information Exposure
|
CVE-2016-6094
|
2024-11-21 11:55 |
2017-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268284
|
6.2 |
MEDIUM
Local
|
ibm
|
tivoli_key_lifecycle_manager
security_key_lifecycle_manager
|
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user.
|
CWE-200
Information Exposure
|
CVE-2016-6092
|
2024-11-21 11:55 |
2017-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268285
|
9.8 |
CRITICAL
Network
|
gradle
|
gradle
|
ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2016-6199
|
2024-11-21 11:55 |
2017-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268286
|
9.8 |
CRITICAL
Network
|
php-gettext_project
|
php-gettext
|
Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header.
|
CWE-94
Code Injection
|
CVE-2016-6175
|
2024-11-21 11:55 |
2017-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268287
|
7.5 |
HIGH
Network
|
gnu
|
libiberty
|
The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types.
|
CWE-20
Improper Input Validation
|
CVE-2016-6131
|
2024-11-21 11:55 |
2017-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268288
|
6.5 |
MEDIUM
Network
|
alinto
|
sogo
|
Memory leak in SOGo 2.3.7 allows remote attackers to cause a denial of service (memory consumption) via a large number of attempts to upload a large attachment, related to temporary files.
|
CWE-399
Resource Management Errors
|
CVE-2016-6188
|
2024-11-21 11:55 |
2017-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268289
|
5.5 |
MEDIUM
Local
|
gnome
|
librsvg
|
The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted svg file.
|
CWE-125
Out-of-bounds Read
|
CVE-2016-6163
|
2024-11-21 11:55 |
2017-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268290
|
5.9 |
MEDIUM
Network
|
ibm
|
security_key_lifecycle_manager
|
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could …
|
CWE-200
Information Exposure
|
CVE-2016-6116
|
2024-11-21 11:55 |
2017-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
