Total
1465 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10148 | 1 Wordpress | 1 Wordpress | 2017-03-16 | 4.0 MEDIUM | 4.3 MEDIUM |
| The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a get_plugin_data call before checking the update_plugins capability, which allows remote authenticated users to bypass intended read-access restrictions via the plugin parameter to wp-admin/admin-ajax.php, a related issue to CVE-2016-6896. | |||||
| CVE-2016-5815 | 1 Schneider-electric | 6 Ion5000, Ion7300, Ion7500 and 3 more | 2017-03-14 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes. | |||||
| CVE-2016-8236 | 1 Lenovo | 6 Thinkserver Firmware, Thinkserver Rd350, Thinkserver Rd450 and 3 more | 2017-03-09 | 5.0 MEDIUM | 7.5 HIGH |
| Reset to default settings may occur in Lenovo ThinkServer TSM RD350, RD450, RD550, RD650, TD350 during a prolonged broadcast storm in TSM versions earlier than 3.77. | |||||
| CVE-2016-10193 | 1 Espeak-ruby Project | 1 Espeak-ruby | 2017-03-08 | 7.5 HIGH | 9.8 CRITICAL |
| The espeak-ruby gem before 1.0.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the speak, save, bytes or bytes_wav method in lib/espeak/speech.rb. | |||||
| CVE-2016-7408 | 1 Dropbear Ssh Project | 1 Dropbear Ssh | 2017-03-04 | 6.5 MEDIUM | 8.8 HIGH |
| The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted (1) -m or (2) -c argument. | |||||
| CVE-2016-8986 | 1 Ibm | 1 Websphere Mq | 2017-03-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTTP requests. IBM Reference #: 1998648. | |||||
| CVE-2015-8832 | 1 Dotclear | 1 Dotclear | 2017-03-02 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php in Dotclear before 2.8.2 allow remote authenticated users with "manage their own media items" and "manage their own entries and comments" permissions to execute arbitrary PHP code by uploading a file with a (1) .pht, (2) .phps, or (3) .phtml extension. | |||||
| CVE-2016-8915 | 1 Ibm | 1 Websphere Mq | 2017-03-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager and queue, to deny service to other channels running under the same process. IBM Reference #: 1998649. | |||||
| CVE-2016-6077 | 1 Ibm | 1 Cognos Disclosure Management | 2017-02-17 | 6.8 MEDIUM | 5.3 MEDIUM |
| IBM Cognos Disclosure Management 10.2 could allow a malicious attacker to execute commands as a lower privileged user that opens a malicious document. IBM Reference #: 1991584. | |||||
| CVE-2016-9005 | 1 Ibm | 1 System Storage Ts3100-ts3200 Tape Library | 2017-02-17 | 7.5 HIGH | 9.8 CRITICAL |
| IBM System Storage TS3100-TS3200 Tape Library could allow an unauthenticated user with access to the company network, to change a user's password and gain remote access to the system. | |||||
| CVE-2016-9356 | 1 Moxa | 1 Dacenter | 2017-02-17 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in Moxa DACenter Versions 1.4 and older. The application may suffer from an unquoted search path issue. | |||||
| CVE-2016-10223 | 1 Bigtreecms | 1 Bigtree Cms | 2017-02-16 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in BigTree CMS before 4.2.15. The vulnerability exists due to insufficient filtration of user-supplied data in the "id" HTTP GET parameter passed to the "core/admin/adjax/dashboard/check-module-integrity.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2016-0214 | 1 Ibm | 1 Bigfix Platform | 2017-02-15 | 6.8 MEDIUM | 7.8 HIGH |
| IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. A remote attacker could exploit this vulnerability to upload a malicious file. The only way that file would be executed would be through a phishing attack to trick an unsuspecting victim to execute the file. | |||||
| CVE-2015-7494 | 1 Ibm | 2 Cloud Orchestrator, Smartcloud Orchestrator | 2017-02-14 | 1.7 LOW | 2.8 LOW |
| A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API call, provided it would have been possible for the domain admin user to gain access to a resource identifier of the other domain. | |||||
| CVE-2016-9008 | 1 Ibm | 1 Urbancode Deploy | 2017-02-13 | 5.0 MEDIUM | 7.5 HIGH |
| IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent. | |||||
| CVE-2016-8938 | 1 Ibm | 1 Urbancode Deploy | 2017-02-13 | 10.0 HIGH | 10.0 CRITICAL |
| IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host customer's production applications. | |||||
| CVE-2016-8942 | 1 Ibm | 2 Spectrum Control, Tivoli Storage Productivity Center | 2017-02-13 | 3.5 LOW | 3.1 LOW |
| IBM Tivoli Storage Productivity Center could allow an authenticated user with intimate knowledge of the system to edit a limited set of properties on the server. | |||||
| CVE-2016-5964 | 1 Ibm | 1 Security Privileged Identity Manager | 2017-02-13 | 5.0 MEDIUM | 9.8 CRITICAL |
| IBM Security Privileged Identity Manager Virtual Appliance version 2.0.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | |||||
| CVE-2016-2942 | 1 Ibm | 1 Urbancode Deploy | 2017-02-13 | 6.0 MEDIUM | 7.5 HIGH |
| IBM UrbanCode Deploy could allow an authenticated attacker with special permissions to craft a script on the server in a way that will cause processes to run on a remote UCD agent machine. | |||||
| CVE-2016-0320 | 1 Ibm | 1 Urbancode Deploy | 2017-02-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM UrbanCode Deploy could allow an authenticated user to modify Ucd objects due to multiple REST endpoints not properly authorizing users editing UCD objects. This could affect the behavior of legitimately triggered processes. | |||||