Skip to main content
CVE-2017-5219 CRITICAL Act Now

An issue was discovered in SageCRM 7.x before 7.3 SP3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Sagecrm
NVD
CVSS 3.0
9.8
EPSS
4.0%
CVE-2017-5600 CRITICAL Act Now

The Data Warehouse component in NetApp OnCommand Insight before 7.2.3 allows remote attackers to obtain administrative access by leveraging a default privileged account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oncommand Insight
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2016-6095 CRITICAL PATCH Act Now

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Authentication Bypass Security Key Lifecycle Manager
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-5218 HIGH This Week

A SQL Injection issue was discovered in SageCRM 7.x before 7.3 SP3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Sagecrm
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2016-6103 HIGH PATCH This Week

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Security Key Lifecycle Manager
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-1093 HIGH This Week

IBM AIX 6.1, 7.1, and 7.2 could allow a local user to exploit a vulnerability in the bellmail binary to gain root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Aix
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-6116 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Key Lifecycle Manager
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2016-5935 MEDIUM This Month

IBM Jazz for Service Management could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Dashboard Application Services Hub
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2016-6238 MEDIUM PATCH This Month

The write_ujpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds read) via a crafted jpeg file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Lepton
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-6237 MEDIUM PATCH This Month

The build_huffcodes function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds write) via a crafted jpeg file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Denial Of Service Lepton
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-6236 MEDIUM PATCH This Month

The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Lepton
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-6235 MEDIUM PATCH This Month

The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (segmentation fault) via a crafted jpeg file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Lepton
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-6234 MEDIUM PATCH This Month

The process_file function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (crash) via a crafted jpeg file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Lepton
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-1566 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users, allows remote authenticated users to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Guacamole
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-6099 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 discloses sensitive information to unauthorized users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Key Lifecycle Manager
NVD
CVSS 3.0
5.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy