Latest CVE Feed
-
5.4
MEDIUMCVE-2016-9696
IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM Reference #: 19999... Read more
Affected Products : rational_rhapsody_design_manager- Published: Mar. 20, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2016-9694
IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trust... Read more
Affected Products : rational_rhapsody_design_manager- Published: Mar. 20, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2016-9165
The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequentl... Read more
- Published: Mar. 20, 2017
- Modified: Apr. 20, 2025
-
4.3
MEDIUMCVE-2016-8973
IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an authenticated user to upload infected malicious files to the server. IBM Reference #: 1999960.... Read more
Affected Products : rational_rhapsody_design_manager- Published: Mar. 20, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2016-5857
The Qualcomm SPCom driver in Android before 7.0 allows local users to execute arbitrary code within the context of the kernel via a crafted application, aka Android internal bug 34386529 and Qualcomm internal bug CR#1094140.... Read more
Affected Products : android- Published: Mar. 20, 2017
- Modified: Apr. 20, 2025
-
6.8
MEDIUMCVE-2016-2981
An undisclosed vulnerability in the CLM applications in IBM Jazz Team Server may allow unauthorized access to user credentials. IBM Reference #: 1999965.... Read more
Affected Products : rational_collaborative_lifecycle_management- Published: Mar. 20, 2017
- Modified: Apr. 20, 2025
-
4.3
MEDIUMCVE-2016-2406
The permission control module in Huawei Document Security Management (aka DSM) before V100R002C05SPC670 allows remote authenticated users to obtain sensitive information from encrypted documents by leveraging incorrect control of permissions on the PrintS... Read more
Affected Products : document_security_management- Published: Mar. 20, 2017
- Modified: Apr. 20, 2025
-
6.5
MEDIUMCVE-2016-10214
Memory leak in the virgl_resource_attach_backing function in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands.... Read more
Affected Products : virglrenderer- Published: Mar. 20, 2017
- Modified: Apr. 20, 2025
-
5.9
MEDIUMCVE-2015-8985
The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.... Read more
Affected Products : glibc- Published: Mar. 20, 2017
- Modified: Apr. 20, 2025
-
5.9
MEDIUMCVE-2015-8984
The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.... Read more
Affected Products : glibc- Published: Mar. 20, 2017
- Modified: Apr. 20, 2025
-
8.1
HIGHCVE-2015-8983
Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors ... Read more
Affected Products : glibc- Published: Mar. 20, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2015-8954
The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remote attackers to bypass intrusion-prevention functionality via a crafted HTTP request.... Read more
- Published: Mar. 20, 2017
- Modified: Apr. 20, 2025
-
5.3
MEDIUMCVE-2015-1610
hosttracker in OpenDaylight l2switch allows remote attackers to change the host location information by spoofing the MAC address, aka "topology spoofing."... Read more
Affected Products : l2switch- Published: Mar. 20, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2014-9851
ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash).... Read more
- Published: Mar. 20, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2014-9850
Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption).... Read more
- Published: Mar. 20, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2014-9849
The png coder in ImageMagick allows remote attackers to cause a denial of service (crash).... Read more
- Published: Mar. 20, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2014-9848
Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption).... Read more
- Published: Mar. 20, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2014-9847
The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact.... Read more
- Published: Mar. 20, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2014-9846
Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.... Read more
- Published: Mar. 20, 2017
- Modified: Apr. 20, 2025
-
5.5
MEDIUMCVE-2014-9845
The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file.... Read more
- Published: Mar. 20, 2017
- Modified: Apr. 20, 2025