Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-03-02 CVE-2017-6415 NULL Pointer Dereference vulnerability in Radare Radare2 1.2.1
The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DEX file.
local
low complexity
radare CWE-476
5.5
2017-03-02 CVE-2017-6387 Out-of-bounds Read vulnerability in Radare Radare2 1.2.1
The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DEX file.
local
low complexity
radare CWE-125
5.5
2017-03-02 CVE-2017-6319 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Radare Radare2 1.2.1
The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted DEX file.
local
low complexity
radare CWE-119
7.8
2017-03-02 CVE-2016-10228 Improper Input Validation vulnerability in GNU Glibc
The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.
network
high complexity
gnu CWE-20
5.9
2017-03-01 CVE-2016-8233 Information Exposure Through Log Files vulnerability in Lenovo Xclarity Administrator
Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user.
network
low complexity
lenovo CWE-532
critical
9.8
2017-03-01 CVE-2017-3826 Improper Input Validation vulnerability in Cisco Netflow Generation Appliance Software
A vulnerability in the Stream Control Transmission Protocol (SCTP) decoder of the Cisco NetFlow Generation Appliance (NGA) with software before 1.1(1a) could allow an unauthenticated, remote attacker to cause the device to hang or unexpectedly reload, causing a denial of service (DoS) condition.
network
low complexity
cisco CWE-20
7.5
2017-03-01 CVE-2016-9994 SQL Injection vulnerability in IBM Kenexa Lcms Premier
IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
7.1
2017-03-01 CVE-2016-9993 SQL Injection vulnerability in IBM Kenexa Lcms Premier
IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
7.1
2017-03-01 CVE-2016-9992 SQL Injection vulnerability in IBM Kenexa Lcms Premier
IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
7.1
2017-03-01 CVE-2016-8232 Cross-site Scripting vulnerability in IBM Advanced Management Module Firmware
Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM's IP address to send a crafted URL that could inject a malicious script to access a user's AMM data such as cookies or other session information.
network
low complexity
ibm CWE-79
6.1