Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-02-02 CVE-2017-1093 Unspecified vulnerability in IBM AIX 6.1/7.1/7.2
IBM AIX 6.1, 7.1, and 7.2 could allow a local user to exploit a vulnerability in the bellmail binary to gain root privileges.
local
low complexity
ibm
7.8
2017-02-02 CVE-2016-6116 Information Exposure vulnerability in IBM Security KEY Lifecycle Manager
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm CWE-200
5.9
2017-02-02 CVE-2016-6103 Cross-Site Request Forgery (CSRF) vulnerability in IBM Security KEY Lifecycle Manager
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2017-02-02 CVE-2016-6099 Information Exposure vulnerability in IBM Security KEY Lifecycle Manager
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 discloses sensitive information to unauthorized users.
network
low complexity
ibm CWE-200
5.3
2017-02-02 CVE-2016-6095 Improper Access Control vulnerability in IBM Security KEY Lifecycle Manager
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
network
low complexity
ibm CWE-284
critical
9.8
2017-02-02 CVE-2016-5935 Information Exposure vulnerability in IBM Dashboard Application Services HUB 3.1.3
IBM Jazz for Service Management could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate.
network
high complexity
ibm CWE-200
5.9
2017-02-02 CVE-2016-6238 Out-of-bounds Read vulnerability in Lepton Project Lepton 1.0
The write_ujpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds read) via a crafted jpeg file.
local
low complexity
lepton-project CWE-125
5.5
2017-02-02 CVE-2016-6237 Out-of-bounds Write vulnerability in Lepton Project Lepton 1.0
The build_huffcodes function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds write) via a crafted jpeg file.
local
low complexity
lepton-project CWE-787
5.5
2017-02-02 CVE-2016-6236 Out-of-bounds Read vulnerability in Lepton Project Lepton 1.0
The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg file.
local
low complexity
lepton-project CWE-125
5.5
2017-02-02 CVE-2016-6235 Resource Management Errors vulnerability in Lepton Project Lepton 1.0
The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (segmentation fault) via a crafted jpeg file.
local
low complexity
lepton-project CWE-399
5.5