Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-03-01 CVE-2016-8233 Information Exposure Through Log Files vulnerability in Lenovo Xclarity Administrator
Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user.
network
low complexity
lenovo CWE-532
critical
9.8
2017-03-01 CVE-2017-3826 Improper Input Validation vulnerability in Cisco Netflow Generation Appliance Software
A vulnerability in the Stream Control Transmission Protocol (SCTP) decoder of the Cisco NetFlow Generation Appliance (NGA) with software before 1.1(1a) could allow an unauthenticated, remote attacker to cause the device to hang or unexpectedly reload, causing a denial of service (DoS) condition.
network
low complexity
cisco CWE-20
7.5
2017-03-01 CVE-2016-9994 SQL Injection vulnerability in IBM Kenexa Lcms Premier
IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
7.1
2017-03-01 CVE-2016-9993 SQL Injection vulnerability in IBM Kenexa Lcms Premier
IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
7.1
2017-03-01 CVE-2016-9992 SQL Injection vulnerability in IBM Kenexa Lcms Premier
IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
7.1
2017-03-01 CVE-2016-8232 Cross-site Scripting vulnerability in IBM Advanced Management Module Firmware
Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM's IP address to send a crafted URL that could inject a malicious script to access a user's AMM data such as cookies or other session information.
network
low complexity
ibm CWE-79
6.1
2017-03-01 CVE-2016-5932 Cross-site Scripting vulnerability in IBM Connections
IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-03-01 CVE-2016-2880 Key Management Errors vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar 7.2 stores the encryption key used to encrypt the service account password which can be obtained by a local user.
local
low complexity
ibm CWE-320
7.8
2017-03-01 CVE-2016-2879 Inadequate Encryption Strength vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials.
local
low complexity
ibm CWE-326
7.8
2017-03-01 CVE-2017-6353 Double Free vulnerability in Linux Kernel
net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (invalid unlock and double free) via a multithreaded application.
local
low complexity
linux CWE-415
5.5