Weekly Vulnerabilities Reports > January 30 to February 5, 2017

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

A SQL Injection issue was discovered in SageCRM 7.x before 7.3 SP3.

IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.

IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.

IBM Tivoli Storage Productivity Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.

IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection.

IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

IBM Security Access Manager for Web is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer.

The handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py in Trend Micro Virtual Mobile Infrastructure before 5.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the password to api/v1/cfg/oauth/save_identify_pfx/.

SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) spare_Community, (2) spare_AllowGroupIP, or (3) spare_AllowGroupNetmask parameter to admin_notification.php.

ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) host or (2) apikey parameter in a register action, (3) enable parameter in a save_stting action, or (4) host or (5) apikey parameter in a test_connection action.

Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified impact via the (1) password or (2) username.

The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the password.

A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software could allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of service (DoS) condition.

A vulnerability in the data plane IP fragment handler of the Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security module could allow an unauthenticated, remote attacker to cause the CX module to be unable to process further traffic, resulting in a denial of service (DoS) condition.

The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.

xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to bypass intended access restrictions via vectors related to the forum password.

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 do not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas.

Unspecified methods in the RACF Connector component before 1.1.1.0 in ForgeRock OpenIDM and OpenICF improperly call the SearchControls constructor with returnObjFlag set to true, which allows remote attackers to execute arbitrary code via a crafted serialized Java object, aka LDAP entry poisoning.

IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data.

IBM InfoSphere Information Server is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data.

IBM Tivoli Endpoint Manager could allow a user under special circumstances to inject commands that would be executed with unnecessary higher privileges than expected.

IBM AIX 6.1, 7.1, and 7.2 could allow a local user to exploit a vulnerability in the bellmail binary to gain root privileges.

IBM Security Identity Manager Virtual Appliance stores user credentials in plain in clear text which can be read by a local user.

IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject commands that would be executed as root.

The IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX client is vulnerable to a buffer overflow when Journal-Based Backup is enabled.

IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges.

Array index error in the msm_sensor_config function in kernel/SM-G9008V_CHN_KK_Opensource/Kernel/drivers/media/platform/msm/camera_v2/sensor/msm_sensor.c in Samsung devices with Android KK(4.4) or L and an APQ8084, MSM8974, or MSM8974pro chipset allows local users to have unspecified impact via the gpio_config.gpio_name value.

Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability than CVE-2016-8698, CVE-2016-8699, CVE-2016-8700, CVE-2016-8701, and CVE-2016-8702.

Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability than CVE-2016-8698, CVE-2016-8699, CVE-2016-8700, CVE-2016-8701, and CVE-2016-8703.

Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability than CVE-2016-8698, CVE-2016-8699, CVE-2016-8700, CVE-2016-8702, and CVE-2016-8703.

Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability than CVE-2016-8698, CVE-2016-8699, CVE-2016-8701, CVE-2016-8702, and CVE-2016-8703.

Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability than CVE-2016-8698, CVE-2016-8700, CVE-2016-8701, CVE-2016-8702, and CVE-2016-8703.

Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability than CVE-2016-8699, CVE-2016-8700, CVE-2016-8701, CVE-2016-8702, and CVE-2016-8703.

The bm_new function in bitmap.h in potrace 1.13 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.

Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan horse .war file in the Solr webapps directory.

Multiple untrusted search path vulnerabilities in Putty beta 0.67 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) UxTheme.dll or (2) ntmarta.dll file in the current working directory.

Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted hdlr MP4 atom.

An issue was discovered in Artifex Software, Inc.

An issue was discovered in Artifex Software, Inc.

IBM Kenexa LMS on Cloud is vulnerable to SQL injection.

IBM Kenexa LMS on Cloud is vulnerable to SQL injection.

An issue was discovered on SendQuick Entera and Avera devices before 2HF16.

Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc.

An issue was discovered in EMC RSA BSAFE Crypto-J versions prior to 6.2.2.

EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users to compromise the affected system.

PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite.

IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent.

IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources.

IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties.

IBM UrbanCode Deploy could allow an authenticated attacker with special permissions to craft a script on the server in a way that will cause processes to run on a remote UCD agent machine.

IBM Security Privileged Identity Manager could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode.

IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information due to security misconfigurations.

SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of Service vulnerability (service crash) with a long string to TCP port 515.

Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a ..

MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows might allow remote attackers to obtain sensitive information from ACP backups via vectors involving a short name.

MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows allow remote attackers to overwrite arbitrary CSS files via vectors related to "style import."

MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow remote attackers to obtain sensitive information by leveraging missing directory listing protection in upload directories.

MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to obtain sensitive database information via vectors involving templates.

MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allow remote attackers to obtain the installation path via vectors involving error log files.

An undisclosed traffic pattern received by a BIG-IP Virtual Server with TCP Fast Open enabled may cause the Traffic Management Microkernel (TMM) to restart, resulting in a Denial-of-Service (DoS).

The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.

The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.

Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine.

Crypto++ 5.6.4 incorrectly uses Microsoft's stack-based _malloca and _freea functions.

NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client.

NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list.

An issue was discovered on the D-Link DWR-932B router.

An issue was discovered on the D-Link DWR-932B router.

An issue was discovered on the D-Link DWR-932B router.

An issue was discovered on the D-Link DWR-932B router.

An issue was discovered on the D-Link DWR-932B router.

An issue was discovered on the D-Link DWR-932B router.

An issue was discovered on the D-Link DWR-932B router.

The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.

IBM AppScan Enterprise Edition could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of objects in memory.

EMC Isilon OneFS 7.2.1.0 - 7.2.1.3, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, EMC Isilon OneFS 7.1.0.x is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system.

IBM General Parallel File System is vulnerable to a buffer overflow.

The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.

Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced.

Unisys Libra 43xx, 63xx, and 83xx, and FS600 class systems with MCP-FIRMWARE 40.0 before 40.0IC4 Build 270 might allow remote authenticated users to cause a denial of service (data corruption or system crash) via vectors related to using program operators during EPSILON (level 5) based codefiles at peak memory usage, which triggers CPM stack corruption.

A vulnerability in the handling of list headers in Cisco cBR Series Converged Broadband Routers could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

A vulnerability in the implementation of Common Industrial Protocol (CIP) functionality in Cisco Industrial Ethernet 2000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to a system memory leak.

IBM Tivoli Storage Manager for Virtual Environments (VMware) could disclose the Windows domain credentials to a user with a high level of privileges.

EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS (DD OS) 5.5 family all versions prior to 5.5.5.0, EMC Data Domain OS (DD OS) 5.6 family all versions prior to 5.6.2.0, EMC Data Domain OS (DD OS) 5.7 family all versions prior to 5.7.2.10 has a command injection vulnerability that could potentially be exploited by malicious users to compromise the affected system.

EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by multiple command injection vulnerabilities where a malicious administrator with configuration privileges may bypass the user interface and escalate his privileges to root.

The mcollective-puppet-agent plugin before 1.11.1 for Puppet allows remote attackers to execute arbitrary code via vectors involving the --server argument.

Splunk Web in Splunk Enterprise versions 6.5.x before 6.5.2, 6.4.x before 6.4.5, 6.3.x before 6.3.9, 6.2.x before 6.2.13, 6.1.x before 6.1.12, 6.0.x before 6.0.13, 5.0.x before 5.0.17 and Splunk Light versions before 6.5.2 allows remote authenticated users to cause a denial of service (daemon crash) via a crafted GET request, aka SPL-130279.

Memory leak in SOGo 2.3.7 allows remote attackers to cause a denial of service (memory consumption) via a large number of attempts to upload a large attachment, related to temporary files.

A vulnerability in Simple Network Management Protocol (SNMP) functions of Cisco ASR 1000 Series Aggregation Services Routers running Cisco IOS XE Software Release 3.13.6S, 3.16.2S, or 3.17.1S could allow an authenticated, remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition.

IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system.

IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user.

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system.

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system.

IBM BigFix Platform could allow an attacker on the local network to crash the BES and relay servers.

IBM BigFix Platform could allow an attacker on the local network to crash the BES server using a specially crafted XMLSchema request.

IBM InfoSphere Information Server contains a vulnerability that would allow an authenticated user to browse any file on the engine tier, and examine its contents.

IBM Security Privileged Identity Manager Virtual Appliance could disclose sensitive information in generated error messages that would be available to an authenticated user.

IBM Kenexa LCMS Premier on Cloud stores user credentials in plain in clear text which can be read by an authenticated user.

IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data.

IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due to incorrect file permissions.

The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to conduct clickjacking attacks via unspecified vectors.

The get_abbrev_array_info function in libdwarf-20151114 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted elf file.

NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network.

An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0.

An issue was discovered on the ASUS RT-N56U Wireless Router with Firmware 3.0.0.4.374_979.

EMC PowerPath Virtual (Management) Appliance 2.0, EMC PowerPath Virtual (Management) Appliance 2.0 SP1 is affected by a sensitive information disclosure vulnerability that may potentially be exploited by malicious users to compromise the affected system.

RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container.

EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a DQL Injection Vulnerability that could potentially be exploited by malicious users to compromise the affected system.

IBM Security Privileged Identity Manager Virtual Appliance allows an authenticated user to upload malicious files that would be automatically executed by the server.

IBM Kenexa LMS on Cloud is vulnerable to SQL injection.

An issue was discovered on SendQuick Entera and Avera devices before 2HF16.

The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash).

Cross-site scripting (XSS) vulnerability in index.asp in SANADATA SanaCMS 7.3 allows remote attackers to inject arbitrary web script or HTML via the search parameter.

Cross-site scripting (XSS) vulnerability in the manage_findResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the obj_ids:tokens parameter.

EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has Reflected Cross-Site Scripting Vulnerabilities that could potentially be exploited by malicious users to compromise the affected system.

EMC RSA Web Threat Detection version 5.0, RSA Web Threat Detection version 5.1, RSA Web Threat Detection version 5.1.2 has a cross site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.

IBM Security Identity Manager Virtual Appliance is vulnerable to cross-site scripting.

IBM InfoSphere DataStage is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection.

IBM iNotes is vulnerable to cross-site scripting.

IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack.

IBM Social Rendering Templates for Digital Data Connector is vulnerable to cross-site scripting.

Exphox WebRadar is vulnerable to cross-site scripting.

IBM Verse is vulnerable to cross-site scripting.

IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to conduct phishing attacks, using an open redirect attack.

IBM TRIRIGA Application Platform is vulnerable to cross-site scripting.

IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection.

IBM iNotes is vulnerable to cross-site scripting.

IBM iNotes is vulnerable to cross-site scripting.

IBM Security Access Manager for Web is vulnerable to cross-site scripting.

IBM iNotes is vulnerable to cross-site scripting.

IBM iNotes is vulnerable to cross-site scripting.

Cross-site scripting (XSS) vulnerability in the Users module in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Cross-site scripting (XSS) vulnerability in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Cross-site scripting (XSS) vulnerability in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving pruning logs.

Cross-site scripting (XSS) vulnerability in the Mod control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving editing users.

Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving Mod control panel logs.

Cross-site scripting (XSS) vulnerability in the User control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Cross-site scripting (XSS) vulnerability in member validation in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors related to login.

Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA before 7.2.2 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.

Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 might allow remote attackers to inject arbitrary web script or HTML via vectors related to "old upgrade files."

Cross-site scripting (XSS) vulnerability in the error handler in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via a crafted excerpt.

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.

IBM Jazz for Service Management could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate.

IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.

IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid credentials.

IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.

IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.

Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.

OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack.

OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid certificate.

OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate.

ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value.

The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values.

ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.

A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device, aka a Malformed MIME Header Filtering Bypass.

A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to maliciously bypass the appliance's ability to block certain web content, aka a URL Bypass.

A vulnerability in the Policy deployment module of the Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to prevent deployment of a complete and accurate rule base.

IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system.

Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient.

Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file.

Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file.

The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg2000 file.

JavaScriptCore in WebKit allows attackers to cause a denial of service (out-of-bounds heap read) via a crafted Javascript file.

Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file.

The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file.

The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file.

The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted svg file.

magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file.

The avcodec_decode_audio4 function in libavcodec in libavformat 57.34.103, as used in MPlayer, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mp3 file.

The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.

The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.

Integer overflow in the demuxer function in libmpdemux/demux_gif.c in Mplayer allows remote attackers to cause a denial of service (crash) via large dimensions in a gif file.

GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c.

Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c.

The write_ujpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds read) via a crafted jpeg file.

The build_huffcodes function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds write) via a crafted jpeg file.

The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg file.

The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (segmentation fault) via a crafted jpeg file.

The process_file function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (crash) via a crafted jpeg file.

IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user.

IBM UrbanCode Deploy creates temporary files during step execution that could contain sensitive information including passwords that could be read by a local user.

IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user.

The Tivoli Storage Manager (TSM) password may be displayed in plain text via application trace output while application tracing is enabled.

IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system.

The bm_new function in bitmap.h in potrace before 1.13 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted BMP image.

The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted BMP image, a different vulnerability than CVE-2016-8694 and CVE-2016-8695.

The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted BMP image, a different vulnerability than CVE-2016-8694 and CVE-2016-8696.

The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted BMP image, a different vulnerability than CVE-2016-8695 and CVE-2016-8696.

The findnext function in decompose.c in potrace 1.13 allows remote attackers to cause a denial of service (invalid memory access and crash) via a crafted BMP image.

An exploitable denial of service exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system.

libalpm, as used in pacman 5.0.1, allows remote attackers to cause a denial of service (infinite loop or out-of-bounds read) via a crafted signature file.

hs.py in OnionShare before 0.9.1 allows local users to modify the hiddenservice by pre-creating the /tmp/onionshare directory.

A vulnerability in the web framework of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a web URL redirect attack against a user who is logged in to an affected system.

Cross-site scripting (XSS) vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users, allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename.

IBM InfoSphere Information Server contains a Path-relative stylesheet import vulnerability that allows attackers to render a page in quirks mode thereby facilitating an attacker to inject malicious CSS.

IBM Kenexa LMS on Cloud is vulnerable to SQL injection.

IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting.

IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting.

IBM Infosphere BigInsights is vulnerable to cross-site scripting.

IBM Infosphere BigInsights is vulnerable to cross-site scripting, caused by improper validation of user-supplied input.

IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to cross-site scripting, caused by improper validation of user-supplied input.

IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input.

IBM Business Process Manager is vulnerable to cross-site scripting.

IBM Tivoli Storage Productivity Center is vulnerable to cross-site scripting.

IBM WebSphere Application Server is vulnerable to cross-site scripting.

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting.

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to hijack the clicking action of the victim.

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting.

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting.

IBM Maximo Asset Management is vulnerable to cross-site scripting.

IBM Jazz Foundation is vulnerable to cross-site scripting.

IBM Jazz Foundation is vulnerable to cross-site scripting.

IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting.

IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site scripting.

IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting.

IBM Jazz Foundation is vulnerable to cross-site scripting.

IBM TRIRIGA Application Platform is vulnerable to cross-site scripting.

IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting.

IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting.

IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting.

IBM Jazz Reporting Service (JRS) is vulnerable to HTML injection.

IBM iNotes is vulnerable to cross-site scripting.

IBM Campaign is vulnerable to cross-site scripting, caused by improper validation of user-supplied input.

Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to handling of .nessus files.

A vulnerability in the logging subsystem of the Cisco Firepower Threat Defense (FTD) Firepower Device Manager (FDM) could allow an unauthenticated, remote attacker to add arbitrary entries to the audit log.

A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to inject arbitrary shell commands that are executed by the device.

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 discloses sensitive information to unauthorized users.

IBM InfoSphere Information Server stores sensitive information in URL parameters.

IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests.

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 can be deployed with active debugging code that can disclose sensitive information.

The WebAdmin context for WebSphere Message Broker allows directory listings which could disclose sensitive information to the attacker.

IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser.

IBM AppScan Source could reveal some sensitive information through the browsing of testlinks on the server.

IBM Security Access Manager for Web could allow an unauthenticated user to gain access to sensitive information by entering invalid file names.

The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to obtain the installation path via vectors involving sending mails.

The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret.

The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.

NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey.

NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive.

ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.

NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero.

wp-admin/includes/class-wp-press-this.php in Press This in WordPress before 4.7.2 does not properly restrict visibility of a taxonomy-assignment user interface, which allows remote attackers to bypass intended access restrictions by reading terms.

IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user due to session expiration not being enforced.

An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0.

The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network.

EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by sensitive information disclosure vulnerability as a result of incorrect permissions set on a sensitive system file.

IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily.

IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker to load malicious code.

IBM UrbanCode Deploy could allow an authenticated user to modify Ucd objects due to multiple REST endpoints not properly authorizing users editing UCD objects.

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sensitive information in in log files that could be read by an authenticated user.

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 discloses answers to security questions in a response to authenticated users.

IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disable the application's REST API, which may let the attacker violate security policy.

IBM Jazz technology based products might allow an attacker to view work item titles that they do not have privilege to view.

IBM Kenexa LCMS Premier on Cloud could allow an authenticated user to obtain sensitive user data with a specially crafted HTTP request.

IBM Jazz Reporting Service (JRS) could allow a remote attacker to obtain sensitive information, caused by not restricting JSON serialization.

An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker.

The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.

IBM Security Access Manager for Web allows web pages to be stored locally which can be read by another user on the system.

EMC RSA BSAFE Crypto-J versions prior to 6.2.2 has a PKCS#12 Timing Attack Vulnerability.

IBM Sterling Order Management transmits the session identifier within the URL.

IBM Security Access Manager for Web stores sensitive information in URL parameters.

IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could allow a remote attacker to obtain sensitive information due to a missing HTTP Strict-Transport-Security Header through man in the middle techniques.

Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors.

IBM Kenexa LMS on Cloud allows web pages to be stored locally which can be read by another user on the system.

IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files.

IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user.

The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file.

IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources.

IBM Tivoli Storage Productivity Center could allow an authenticated user with intimate knowledge of the system to edit a limited set of properties on the server.

IBM Security Access Manager for Web is vulnerable to SQL injection.

IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a specially crafted HTTP request.

IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information.