CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2016-8928 IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the ... | N/A | NONE | — | 0 |
| CVE-2016-8929 IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the ... | N/A | NONE | — | 0 |
| CVE-2016-8930 IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the ... | N/A | NONE | — | 0 |
| CVE-2016-8931 IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | N/A | NONE | — | 0 |
| CVE-2016-8932 IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | N/A | NONE | — | 0 |
| CVE-2016-8933 IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrar... | N/A | NONE | — | 0 |
| CVE-2016-8938 IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host cus... | N/A | NONE | — | 0 |
| CVE-2016-6236 The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg file. | N/A | NONE | — | 0 |
| CVE-2016-8963 IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user. | N/A | NONE | — | 0 |
| CVE-2016-8977 IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. This information could be used to mount further attacks against the system. | N/A | NONE | — | 0 |
| CVE-2016-8982 IBM InfoSphere Information Server stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer head... | N/A | NONE | — | 0 |
| CVE-2016-8999 IBM InfoSphere Information Server contains a Path-relative stylesheet import vulnerability that allows attackers to render a page in quirks mode thereby facilitating an attacker to inject malicious CS... | N/A | NONE | — | 0 |
| CVE-2016-6237 The build_huffcodes function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds write) via a crafted jpeg file. | N/A | NONE | — | 0 |
| CVE-2016-9000 IBM InfoSphere DataStage is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to navi... | N/A | NONE | — | 0 |
| CVE-2016-9008 IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent. | N/A | NONE | — | 0 |
| CVE-2016-9703 IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information. | N/A | NONE | — | 0 |
| CVE-2016-9704 IBM Security Identity Manager Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended funct... | N/A | NONE | — | 0 |
| CVE-2016-9739 IBM Security Identity Manager Virtual Appliance stores user credentials in plain in clear text which can be read by a local user. | N/A | NONE | — | 0 |
| CVE-2025-23920 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sourcing Team ApplicantPro applicantpro allows Reflected XSS.This issue affects ApplicantPro: from... | N/A | NONE | — | 0 |
| CVE-2017-5218 A SQL Injection issue was discovered in SageCRM 7.x before 7.3 SP3. The AP_DocumentUI.asp web resource includes Utilityfuncs.js when the file is opened or viewed. This file crafts a SQL statement to i... | N/A | NONE | — | 0 |
| CVE-2017-5219 An issue was discovered in SageCRM 7.x before 7.3 SP3. The Component Manager functionality, provided by SageCRM, permits additional components to be added to the application to enhance provided functi... | N/A | NONE | — | 0 |
| CVE-2016-1566 Cross-site scripting (XSS) vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users, allows remote authenticated users to in... | N/A | NONE | — | 0 |
| CVE-2017-5600 The Data Warehouse component in NetApp OnCommand Insight before 7.2.3 allows remote attackers to obtain administrative access by leveraging a default privileged account. | N/A | NONE | — | 0 |
| CVE-2016-6234 The process_file function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (crash) via a crafted jpeg file. | N/A | NONE | — | 0 |
| CVE-2016-6235 The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (segmentation fault) via a crafted jpeg file. | N/A | NONE | — | 0 |
| CVE-2025-23923 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wackey Lockets lockets allows Reflected XSS.This issue affects Lockets: from n/a through <= 0.999. | N/A | NONE | — | 0 |
| CVE-2016-5935 IBM Jazz for Service Management could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerabil... | N/A | NONE | — | 0 |
| CVE-2016-6095 IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | N/A | NONE | — | 0 |
| CVE-2016-6099 IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. | N/A | NONE | — | 0 |
| CVE-2016-6103 IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the we... | N/A | NONE | — | 0 |
| CVE-2016-6116 IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could e... | N/A | NONE | — | 0 |
| CVE-2017-1093 IBM AIX 6.1, 7.1, and 7.2 could allow a local user to exploit a vulnerability in the bellmail binary to gain root privileges. | N/A | NONE | — | 0 |
| CVE-2016-0890 EMC PowerPath Virtual (Management) Appliance 2.0, EMC PowerPath Virtual (Management) Appliance 2.0 SP1 is affected by a sensitive information disclosure vulnerability that may potentially be exploited... | N/A | NONE | — | 0 |
| CVE-2016-0919 EMC RSA Web Threat Detection version 5.0, RSA Web Threat Detection version 5.1, RSA Web Threat Detection version 5.1.2 has a cross site scripting vulnerability that could potentially be exploited by m... | 6.1 | MEDIUM | — | 0 |
| CVE-2016-6648 EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by sensitive information disclosure vulnerability as a result of incorrect permissio... | N/A | NONE | — | 0 |
| CVE-2016-6649 EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by multiple command injection vulnerabilities where a malicious administrator with c... | N/A | NONE | — | 0 |
| CVE-2016-8211 EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a pat... | 7.5 | HIGH | — | 0 |
| CVE-2016-8212 An issue was discovered in EMC RSA BSAFE Crypto-J versions prior to 6.2.2. There is an Improper OCSP Validation Vulnerability. OCSP responses have two time values: thisUpdate and nextUpdate. These spe... | 7.5 | HIGH | — | 0 |
| CVE-2016-8216 EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS (DD OS) 5.5 family all versions prior to 5.5.5.0, EMC Data Domain OS (DD OS) 5.6 family all versions prior to 5.6.2.0, EMC Data Domain O... | 6.7 | MEDIUM | — | 0 |
| CVE-2016-8217 EMC RSA BSAFE Crypto-J versions prior to 6.2.2 has a PKCS#12 Timing Attack Vulnerability. A possible timing attack could be carried out by modifying a PKCS#12 file that has an integrity MAC for which ... | 3.7 | LOW | — | 0 |
| CVE-2017-3810 A vulnerability in the web framework of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a web URL redirect attack against a user who is logged in to an affected sy... | N/A | NONE | — | 0 |
| CVE-2016-9871 EMC Isilon OneFS 7.2.1.0 - 7.2.1.3, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, EMC Isilon OneFS 7.1.0.x is affected by a privilege escalation vulnerability that could potentially b... | N/A | NONE | — | 0 |
| CVE-2016-9872 EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has Reflected Cross-Site Scripting Vulnerabilities that could potentially be exploited by malicious users to compromise the affected sys... | N/A | NONE | — | 0 |
| CVE-2016-9873 EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a DQL Injection Vulnerability that could potentially be exploited by malicious users to compromise the affected system. An authentic... | N/A | NONE | — | 0 |
| CVE-2017-2766 EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified pass... | N/A | NONE | — | 0 |
| CVE-2017-3812 A vulnerability in the implementation of Common Industrial Protocol (CIP) functionality in Cisco Industrial Ethernet 2000 Series Switches could allow an unauthenticated, remote attacker to cause a den... | N/A | NONE | — | 0 |
| CVE-2017-2767 EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contain... | N/A | NONE | — | 0 |
| CVE-2017-2768 EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contain... | N/A | NONE | — | 0 |
| CVE-2017-3806 A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to inject... | N/A | NONE | — | 0 |
| CVE-2017-3809 A vulnerability in the Policy deployment module of the Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to prevent deployment of a complete and accurate rule bas... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.