NetApp OnCommand System Manager 8.3.x before 8.3.2 allows remote authenticated users to execute arbitrary code via unspecified vectors. Date published : 2017-02-07 https://kb.netapp.com/support/index?page=content&id=9010070 https://security.netapp.com/advisory/ntap-20160310-0003/
Integer overflow in the _authenticate function in svc_auth.c in Wind River VxWorks 5.5 through 6.9.4.1, when the Remote Procedure Call (RPC) protocol is enabled, allows remote attackers to cause a denial of service (crash)...
bsnmpd, as used in FreeBSD 9.3, 10.1, and 10.2, uses world-readable permissions on the snmpd.config file, which allows local users to obtain the secret key for USM authentication by reading the file. Date published...
Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching. Date published : 2017-02-07 http://www.securityfocus.com/bid/94553 https://docs.saltstack.com/en/2015.8/ref/configuration/master.html#rotate-aes-key
Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action, (2) title parameter in a show...
The construct function in puff.cpp in Libtorrent 1.1.0 allows remote torrent trackers to cause a denial of service (segmentation fault and crash) via a crafted GZIP response. Date published : 2017-02-07 http://www.securityfocus.com/bid/92891 https://github.com/arvidn/libtorrent/issues/1021
NetApp OnCommand Unified Manager for Clustered Data ONTAP 6.3 through 6.4P1 contain a default privileged account, which allows remote attackers to execute arbitrary code via unspecified vectors. Date published : 2017-02-07 https://kb.netapp.com/support/s/article/NTAP-20161017-0002
NetApp Data ONTAP before 8.2.4P5, when operating in 7-Mode, allows remote attackers to obtain information about the volumes configured for HTTP access. Date published : 2017-02-07 https://kb.netapp.com/support/s/article/NTAP-20160929-0001
ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object. Date published : 2017-02-07 https://discuss.gradle.org/t/a-security-issue-about-gradle-rce/17726 https://philwantsfish.github.io/security/java-deserialization-github
Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header. Date published : 2017-02-07 https://bugs.launchpad.net/php-gettext/+bug/1606184 https://github.com/NagVis/nagvis/commit/4fe8672a5aec3467da72b5852ca6d283c15adb53
The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types. Date published : 2017-02-07...
IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute arbitrary code...
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system. Date published : 2017-02-07 http://www.securityfocus.com/bid/95977 http://www.ibm.com/support/docview.wss?uid=swg21997986
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading...