IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates an error message that includes sensitive information about its environment, users, or associated data. Date published : 2017-02-07 http://www.securityfocus.com/bid/95984 http://www.ibm.com/support/docview.wss?uid=swg21997987
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user. Date published : 2017-02-07 http://www.ibm.com/support/docview.wss?uid=swg21997953
NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a non-unique certificate, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors. Date published : 2017-02-07 https://kb.netapp.com/support/s/article/NTAP-20161108-0001
Cross-site request forgery (CSRF) vulnerability in NetApp Snap Creator Framework before 4.3.0P1 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. Date published : 2017-02-07...
NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to obtain SMB share information via unspecified vectors. Date published : 2017-02-07 https://kb.netapp.com/support/s/article/NTAP-20161028-0001
Tor Browser Launcher (aka torbrowser-launcher) before 0.2.4, during the initial run, allows man-in-the-middle attackers to bypass the PGP signature verification and execute arbitrary code via a Trojan horse tar file and a signature file...
The sanitycheck module in SimpleSAMLphp before 1.14.1 allows remote attackers to learn the PHP version on the system via unspecified vectors. Date published : 2017-02-07 http://www.securityfocus.com/bid/96134 https://simplesamlphp.org/security/201603-01
Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified vectors. Date published : 2017-02-07 https://kb.netapp.com/support/s/article/cve-2016-3063-zapi-injection-vulnerability-in-oncommand-system-manager https://security.netapp.com/advisory/ntap-20160310-0004/
IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. By persuading a victim to open specially-crafted content, an attacker...
chroot in GNU coreutils, when used with –userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal’s input buffer. Date published :...
runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal’s input buffer. Date published : 2017-02-07 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922 http://www.openwall.com/lists/oss-security/2016/02/27/1
Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files and execute arbitrary PHP code via vectors involving...
Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. Date published : 2017-02-07 http://www.securityfocus.com/bid/96137 http://symfony.com/blog/cve-2016-2403-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password
NetApp OnCommand Workflow Automation before 3.1P2 allows remote attackers to bypass authentication via unspecified vectors. Date published : 2017-02-07 https://kb.netapp.com/support/s/article/cve-2016-1894-authentication-bypass-vulnerability-in-oncommand-workflow-automation https://security.netapp.com/advisory/ntap-20160310-0001/