The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remote attackers to bypass intrusion-prevention functionality via a crafted HTTP request. Date published : 2017-03-20 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777523 https://redmine.openinfosecfoundation.org/issues/1364
hosttracker in OpenDaylight l2switch allows remote attackers to change the host location information by spoofing the MAC address, aka "topology spoofing." Date published : 2017-03-20 http://www.securityfocus.com/bid/73251 https://wiki.opendaylight.org/view/Security_Advisories#.5BModerate.5D_CVE-2015-1610_l2switch:_topology_spoofing_via_hosttracker
An unspecified vulnerability in IBM Rhapsody DM 4.0, 5.0, and 6.0 could allow an attacker to perform a JSON Hijacking Attack. A JSON Hijacking Attack may expose to an attacker information passed between the...
IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim’s Web browser within the security...
IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...
The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and...
IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an authenticated user to upload infected malicious files to the server. IBM Reference #: 1999960. Date published : 2017-03-20 http://www.securityfocus.com/bid/96826...
The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited,...
The Qualcomm SPCom driver in Android before 7.0 allows local users to execute arbitrary code within the context of the kernel via a crafted application, aka Android internal bug 34386529 and Qualcomm internal bug...
XML entity injection in Junos Space before 15.2R2 allows attackers to cause a denial of service. Date published : 2017-03-20 http://www.securityfocus.com/bid/93540 https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10760
Cross-site scripting (XSS) vulnerability in Junos Space before 15.2R2 allows remote attackers to steal sensitive information or perform certain administrative actions. Date published : 2017-03-20 http://www.securityfocus.com/bid/93540 https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10760
Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code as a root user. Date published : 2017-03-20 http://www.securityfocus.com/bid/93540 https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10760
Cross site request forgery vulnerability in Junos Space before 15.2R2 allows remote attackers to perform certain administrative actions on Junos Space. Date published : 2017-03-20 http://www.securityfocus.com/bid/93540 https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10760
Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle (MITM) type of attacks while a Space device is communicating with managed devices. Date published : 2017-03-20 http://www.securityfocus.com/bid/93540 https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10760