CVSS: 5.5EPSS: 0%CPEs: 21EXPL: 0CVE-2016-0371
https://notcve.org/view.php?id=CVE-2016-0371
01 Feb 2017 — The Tivoli Storage Manager (TSM) password may be displayed in plain text via application trace output while application tracing is enabled. La contraseña de Tivoli Storage Manager (TSM) puede ser mostrada en texto plano a través de la salida de rastreo de la aplicación mientras el rastreo de aplicaciones está habilitado. • http://www-01.ibm.com/support/docview.wss?uid=swg21985114 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2016-8967
https://notcve.org/view.php?id=CVE-2016-8967
01 Feb 2017 — IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user. IBM BigFix Inventory v9 9.2 almacena las credenciales de usuario en un texto claro que puede ser leído por un usuario local. • http://www.ibm.com/support/docview.wss?uid=swg21995019 • CWE-255: Credentials Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2016-8961
https://notcve.org/view.php?id=CVE-2016-8961
01 Feb 2017 — IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM BigFix Inventory v9 podría permitir a un atacante remoto reali... • http://www.ibm.com/support/docview.wss?uid=swg21995037 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.9EPSS: 0%CPEs: 7EXPL: 0CVE-2016-8966
https://notcve.org/view.php?id=CVE-2016-8966
01 Feb 2017 — IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM BigFix Inventory v9 podría permitir a un atacante remoto obtener información sensible, causado por el error para habilitar correctamente HTTP Strict Transport Security. Un atacante podría explotar esta vulnerabilidad para obtener infor... • http://www.ibm.com/support/docview.wss?uid=swg21995023 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: 7EXPL: 0CVE-2016-8980
https://notcve.org/view.php?id=CVE-2016-8980
01 Feb 2017 — IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM BigFix Inventory v9 es vulnerable a una denegación de servicio, provocada por un error XML Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información altamente sensi... • http://www.ibm.com/support/docview.wss?uid=swg21995013 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2016-8981
https://notcve.org/view.php?id=CVE-2016-8981
01 Feb 2017 — IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system. IBM BigFix Inventory v9 permite que las páginas web se almacenen localmente de forma que puedan ser leídas por otro usuario en el sistema. • http://www.ibm.com/support/docview.wss?uid=swg21994932 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 1CVE-2016-9795 – CA Common Services casrvc Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-9795
27 Jan 2017 — The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validatio... • https://github.com/blogresponder/CA-Common-Services-privilege-escalation-cve-2016-9795-revisited • CWE-20: Improper Input Validation •
CVSS: 7.3EPSS: 0%CPEs: 246EXPL: 0CVE-2016-5995
https://notcve.org/view.php?id=CVE-2016-5995
01 Oct 2016 — Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program. Vulnerabilidad de ruta de búsqueda no confiable en IBM DB2 9.7 hasta la versión FP11, 10.1 hasta la versión FP5, 10.5 en versiones anteriores a FP8 y 11.1 GA en Linux, AIX y HP-UX permite a usuarios locales obtener privilegios a través de una librería troyanizad... • http://www-01.ibm.com/support/docview.wss?uid=swg1IT16921 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 90%CPEs: 49EXPL: 4CVE-2016-2776 – ISC BIND 9 - Denial of Service
https://notcve.org/view.php?id=CVE-2016-2776
28 Sep 2016 — buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query. buffer.c en named en ISC BIND 9 en versiones anteriores a 9.9.9-P3, 9.10.x en versiones anteriores a 9.10.4-P3 y 9.11.x en versiones anteriores a 9.11.0rc3 no construye respuestas adecuadamente, lo que permite a atacantes remotos provocar una denegación d... • https://packetstorm.news/files/id/180551 • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVSS: 5.9EPSS: 29%CPEs: 42EXPL: 0CVE-2016-2775 – bind: Too long query name causes segmentation fault in lwresd
https://notcve.org/view.php?id=CVE-2016-2775
19 Jul 2016 — ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. ISC BIND 9.x en versiones anteriores a 9.9.9-P2, 9.10.x en versiones anteriores a 9.10.4-P2 y 9.11.x en versiones anteriores a 9.11.0b2, cuando lwresd o la opción nombrada lwres está habilitada, permite a atacantes remotos provocar una denegación ... • http://www.securityfocus.com/bid/92037 • CWE-20: Improper Input Validation •