CVE-2016-0233
SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Source: CVE-2016-0233
[월:] 2016년 06월
CVE-2016-0229 (marketing_platform)
CVE-2016-0229 (marketing_platform)
Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 8.6.x and 9.x before 9.1.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2016-0229
CVE-2016-0229
Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 8.6.x and 9.x before 9.1.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Source: CVE-2016-0229
CVE-2016-0224 (marketing_platform)
CVE-2016-0224 (marketing_platform)
SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2016-0224
CVE-2016-0224
SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Source: CVE-2016-0224
CVE-2016-5829 (linux_kernel)
CVE-2016-5829 (linux_kernel)
Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call.
Source: CVE-2016-5829 (linux_kernel)
CVE-2016-5828 (linux_kernel)
CVE-2016-5828 (linux_kernel)
The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call.
Source: CVE-2016-5828 (linux_kernel)
CVE-2016-5728 (linux_kernel)
CVE-2016-5728 (linux_kernel)
Race condition in the vop_ioctl function in drivers/misc/mic/vop/vop_vringh.c in the MIC VOP driver in the Linux kernel before 4.6.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (memory corruption and system crash) by changing a certain header, aka a "double fetch" vulnerability.
Source: CVE-2016-5728 (linux_kernel)
CVE-2016-5244 (linux_kernel)
CVE-2016-5244 (linux_kernel)
The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.
Source: CVE-2016-5244 (linux_kernel)
CVE-2016-5243 (linux_kernel)
CVE-2016-5243 (linux_kernel)
The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel through 4.6.3 does not properly copy a certain string, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.
Source: CVE-2016-5243 (linux_kernel)