CVE-2016-6495
NetApp Data ONTAP before 8.2.4P5, when operating in 7-Mode, allows remote attackers to obtain information about the volumes configured for HTTP access.
Source: CVE-2016-6495
[월:] 2017년 02월
CVE-2015-8544
CVE-2015-8544
NetApp SnapDrive for Windows before 7.0.2P4, 7.0.3, and 7.1 before 7.1.3P1 allows remote attackers to obtain sensitive information via unspecified vectors.
Source: CVE-2015-8544
CVE-2015-7599
CVE-2015-7599
Integer overflow in the _authenticate function in svc_auth.c in Wind River VxWorks 5.5 through 6.9.4.1, when the Remote Procedure Call (RPC) protocol is enabled, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a username and password.
Source: CVE-2015-7599
CVE-2016-2403
CVE-2016-2403
Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind.
Source: CVE-2016-2403
CVE-2016-3124
CVE-2016-3124
The sanitycheck module in SimpleSAMLphp before 1.14.1 allows remote attackers to learn the PHP version on the system via unspecified vectors.
Source: CVE-2016-3124
CVE-2015-8322
CVE-2015-8322
NetApp OnCommand System Manager 8.3.x before 8.3.2 allows remote authenticated users to execute arbitrary code via unspecified vectors.
Source: CVE-2015-8322
CVE-2016-5711
CVE-2016-5711
NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a non-unique certificate, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.
Source: CVE-2016-5711
CVE-2016-9639
CVE-2016-9639
Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.
Source: CVE-2016-9639
CVE-2016-3180
CVE-2016-3180
Tor Browser Launcher (aka torbrowser-launcher) before 0.2.4, during the initial run, allows man-in-the-middle attackers to bypass the PGP signature verification and execute arbitrary code via a Trojan horse tar file and a signature file with the valid tarball and signature.
Source: CVE-2016-3180
CVE-2016-6092
CVE-2016-6092
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user.
Source: CVE-2016-6092