Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1178 | 1 Ibm | 1 Bigfix Security Compliance Analytics | 2017-06-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Endpoint Manager for Security and Compliance 1.9.70 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123430. | |||||
| CVE-2017-7313 | 1 Personify | 1 Personify360 E-business | 2017-06-14 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, it is possible to read any customer name, master Customer Id, and email address. In other words, anyone can search for users/customers in the system - no authentication is required. | |||||
| CVE-2017-7314 | 1 Personify | 1 Personify360 E-business | 2017-06-14 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, while creating a new role, a list of database tables and their columns is available. | |||||
| CVE-2015-7514 | 1 Openstack | 1 Ironic | 2017-06-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| OpenStack Ironic 4.2.0 through 4.2.1 does not "clean" the disk after use, which allows remote authenticated users to obtain sensitive information. | |||||
| CVE-2015-8326 | 1 Iptables-parse Project | 1 Iptables-parse Module | 2017-06-14 | 3.6 LOW | 5.5 MEDIUM |
| The IPTables-Parse module before 1.6 for Perl allows local users to write to arbitrary files owned by the current user. | |||||
| CVE-2015-7888 | 1 Samsung | 2 Galaxy S6 Edge, Galaxy S6 Edge Firmware | 2017-06-14 | 7.8 HIGH | 7.5 HIGH |
| Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via a .. (dot dot) in the name of a file, compressed into a zipped file named cred.zip, and downloaded to /sdcard/Download. | |||||
| CVE-2016-9834 | 1 Sophos | 2 Cyberoam, Cyberoam Firmware | 2017-06-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Sophos Cyberoam firewall devices with firmware through 10.6.4. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of a request to the "LiveConnectionDetail.jsp" application. GET parameters "applicationname" and "username" are improperly sanitized allowing an attacker to inject arbitrary JavaScript into the page. This can be abused by an attacker to perform a cross-site scripting attack on the user. A vulnerable URI is /corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp. | |||||
| CVE-2016-0254 | 1 Ibm | 1 Cognos Business Intelligence | 2017-06-14 | 6.8 MEDIUM | 6.5 MEDIUM |
| IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote authenticated attacker could exploit this vulnerability to consume all available CPU resources and cause a denial of service. IBM X-Force ID: 110563. | |||||
| CVE-2016-9698 | 1 Ibm | 1 Rational Rhapsody Design Manager | 2017-06-14 | 7.5 HIGH | 8.1 HIGH |
| IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1999960. | |||||
| CVE-2016-9991 | 1 Ibm | 1 Sterling Selling And Fulfillment Foundation | 2017-06-14 | 6.0 MEDIUM | 8.0 HIGH |
| IBM Sterling Order Management 9.2 through 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 121314. | |||||
| CVE-2014-8180 | 2 Mongodb, Redhat | 2 Mongodb, Satellite | 2017-06-14 | 2.1 LOW | 5.5 MEDIUM |
| MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service. | |||||
| CVE-2016-6093 | 1 Ibm | 2 Security Key Lifecycle Manager, Tivoli Key Lifecycle Manager | 2017-06-13 | 5.0 MEDIUM | 9.8 CRITICAL |
| IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | |||||
| CVE-2016-6098 | 1 Ibm | 2 Security Key Lifecycle Manager, Tivoli Key Lifecycle Manager | 2017-06-13 | 5.5 MEDIUM | 8.1 HIGH |
| IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. | |||||
| CVE-2017-8920 | 1 Cgiirc | 1 Cgi\ | 2017-06-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| irc.cgi in CGI:IRC before 0.5.12 reflects user-supplied input from the R parameter without proper output encoding, aka XSS. | |||||
| CVE-2016-0768 | 1 Postgresql | 1 Postgresql | 2017-06-13 | 5.0 MEDIUM | 7.5 HIGH |
| PostgreSQL PL/Java after 9.0 does not honor access controls on large objects. | |||||
| CVE-2017-9451 | 1 Flatcore | 1 Flatcore | 2017-06-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross site scripting (XSS) vulnerability in pages.edit_form.php in flatCore 1.4.6 allows remote attackers to inject arbitrary JavaScript via the PATH_INFO in an acp.php URL, due to use of unsanitized $_SERVER['PHP_SELF'] to generate URLs. | |||||
| CVE-2017-9436 | 1 Teampass | 1 Teampass | 2017-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.queries.php. | |||||
| CVE-2016-9736 | 1 Ibm | 1 Websphere Application Server | 2017-06-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM WebSphere Application Server using malformed SOAP requests could allow a remote attacker to obtain sensitive information. | |||||
| CVE-2017-1140 | 1 Ibm | 1 Business Process Manager | 2017-06-13 | 3.5 LOW | 5.4 MEDIUM |
| IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2016-5959 | 1 Ibm | 1 Security Privileged Identity Manager | 2017-06-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 116136. | |||||