Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4927 | 1 Ibm | 1 Tivoli Storage Manager | 2016-12-07 | 7.2 HIGH | N/A |
| The Reporting and Monitoring component in Tivoli Monitoring in IBM Tivoli Storage Manager 6.3 before 6.3.6 and 7.1 before 7.1.3 on Linux and AIX uses world-writable permissions for unspecified files, which allows local users to gain privileges by writing to a file. | |||||
| CVE-2015-4928 | 2 Apache, Ibm | 2 Ambari, Infosphere Biginsights | 2016-12-07 | 4.3 MEDIUM | N/A |
| Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, includes cleartext passwords on a Configs screen, which allows physically proximate attackers to obtain sensitive information by reading password fields. | |||||
| CVE-2015-4940 | 2 Apache, Ibm | 2 Ambari, Infosphere Biginsights | 2016-12-07 | 2.1 LOW | N/A |
| Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, stores a cleartext BigSheets password in a configuration file, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2015-4941 | 1 Ibm | 1 Websphere Mq Light | 2016-12-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM WebSphere MQ Light 1.x before 1.0.2 mishandles abbreviated TLS handshakes, which allows remote attackers to cause a denial of service (MQXR service crash) via unspecified vectors. | |||||
| CVE-2015-4942 | 1 Ibm | 1 Websphere Mq Light | 2016-12-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cause a denial of service (MQXR service crash) via a series of connect and disconnect actions, a different vulnerability than CVE-2015-4943. | |||||
| CVE-2015-4943 | 1 Ibm | 1 Websphere Mq Light | 2016-12-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cause a denial of service (MQXR service crash) via a series of connect and disconnect actions, a different vulnerability than CVE-2015-4942. | |||||
| CVE-2015-4951 | 1 Ibm | 1 Tivoli Storage Manager | 2016-12-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| Client Acceptor Daemon (CAD) in the client in IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 and 6.x before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted Web client URL. | |||||
| CVE-2015-4959 | 1 Ibm | 1 Tivoli Federated Identity Manager | 2016-12-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP16 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2015-4963 | 1 Ibm | 1 Security Access Manager For Web | 2016-12-07 | 7.5 HIGH | N/A |
| IBM Security Access Manager for Web 7.x before 7.0.0.16 and 8.x before 8.0.1.3 mishandles WebSEAL HTTPTransformation requests, which allows remote attackers to read or write to arbitrary files via unspecified vectors. | |||||
| CVE-2015-4996 | 1 Ibm | 1 Rational Clearquest | 2016-12-07 | 3.6 LOW | 5.1 MEDIUM |
| IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors. | |||||
| CVE-2015-4997 | 1 Ibm | 1 Websphere Portal | 2016-12-07 | 6.8 MEDIUM | N/A |
| IBM WebSphere Portal 8.5.0 before CF08 allows remote attackers to bypass intended access restrictions via a crafted request. | |||||
| CVE-2015-5004 | 1 Ibm | 1 Websphere Application Server | 2016-12-07 | 4.0 MEDIUM | N/A |
| The Edge Component Caching Proxy in IBM WebSphere Application Server (WAS) 8.0 before 8.0.0.12 and 8.5 before 8.5.5.8 does not properly encrypt data, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-5015 | 1 Ibm | 1 Websphere Commerce Enterprise | 2016-12-07 | 5.0 MEDIUM | N/A |
| IBM WebSphere Commerce Enterprise 7.0.0.9 and 8.x before Feature Pack 8 allows remote attackers to obtain sensitive information via a crafted REST URL. | |||||
| CVE-2015-5018 | 1 Ibm | 3 Security Access Manager 9.0 Firmware, Security Access Manager For Web 7.0 Firmware, Security Access Manager For Web 8.0 Firmware | 2016-12-07 | 8.5 HIGH | 8.0 HIGH |
| IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before 8.0.1.3 IF3, and Security Access Manager 9.0 before 9.0.0.0 IF1, allows remote authenticated users to execute arbitrary OS commands by leveraging Local Management Interface (LMI) access. | |||||
| CVE-2015-5020 | 1 Ibm | 1 Infosphere Biginsights | 2016-12-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Big SQL component in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0 allows remote authenticated users to bypass intended access restrictions and truncate arbitrary tables via unspecified vectors. | |||||
| CVE-2015-5021 | 1 Ibm | 1 Infosphere Information Server | 2016-12-07 | 5.5 MEDIUM | N/A |
| IBM InfoSphere Information Server 11.3 and 11.5 allows remote authenticated DataStage users to bypass intended job-execution restrictions or obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-5061 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2016-12-07 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 and earlier allows remote authenticated users with permissions to add new vendors to inject arbitrary web script or HTML via the organizationName parameter to VendorDef.do. | |||||
| CVE-2015-5078 | 1 Limesurvey | 1 Limesurvey | 2016-12-07 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the insert function in application/controllers/admin/dataentry.php in LimeSurvey 2.06+ allows remote authenticated users to execute arbitrary SQL commands via the closedate parameter. | |||||
| CVE-2015-5080 | 1 Citrix | 2 Netscaler Application Delivery Controller Firmware, Netscaler Gateway Firmware | 2016-12-07 | 9.0 HIGH | N/A |
| The Management Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before 10.1.132.8, 10.5 before Build 56.15, and 10.5.e before Build 56.1505.e allows remote authenticated users to execute arbitrary shell commands via shell metacharacters in the filter parameter to rapi/ipsec_logs. | |||||
| CVE-2015-5149 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2016-12-07 | 5.5 MEDIUM | N/A |
| Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. (dot dot) in the component parameter in the Request component to workorder/Attachment.jsp. | |||||