Buffer overflow in IBM Informix 11.50 through 11.50.xC9W2 and 11.70 before 11.70.xC7 allows remote authenticated users to execute arbitrary code via a crafted SQL statement. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Post Oak AWAM Bluetooth Reader Traffic System does not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof a device by predicting a key. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.
Rockwell Automation Allen-Bradley MicroLogix controller 1100, 1200, 1400, and 1500; SLC 500 controller platform; and PLC-5 controller platform, when Static status is not enabled, allow remote. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.
Cross-site scripting (XSS) vulnerability in the embedded HTTP server in the Service Console in IBM Tivoli Monitoring 6.2.2 before 6.2.2-TIV-ITM-FP0009 and 6.3.2 before 6.2.3-TIV-ITM-FP0001 allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.
IBM Flex System Chassis Management Module (CMM) and Integrated Management Module 2 (IMM2) allow local users to obtain sensitive information about (1) local accounts, (2) SSH private keys, (3) SSL/TLS. Rated low severity (CVSS 1.9). No vendor patch available.