Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 33.2%.
The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.
The OSLC interface in the Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to conduct phishing attacks via a FRAME element. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.