The prefetch implementation in named in ISC BIND 9.10.0, when a recursive nameserver is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.3% and no vendor patch available.
Cross-site request forgery (CSRF) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.
Open redirect vulnerability in WebPlatform / AppFramework 6.0 through 7.2 in NTT DATA INTRAMART intra-mart allows remote attackers to redirect users to arbitrary web sites and conduct phishing. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.
The RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 does not send appropriate Cache-Control HTTP headers,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Cross-site scripting (XSS) vulnerability in IBM iNotes and Domino 8.5.3 FP6 before IF2 and 9.0.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via an e-mail message, aka. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Cross-site scripting (XSS) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.