IBM WebSphere MQ 7.0.1 before 7.0.1.13, 7.1 before 7.1.0.6, 7.5 before 7.5.0.5, and 8 before 8.0.0.1 allows remote authenticated users to cause a denial of service (queue-slot exhaustion) by. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.
The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 uses the default security domain when a. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF29, 8.0.0.x before 8.0.0.1 CF15, and 8.5.0. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.
CRLF injection vulnerability in the Universal Access implementation in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix007, and 6.0.5 before 6.0.5.5 iFix003, when. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.
D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service. Rated low severity (CVSS 1.9). No vendor patch available.