Skip to main content
CVE-2016-1283 CRITICAL POC Act Now

The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Pcre PHP Fedora +1
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2015-8508 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in showdependencygraph.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2, when a local dot. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

XSS Bugzilla
NVD
CVSS 3.0
4.7
EPSS
0.4%
CVE-2015-5003 HIGH This Week

The portal in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 before FP7 allows remote authenticated users to execute arbitrary commands by leveraging Take Action view. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Command Injection Tivoli Monitoring
NVD
CVSS 3.0
8.5
EPSS
1.3%
CVE-2015-5038 HIGH This Week

IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 does not properly detect recursion during XML entity expansion, which allows remote attackers to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Denial Of Service Connections
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2015-8509 LOW POC Monitor

Template.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2 does not properly construct CSV files, which allows remote attackers to obtain. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bugzilla
NVD
CVSS 3.0
3.5
EPSS
0.3%
CVE-2015-1985 MEDIUM This Month

The queue manager on IBM MQ M2000 appliances before 8.0.0.4 allows local users to bypass an intended password requirement and read private keys by leveraging the existence of a stash file. Rated medium severity (CVSS 5.6). No vendor patch available.

IBM Authentication Bypass Mq Appliance M2000
NVD
CVSS 3.0
5.6
EPSS
0.0%
CVE-2015-5036 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to inject arbitrary web script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Connections
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-5035 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to inject arbitrary web script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Connections
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-5023 MEDIUM This Month

SQL injection vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SQLi Curam Social Program Management
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2015-5017 MEDIUM This Month

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Change And Configuration Management Database Maximo Asset Management Maximo Asset Management Essentials +10
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2015-5037 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to hijack the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS CSRF Connections
NVD
CVSS 3.0
5.4
EPSS
0.0%
CVE-2015-2007 MEDIUM This Month

Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.5 Patch 6 allows remote authenticated users to read arbitrary files via a crafted URL. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal IBM Qradar Security Information And Event Manager
NVD
CVSS 3.0
5.0
EPSS
0.2%
CVE-2015-1971 MEDIUM This Month

Unspecified vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF8 and 5.x before 5.0.2 IF10; Rational Quality. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Denial Of Service Rational Quality Manager Rational Engineering Lifecycle Manager Rational Team Concert +5
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2015-5051 MEDIUM This Month

IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Maximo Asset Management Maximo Asset Management Essentials Maximo For Government +6
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2015-4962 LOW Monitor

Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM). Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Rational Rhapsody Design Manager Rational Quality Manager Rational Requirements Composer +5
NVD
CVSS 3.0
3.5
EPSS
0.1%
CVE-2015-4946 LOW Monitor

Rational LifeCycle Project Administration in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1;. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Privilege Escalation Rational Quality Manager Rational Requirements Composer Rational Engineering Lifecycle Manager +5
NVD
CVSS 3.0
3.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy