Skip to main content
CVE-2016-4463 HIGH POC THREAT Act Now

Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 38.3%.

Denial Of Service Buffer Overflow Apache Xerces C Debian Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
38.3%
Threat
4.2
CVE-2016-0315 HIGH This Week

The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 maintain session ID validity after a logout action,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Jazz Reporting Service
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2016-2889 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016, 6.0 and 6.0.1 before 6.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Jazz Reporting Service
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-0271 HIGH This Week

The agents in IBM UrbanCode Deploy 6.x before 6.0.1.14, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 do not verify a server's identity in a JMS session or an HTTP session, which allows local users. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

IBM Privilege Escalation Urbancode Deploy
NVD
CVSS 3.0
8.2
EPSS
0.0%
CVE-2016-4324 HIGH This Week

Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Debian Linux Libreoffice Ubuntu Linux
NVD
CVSS 3.0
7.8
EPSS
0.7%
CVE-2016-0287 HIGH This Week

IBM i Access 7.1 on Windows allows local users to discover registry passwords via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Microsoft I Access
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-2945 HIGH This Week

The API Discovery implementation in IBM WebSphere Application Server (WAS) 8.5.5.8 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote authenticated users to gain privileges via an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Privilege Escalation Websphere Application Server
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2016-0314 MEDIUM This Month

The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allow remote authenticated users to conduct. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Jazz Reporting Service
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2016-2888 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Jazz Reporting Service
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-0350 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Jazz Reporting Service
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-0313 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Jazz Reporting Service
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-0252 MEDIUM This Month

IBM Control Center 6.x before 6.0.0.1 iFix06 and Sterling Control Center 5.4.x before 5.4.2.1 iFix09 allow local users to decrypt the master key via unspecified vectors. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

IBM Information Disclosure Control Center Sterling Control Center
NVD
CVSS 3.0
5.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy