Skip to main content
CVE-2016-9564 HIGH POC This Week

Buffer overflow in send_redirect() in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only '/' and '.' characters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Boa
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2016-2944 CRITICAL Act Now

IBM BigFix Remote Control before 9.1.3 does not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Bigfix Remote Control
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2016-2873 HIGH PATCH This Week

SQL injection vulnerability in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM SQLi Qradar Security Information And Event Manager
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2016-2917 HIGH This Week

The notifications component in IBM TRIRIGA Applications 10.4 and 10.5 before 10.5.1 allows remote authenticated users to obtain sensitive password information, and consequently gain privileges, via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Tririga Application Platform
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2016-2963 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS CSRF Bigfix Remote Control
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-2887 HIGH PATCH This Week

IBM IMS Enterprise Suite Data Provider before 3.2.0.1 for Microsoft .NET allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Microsoft Ims Enterprise Suite
NVD
CVSS 3.0
8.1
EPSS
0.2%
CVE-2016-2884 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3.1, in an unspecified non-default configuration, allows remote authenticated users to. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS CSRF Forms Experience Builder
NVD
CVSS 3.0
8.0
EPSS
0.1%
CVE-2016-2878 HIGH This Week

Multiple cross-site request forgery (CSRF) vulnerabilities in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allow remote attackers to hijack the authentication of arbitrary users for. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS CSRF Qradar Security Information And Event Manager
NVD
CVSS 3.0
8.0
EPSS
0.1%
CVE-2016-2871 HIGH PATCH This Week

IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information by reading a configuration file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Authentication Bypass Qradar Security Information And Event Manager
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-2948 HIGH This Week

IBM BigFix Remote Control before 9.1.3 allows local users to discover hardcoded credentials via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Authentication Bypass Bigfix Remote Control
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-2876 HIGH PATCH This Week

IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 executes unspecified processes at an incorrect privilege level, which makes it easier for remote authenticated users to obtain root access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

IBM Command Injection Qradar Security Information And Event Manager
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2016-2936 HIGH This Week

IBM BigFix Remote Control before 9.1.3 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information via unknown vectors. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Bigfix Remote Control
NVD
CVSS 3.0
7.3
EPSS
0.2%
CVE-2016-2933 MEDIUM This Month

Directory traversal vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated administrators to read arbitrary files via a crafted request. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal IBM Bigfix Remote Control
NVD
CVSS 3.0
6.8
EPSS
0.6%
CVE-2016-2937 MEDIUM This Month

IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive information or spoof e-mail transmission via a crafted POST request, related to an "untrusted information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Bigfix Remote Control
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-2950 MEDIUM This Month

SQL injection vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SQLi Bigfix Remote Control
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-2881 MEDIUM PATCH This Month

IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 and QRadar Incident Forensics 7.2 before 7.2.7 allow remote attackers to bypass intended access restrictions via modified request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Authentication Bypass Qradar Security Information And Event Manager
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2016-3057 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM XSS Sterling B2b Integrator
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-2934 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Bigfix Remote Control
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-3014 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Quality Manager 4.0 before 4.0.7 iFix11 and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Rational Engineering Lifecycle Manager Rational Rhapsody Design Manager Rational Quality Manager +4
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2016-2869 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the UI in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allow remote authenticated users to inject arbitrary web script or HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Qradar Security Information And Event Manager
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-2935 MEDIUM PATCH This Month

The broker application in IBM BigFix Remote Control before 9.1.3 allows remote attackers to cause a denial of service via an invalid HTTP request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Denial Of Service Bigfix Remote Control
NVD
CVSS 3.0
5.3
EPSS
0.7%
CVE-2016-5905 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.10 IF3 and 7.6 before 7.6.0.5 IF2 allows remote authenticated users to inject arbitrary web script or HTML via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Maximo Asset Management
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-5987 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.10 IF4, and 7.6 before 7.6.0.5 IF3 allows remote attackers to obtain sensitive information via a crafted HTTP request that triggers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Maximo Asset Management
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2016-2932 MEDIUM This Month

IBM BigFix Remote Control before 9.1.3 allows remote attackers to conduct XML injection attacks via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Code Injection Bigfix Remote Control
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2016-2940 MEDIUM This Month

Multiple unspecified vulnerabilities in IBM BigFix Remote Control before 9.1.3 allow remote attackers to obtain sensitive information via unknown vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Bigfix Remote Control
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2016-2931 MEDIUM This Month

IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive cleartext information by sniffing the network. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Bigfix Remote Control
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-5890 MEDIUM PATCH This Month

IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote authenticated users to change arbitrary passwords via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

IBM Authentication Bypass Sterling B2b Integrator
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-3004 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity.

IBM CSRF Connections
NVD
CVSS 3.0
4.6
EPSS
0.1%
CVE-2016-8222 MEDIUM PATCH This Month

A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Microsoft Denial Of Service Authentication Bypass Thinkpad 10 Ella 2 Bios Thinkpad 11E Beema Bios +72
NVD
CVSS 3.0
4.4
EPSS
0.0%
CVE-2016-2958 MEDIUM PATCH This Month

IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by reading an "archaic" e-mail address in a response. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Connections
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-2957 MEDIUM PATCH This Month

IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by reading a stack trace in a response. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Connections
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-2952 LOW Monitor

IBM BigFix Remote Control before 9.1.3 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Bigfix Remote Control
NVD
CVSS 3.0
3.7
EPSS
0.3%
CVE-2016-2953 LOW PATCH Monitor

IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 does not require SSL, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Connections
NVD
CVSS 3.0
3.7
EPSS
0.2%
CVE-2016-2951 LOW Monitor

IBM BigFix Remote Control before 9.1.3 does not properly set the default encryption strength, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Bigfix Remote Control
NVD
CVSS 3.0
3.7
EPSS
0.1%
CVE-2016-3009 LOW Monitor

Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM CSRF Connections
NVD
CVSS 3.0
3.5
EPSS
0.0%
CVE-2016-2949 LOW Monitor

IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by reading cached web pages from a different user's session. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Bigfix Remote Control
NVD
CVSS 3.0
3.3
EPSS
0.0%
CVE-2016-2877 LOW PATCH Monitor

IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses weak permissions for unspecified directories under the web root, which allows local users to modify data by writing to a file. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 3.0
3.3
EPSS
0.0%
CVE-2016-2874 LOW PATCH Monitor

IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 mishandles authorization, which allows remote authenticated users to obtain sensitive information via unspecified vectors. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

IBM Authentication Bypass Qradar Security Information And Event Manager
NVD
CVSS 3.0
3.1
EPSS
0.1%
CVE-2016-3002 LOW Monitor

IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows physically proximate attackers to obtain sensitive information by reading cached data on a client device. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Connections
NVD
CVSS 3.0
2.1
EPSS
0.1%
CVE-2016-2943 LOW Monitor

IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by leveraging unspecified privileges to read a log file. Rated low severity (CVSS 1.9). No vendor patch available.

IBM Information Disclosure Bigfix Remote Control
NVD
CVSS 3.0
1.9
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy