Skip to main content
CVE-2016-9752 HIGH PATCH This Week

In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Serendipity
NVD GitHub
CVSS 3.0
8.6
EPSS
0.2%
CVE-2016-3055 HIGH PATCH This Week

IBM FileNet Workplace 4.0.2 before 4.0.2.14 LA012 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM Denial Of Service XXE Filenet Workplace
NVD
CVSS 3.0
8.1
EPSS
0.5%
CVE-2016-3033 HIGH This Week

IBM AppScan Source 8.7 through 9.0.3.3 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service XXE Appscan Source
NVD
CVSS 3.0
8.1
EPSS
0.5%
CVE-2016-2946 HIGH PATCH This Week

Stack-based buffer overflow in the ax Shared Libraries in the Agent in IBM Tivoli Monitoring (ITM) 6.2.2 before FP9, 6.2.3 before FP5, and 6.3.0 before FP2 on Linux and UNIX allows local users to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Buffer Overflow Tivoli Monitoring
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-3012 HIGH This Week

IBM API Connect (aka APIConnect) before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package, which might allow remote attackers to bypass intended. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Node.js Api Connect Network Path Manager
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-3047 MEDIUM This Month

Open redirect vulnerability in IBM FileNet Workplace 4.0.2 through 4.0.2.14 IF001 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Open Redirect Filenet Workplace
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2016-3044 MEDIUM This Month

The Linux kernel component in IBM PowerKVM 2.1 before 2.1.1.3-65.10 and 3.1 before 3.1.0.2 allows guest OS users to cause a denial of service (host OS infinite loop and hang) via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Denial Of Service Linux Powerkvm
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2016-9751 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the search results front end in Piwigo 2.8.3 allows remote attackers to inject arbitrary web script or HTML via the search parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Piwigo
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-2994 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM UrbanCode Deploy 6.2.x before 6.2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Urbancode Deploy
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-2991 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Protector for Mail Security 2.8.0.0 through 2.8.1.0 before 2.8.1.0-22115 allow remote authenticated users to inject arbitrary web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Lotus Protector For Mail Security
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-2955 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Connections
NVD
CVSS 3.0
5.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy