Skip to main content
CVE-2016-8925 MEDIUM PATCH This Month

IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to include arbitrary files which could allow the attacker to read any file on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Tivoli Application Dependency Discovery Manager
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-4875 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the IVYWE (1) Assist plugin before 1.1.2.test20160906, (2) dataBox plugin before 0.0.0.20160906, and (3) userBox plugin before 0.0.0.20160906. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Assist Plugin Databox Plugin Userbox Plugin
NVD GitHub
CVSS 3.0
6.1
EPSS
0.6%
CVE-2016-4890 MEDIUM This Month

ZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure method for generating cookies, which makes it easier for attackers to obtain sensitive password information by leveraging access to a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zoho Servicedesk Plus
NVD
CVSS 3.0
5.3
EPSS
3.0%
CVE-2016-4888 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zoho Servicedesk Plus
NVD
CVSS 3.0
5.4
EPSS
2.4%
CVE-2016-8927 MEDIUM PATCH This Month

IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Tivoli Application Dependency Discovery Manager
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-7060 MEDIUM This Month

The web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Quickstart Cloud Installer
NVD
CVSS 3.0
4.6
EPSS
0.1%
CVE-2017-7217 MEDIUM This Month

The Management Web Interface in Palo Alto Networks PAN-OS before 7.0.14 and 7.1.x before 7.1.9 allows remote attackers to write to export files via unspecified parameters. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-8926 MEDIUM PATCH This Month

IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to read system files or data that is restricted to authorized users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Tivoli Application Dependency Discovery Manager
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2017-1152 MEDIUM PATCH This Month

IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Session Fixation IBM Information Disclosure Financial Transaction Manager
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2016-4455 LOW PATCH Monitor

The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Privilege Escalation Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server Enterprise Linux Workstation +1
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy