Skip to main content
CVE-2016-4457 HIGH This Week

CloudForms Management Engine before 5.8 includes a default SSL/TLS certificate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cloudforms Management Engine
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-1319 HIGH PATCH This Week

IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure attribute in encrypted session (SSL) cookie. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Tivoli Federated Identity Manager
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2015-2251 HIGH This Week

The DeviceManager in Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to obtain sensitive information via a crafted UDS patch with JavaScript. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Oceanstor Uds Firmware
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2016-3108 HIGH PATCH This Week

The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or write to arbitrary files via a symlink attack. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Information Disclosure Pulp
NVD GitHub
CVSS 3.0
7.1
EPSS
0.0%
CVE-2015-1588 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server 6 and OX AppSuite before 7.4.2-rev43, 7.6.0-rev38, and 7.6.1-rev21. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite Open Xchange Server
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-2255 MEDIUM This Month

Huawei AR1220 routers with software before V200R005SPH006 allow remote attackers to cause a denial of service (board reset) via vectors involving a large amount of traffic from the GE port to the FE. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Huawei Ar1220 Firmware
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2017-1179 MEDIUM PATCH This Month

IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Bigfix Security Compliance Analytics
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-9310 MEDIUM PATCH This Month

QEMU (aka Quick Emulator), when built with the e1000e NIC emulation support, allows local guest OS privileged users to cause a denial of service (infinite loop) via vectors related to setting the. Rated medium severity (CVSS 5.6).

Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
5.6
EPSS
0.1%
CVE-2017-9330 MEDIUM PATCH This Month

QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return. Rated medium severity (CVSS 5.6).

Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
5.6
EPSS
0.1%
CVE-2017-9520 MEDIUM PATCH This Month

The r_config_set function in libr/config/config.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted DEX file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free Radare2
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-3111 MEDIUM PATCH This Month

pulp.spec in the installation process for Pulp 2.8.3 generates the RSA key pairs used to validate messages between the pulp server and pulp consumers in a directory that is world-readable before. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Pulp
NVD GitHub
CVSS 3.0
5.5
EPSS
0.0%
CVE-2016-3107 MEDIUM PATCH This Month

The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/pulp/nodes/" directory, which allows local users to gain access to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Information Disclosure Pulp
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-1140 MEDIUM PATCH This Month

IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Process Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-9736 MEDIUM PATCH This Month

IBM WebSphere Application Server using malformed SOAP requests could allow a remote attacker to obtain sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.0
5.3
EPSS
0.5%
CVE-2014-4843 MEDIUM This Month

Curam Universal Access in IBM Curam Social Program Management (SPM) 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5 allows remote attackers to obtain sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Curam Social Program Management
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2015-2253 MEDIUM This Month

The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Huawei Information Disclosure Oceanstor Uds Firmware
NVD
CVSS 3.0
5.0
EPSS
0.1%
CVE-2014-6031 MEDIUM This Month

Buffer overflow in the mcpq daemon in F5 BIG-IP systems 10.x before 10.2.4 HF12, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x before 11.4.1 HF9, 11.5.x before 11.5.2 HF1, and 11.6.0 before HF4, and. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager +11
NVD
CVSS 3.0
4.9
EPSS
0.5%
CVE-2016-8987 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow an authenticated user to view incorrect item sets that they should not have access to view. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Maximo Asset Management
NVD
CVSS 3.0
4.3
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy