|
273231
|
7.3 |
HIGH
Network
|
ibm
apache
|
infosphere_biginsights
hbase
|
Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper c…
|
CWE-284
Improper Access Control
|
CVE-2015-1836
|
2024-11-21 11:26 |
2015-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273232
|
7.3 |
HIGH
Network
|
ibm
apache
|
infosphere_biginsights
hive
|
The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, mishandles simple unauth…
|
CWE-287
Improper Authentication
|
CVE-2015-1772
|
2024-11-21 11:26 |
2015-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273233
|
- |
|
openssl
|
openssl
|
The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service (segmentation fault) via a zero p value in an anonymous Diffie-He…
|
CWE-189
Numeric Errors
|
CVE-2015-1794
|
2024-11-21 11:26 |
2015-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273234
|
- |
|
ibm
|
websphere_application_server
|
CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.12, and 8.5 before 8.5.5.8 allows remote attackers to inject arbitra…
|
NVD-CWE-Other
|
CVE-2015-2017
|
2024-11-21 11:26 |
2015-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273235
|
- |
|
ibm
|
security_qradar_incident_forensics
|
IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 places session IDs in https URLs, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs…
|
CWE-200
Information Exposure
|
CVE-2015-1999
|
2024-11-21 11:26 |
2015-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273236
|
- |
|
ibm
|
security_qradar_incident_forensics
|
Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar Vulnerability Manager 7.2.x before 7.2.5 Patch 5 allows remote attackers to hijack the authentication of arbitrary users for req…
|
CWE-352
Origin Validation Error
|
CVE-2015-1997
|
2024-11-21 11:26 |
2015-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273237
|
- |
|
ibm
|
security_qradar_incident_forensics
|
IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not prevent caching of HTTPS responses, which allows physically proximate attackers to obtain sensitive local-cache information …
|
CWE-200
Information Exposure
|
CVE-2015-1996
|
2024-11-21 11:26 |
2015-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273238
|
- |
|
ibm
|
security_qradar_incident_forensics
|
Multiple cross-site scripting (XSS) vulnerabilities in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 allow remote attackers to inject arbitrary web script or HTML via a crafted UR…
|
CWE-79
Cross-site Scripting
|
CVE-2015-1995
|
2024-11-21 11:26 |
2015-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273239
|
- |
|
ibm
|
security_qradar_incident_forensics
|
IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtai…
|
CWE-200
Information Exposure
|
CVE-2015-1994
|
2024-11-21 11:26 |
2015-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273240
|
- |
|
ibm
|
security_qradar_incident_forensics
|
IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these…
|
NVD-CWE-Other
|
CVE-2015-1993
|
2024-11-21 11:26 |
2015-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
