|
270111
|
6.5 |
MEDIUM
Local
|
ibm
|
powerkvm
|
The Linux kernel component in IBM PowerKVM 2.1 before 2.1.1.3-65.10 and 3.1 before 3.1.0.2 allows guest OS users to cause a denial of service (host OS infinite loop and hang) via unspecified vectors.
|
CWE-20
CWE-284
Improper Input Validation
Improper Access Control
|
CVE-2016-3044
|
2024-11-21 11:49 |
2016-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270112
|
8.1 |
HIGH
Network
|
ibm
|
appscan_source
|
IBM AppScan Source 8.7 through 9.0.3.3 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity de…
|
CWE-611
XXE
|
CVE-2016-3033
|
2024-11-21 11:49 |
2016-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270113
|
7.5 |
HIGH
Network
|
ibm
|
network_path_manager
api_connect
|
IBM API Connect (aka APIConnect) before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package, which might allow remote attackers to bypass intended acces…
|
CWE-200
Information Exposure
|
CVE-2016-3012
|
2024-11-21 11:49 |
2016-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270114
|
5.4 |
MEDIUM
Network
|
ibm
|
urbancode_deploy
|
Cross-site scripting (XSS) vulnerability in IBM UrbanCode Deploy 6.2.x before 6.2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2016-2994
|
2024-11-21 11:49 |
2016-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270115
|
5.4 |
MEDIUM
Network
|
ibm
|
lotus_protector_for_mail_security
|
Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Protector for Mail Security 2.8.0.0 through 2.8.1.0 before 2.8.1.0-22115 allow remote authenticated users to inject arbitrary web scri…
|
CWE-79
Cross-site Scripting
|
CVE-2016-2991
|
2024-11-21 11:49 |
2016-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270116
|
5.4 |
MEDIUM
Network
|
ibm
|
connections
|
Cross-site scripting (XSS) vulnerability in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2016-2955
|
2024-11-21 11:49 |
2016-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270117
|
7.8 |
HIGH
Local
|
ibm
|
tivoli_monitoring
|
Stack-based buffer overflow in the ax Shared Libraries in the Agent in IBM Tivoli Monitoring (ITM) 6.2.2 before FP9, 6.2.3 before FP5, and 6.3.0 before FP2 on Linux and UNIX allows local users to gai…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-2946
|
2024-11-21 11:49 |
2016-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270118
|
8.8 |
HIGH
Network
|
ibm
|
tririga_application_platform
|
The notifications component in IBM TRIRIGA Applications 10.4 and 10.5 before 10.5.1 allows remote authenticated users to obtain sensitive password information, and consequently gain privileges, via u…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-2917
|
2024-11-21 11:49 |
2016-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270119
|
8.1 |
HIGH
Network
|
ibm
|
ims_enterprise_suite
|
IBM IMS Enterprise Suite Data Provider before 3.2.0.1 for Microsoft .NET allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
|
CWE-200
CWE-284
Information Exposure
Improper Access Control
|
CVE-2016-2887
|
2024-11-21 11:49 |
2016-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270120
|
8.0 |
HIGH
Network
|
ibm
|
forms_experience_builder
|
Cross-site request forgery (CSRF) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3.1, in an unspecified non-default configuration, allows remote authenticated users to hijac…
|
CWE-352
Origin Validation Error
|
CVE-2016-2884
|
2024-11-21 11:49 |
2016-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
