Latest CVE Feed
-
6.5
MEDIUMCVE-2016-2996
IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, allows remote authenticated users to append to arbitrary files via unspecified vectors.... Read more
Affected Products : security_privileged_identity_manager- EPSS Score: %0.15
- Published: Nov. 24, 2016
- Modified: Apr. 12, 2025
-
5.4
MEDIUMCVE-2016-2864
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7... Read more
- EPSS Score: %0.17
- Published: Nov. 24, 2016
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2016-0378
IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3, when the installation lacks a default error page, allows remote attackers to obtain sensitive information by triggering an exception.... Read more
Affected Products : websphere_application_server- EPSS Score: %0.34
- Published: Nov. 24, 2016
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2016-0372
IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 be... Read more
- EPSS Score: %0.26
- Published: Nov. 24, 2016
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2016-0353
IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its t... Read more
Affected Products : security_privileged_identity_manager- EPSS Score: %0.21
- Published: Nov. 24, 2016
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2016-0325
IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 be... Read more
Affected Products : rational_team_concert- EPSS Score: %0.47
- Published: Nov. 24, 2016
- Modified: Apr. 12, 2025
-
5.4
MEDIUMCVE-2016-0285
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7... Read more
Affected Products : rational_team_concert- EPSS Score: %0.17
- Published: Nov. 24, 2016
- Modified: Apr. 12, 2025
-
5.5
MEDIUMCVE-2016-0284
The XML parser in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 ... Read more
- EPSS Score: %0.33
- Published: Nov. 24, 2016
- Modified: Apr. 12, 2025
-
5.4
MEDIUMCVE-2016-0282
Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 FP6 IF2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYHAAHNUS.... Read more
Affected Products : lotus_inotes- EPSS Score: %0.20
- Published: Nov. 24, 2016
- Modified: Apr. 12, 2025
-
5.4
MEDIUMCVE-2016-0273
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7... Read more
- EPSS Score: %0.17
- Published: Nov. 24, 2016
- Modified: Apr. 12, 2025
-
2.9
LOWCVE-2015-4961
IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224 FP3 does not encrypt connections betwee... Read more
Affected Products : tealeaf_customer_experience- EPSS Score: %0.10
- Published: Nov. 24, 2016
- Modified: Apr. 12, 2025
-
7.8
HIGHCVE-2016-1248
vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.... Read more
- EPSS Score: %23.18
- Published: Nov. 23, 2016
- Modified: Apr. 12, 2025
-
5.5
MEDIUMCVE-2016-9567
The mDNIe system service on Samsung Mobile S7 devices with M(6.0) software does not properly restrict setmDNIeScreenCurtain API calls, enabling attackers to control a device's screen. This can be exploited via a crafted application to eavesdrop after phon... Read more
Affected Products : samsung_mobile- EPSS Score: %0.20
- Published: Nov. 23, 2016
- Modified: Apr. 12, 2025
-
8.8
HIGHCVE-2016-8673
A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.0.53), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.2.17), SIMATIC S7-300 PN/DP CPU family (incl. SIPLUS variants) (A... Read more
- EPSS Score: %0.14
- Published: Nov. 23, 2016
- Modified: Apr. 12, 2025
-
5.3
MEDIUMCVE-2016-8672
A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.0.53), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.2.17), SIMATIC S7-300 PN/DP CPU family (incl. SIPLUS variants) (A... Read more
- EPSS Score: %0.23
- Published: Nov. 23, 2016
- Modified: Apr. 12, 2025
-
6.5
MEDIUMCVE-2016-9563
BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via the sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn URI, aka SAP Security Note 2296909.... Read more
- Actively Exploited
- EPSS Score: %43.02
- Published: Nov. 23, 2016
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2016-9562
SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service (null pointer exception and icman outage) via an HTTPS request to the sap.com~P4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835.... Read more
- EPSS Score: %1.17
- Published: Nov. 23, 2016
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2016-9540
tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka "cpStripToTile heap-buffer-overflow."... Read more
Affected Products : libtiff- EPSS Score: %0.42
- Published: Nov. 22, 2016
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2016-9539
tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092.... Read more
Affected Products : libtiff- EPSS Score: %0.42
- Published: Nov. 22, 2016
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2016-9538
tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100.... Read more
Affected Products : libtiff- EPSS Score: %0.42
- Published: Nov. 22, 2016
- Modified: Apr. 12, 2025