Latest CVE Feed
-
9.1
CRITICALCVE-2016-3028
IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access.... Read more
- Published: Nov. 25, 2016
- Modified: Apr. 12, 2025
-
8.1
HIGHCVE-2016-3025
IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach.... Read more
- Published: Nov. 25, 2016
- Modified: Apr. 12, 2025
-
8.5
HIGHCVE-2016-2988
IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.4.x before 6.4.3.4 and 7.1.x before 7.1.6 allows remote authenticated users to bypass a TSM credential requirement and obtain ... Read more
Affected Products : tivoli_storage_manager_for_virtual_environments- Published: Nov. 25, 2016
- Modified: Apr. 12, 2025
-
5.4
MEDIUMCVE-2016-2986
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 6.x before 6.0.1 iFix6, Rational Quality Manager 6.x before 6.0.1 iFix6, Rational Team Concert 6.x before 6.0.1 iFix6, Rational DOORS Next Generation 6.x before 6.... Read more
- Published: Nov. 25, 2016
- Modified: Apr. 12, 2025
-
7.0
HIGHCVE-2016-2985
IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted environment variables to a /usr/lpp/mmfs/bin/ setuid... Read more
- Published: Nov. 25, 2016
- Modified: Apr. 12, 2025
-
7.0
HIGHCVE-2016-2984
IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted command-line parameters to a /usr/lpp/mmfs/bin/ setu... Read more
- Published: Nov. 25, 2016
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2016-2947
IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 4.0 ... Read more
- Published: Nov. 25, 2016
- Modified: Apr. 12, 2025
-
6.5
MEDIUMCVE-2016-2996
IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, allows remote authenticated users to append to arbitrary files via unspecified vectors.... Read more
Affected Products : security_privileged_identity_manager- Published: Nov. 24, 2016
- Modified: Apr. 12, 2025
-
5.4
MEDIUMCVE-2016-2864
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7... Read more
- Published: Nov. 24, 2016
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2016-0378
IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3, when the installation lacks a default error page, allows remote attackers to obtain sensitive information by triggering an exception.... Read more
Affected Products : websphere_application_server- Published: Nov. 24, 2016
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2016-0372
IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 be... Read more
- Published: Nov. 24, 2016
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2016-0353
IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its t... Read more
Affected Products : security_privileged_identity_manager- Published: Nov. 24, 2016
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2016-0325
IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 be... Read more
Affected Products : rational_team_concert- Published: Nov. 24, 2016
- Modified: Apr. 12, 2025
-
5.4
MEDIUMCVE-2016-0285
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7... Read more
Affected Products : rational_team_concert- Published: Nov. 24, 2016
- Modified: Apr. 12, 2025
-
5.5
MEDIUMCVE-2016-0284
The XML parser in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 ... Read more
- Published: Nov. 24, 2016
- Modified: Apr. 12, 2025
-
5.4
MEDIUMCVE-2016-0282
Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 FP6 IF2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYHAAHNUS.... Read more
Affected Products : lotus_inotes- Published: Nov. 24, 2016
- Modified: Apr. 12, 2025
-
5.4
MEDIUMCVE-2016-0273
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7... Read more
- Published: Nov. 24, 2016
- Modified: Apr. 12, 2025
-
2.9
LOWCVE-2015-4961
IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224 FP3 does not encrypt connections betwee... Read more
Affected Products : tealeaf_customer_experience- Published: Nov. 24, 2016
- Modified: Apr. 12, 2025
-
7.8
HIGHCVE-2016-1248
vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.... Read more
- Published: Nov. 23, 2016
- Modified: Apr. 12, 2025
-
5.5
MEDIUMCVE-2016-9567
The mDNIe system service on Samsung Mobile S7 devices with M(6.0) software does not properly restrict setmDNIeScreenCurtain API calls, enabling attackers to control a device's screen. This can be exploited via a crafted application to eavesdrop after phon... Read more
Affected Products : samsung_mobile- Published: Nov. 23, 2016
- Modified: Apr. 12, 2025