Latest CVE Feed
-
4.7
MEDIUMCVE-2015-8508
Cross-site scripting (XSS) vulnerability in showdependencygraph.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2, when a local dot configuration is used, allows remote attackers to inject arb... Read more
Affected Products : bugzilla- EPSS Score: %0.31
- Published: Jan. 03, 2016
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-5051
IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated users to bypass intended access rest... Read more
- EPSS Score: %0.14
- Published: Jan. 03, 2016
- Modified: Apr. 12, 2025
-
7.8
HIGHCVE-2015-5038
IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 does not properly detect recursion during XML entity expansion, which allows remote attackers to cause a denial of service (CPU consumption and application crash) v... Read more
Affected Products : connections- EPSS Score: %0.89
- Published: Jan. 03, 2016
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2015-5037
Cross-site request forgery (CSRF) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS se... Read more
Affected Products : connections- EPSS Score: %0.04
- Published: Jan. 03, 2016
- Modified: Apr. 12, 2025
-
5.4
MEDIUMCVE-2015-5036
Cross-site scripting (XSS) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability th... Read more
Affected Products : connections- EPSS Score: %0.17
- Published: Jan. 03, 2016
- Modified: Apr. 12, 2025
-
5.4
MEDIUMCVE-2015-5035
Cross-site scripting (XSS) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability th... Read more
Affected Products : connections- EPSS Score: %0.17
- Published: Jan. 03, 2016
- Modified: Apr. 12, 2025
-
6.5
MEDIUMCVE-2015-5023
SQL injection vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.... Read more
Affected Products : curam_social_program_management- EPSS Score: %0.13
- Published: Jan. 03, 2016
- Modified: Apr. 12, 2025
-
5.5
MEDIUMCVE-2015-5017
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset M... Read more
Affected Products : maximo_asset_management maximo_for_life_sciences maximo_for_nuclear_power maximo_for_oil_and_gas maximo_for_transportation maximo_for_utilities smartcloud_control_desk change_and_configuration_management_database maximo_asset_management_essentials maximo_for_government +3 more products- EPSS Score: %0.10
- Published: Jan. 03, 2016
- Modified: Apr. 12, 2025
-
8.5
HIGHCVE-2015-5003
The portal in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 before FP7 allows remote authenticated users to execute arbitrary commands by leveraging Take Action view authority and providing crafted input.... Read more
Affected Products : tivoli_monitoring- EPSS Score: %1.32
- Published: Jan. 03, 2016
- Modified: Apr. 12, 2025
-
3.5
LOWCVE-2015-4962
Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before ... Read more
- EPSS Score: %0.07
- Published: Jan. 03, 2016
- Modified: Apr. 12, 2025
-
3.3
LOWCVE-2015-4946
Rational LifeCycle Project Administration in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x bef... Read more
- EPSS Score: %0.05
- Published: Jan. 03, 2016
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2016-1283
The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, w... Read more
- EPSS Score: %2.47
- Published: Jan. 03, 2016
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-2007
Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.5 Patch 6 allows remote authenticated users to read arbitrary files via a crafted URL.... Read more
Affected Products : qradar_security_information_and_event_manager- EPSS Score: %0.17
- Published: Jan. 03, 2016
- Modified: Apr. 12, 2025
-
5.6
MEDIUMCVE-2015-1985
The queue manager on IBM MQ M2000 appliances before 8.0.0.4 allows local users to bypass an intended password requirement and read private keys by leveraging the existence of a stash file.... Read more
Affected Products : mq_appliance_m2000- EPSS Score: %0.04
- Published: Jan. 03, 2016
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-1971
Unspecified vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF8 and 5.x before 5.0.2 IF10; Rational Quality Manager (RQM) 2.x and 3.x before 3.0.1.6 IF7, 4.x before 4.0... Read more
- EPSS Score: %0.25
- Published: Jan. 03, 2016
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-8027
Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the availability of a parser for each HTTP socket, which allows remote attackers to cause a denial of service (uncaughtException and service outage) via a pipelined HTTP ... Read more
Affected Products : node.js- EPSS Score: %1.50
- Published: Jan. 02, 2016
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-7452
IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 FP9, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allow remote authenticated users to obtain sensitive informatio... Read more
- EPSS Score: %0.16
- Published: Jan. 02, 2016
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2015-7450
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransf... Read more
- Actively Exploited
- EPSS Score: %93.83
- Published: Jan. 02, 2016
- Modified: Apr. 12, 2025
-
4.7
MEDIUMCVE-2015-7438
IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive cleartext web-services information by leveraging database access.... Read more
Affected Products : sterling_b2b_integrator- EPSS Score: %0.04
- Published: Jan. 02, 2016
- Modified: Apr. 12, 2025
-
5.5
MEDIUMCVE-2015-7437
Queue Watcher in IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive information via unspecified vectors.... Read more
Affected Products : sterling_b2b_integrator- EPSS Score: %0.04
- Published: Jan. 02, 2016
- Modified: Apr. 12, 2025