Latest CVE Feed
-
5.5
MEDIUMCVE-2015-8715
epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does not check for empty arguments, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.... Read more
Affected Products : wireshark- EPSS Score: %0.08
- Published: Jan. 04, 2016
- Modified: Apr. 12, 2025
-
5.5
MEDIUMCVE-2015-8714
The dissect_dcom_OBJREF function in epan/dissectors/packet-dcom.c in the DCOM dissector in Wireshark 1.12.x before 1.12.9 does not initialize a certain IPv4 data structure, which allows remote attackers to cause a denial of service (application crash) via... Read more
Affected Products : wireshark- EPSS Score: %0.08
- Published: Jan. 04, 2016
- Modified: Apr. 12, 2025
-
5.5
MEDIUMCVE-2015-8713
epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not properly reserve memory for channel ID mappings, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application c... Read more
Affected Products : wireshark- EPSS Score: %0.08
- Published: Jan. 04, 2016
- Modified: Apr. 12, 2025
-
5.5
MEDIUMCVE-2015-8712
The dissect_hsdsch_channel_info function in epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attackers to cause a denial of service (application crash) vi... Read more
Affected Products : wireshark- EPSS Score: %0.08
- Published: Jan. 04, 2016
- Modified: Apr. 12, 2025
-
5.5
MEDIUMCVE-2015-8711
epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) v... Read more
Affected Products : wireshark- EPSS Score: %0.09
- Published: Jan. 04, 2016
- Modified: Apr. 12, 2025
-
5.5
MEDIUMCVE-2015-3182
epan/dissectors/packet-dec-dnart.c in the DECnet NSP/RT dissector in Wireshark 1.10.12 through 1.10.14 mishandles a certain strdup return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.... Read more
Affected Products : wireshark- EPSS Score: %0.09
- Published: Jan. 04, 2016
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-8509
Template.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2 does not properly construct CSV files, which allows remote attackers to obtain sensitive information by leveraging a web browser that ... Read more
Affected Products : bugzilla- EPSS Score: %0.18
- Published: Jan. 03, 2016
- Modified: Apr. 12, 2025
-
4.7
MEDIUMCVE-2015-8508
Cross-site scripting (XSS) vulnerability in showdependencygraph.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2, when a local dot configuration is used, allows remote attackers to inject arb... Read more
Affected Products : bugzilla- EPSS Score: %0.31
- Published: Jan. 03, 2016
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-5051
IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated users to bypass intended access rest... Read more
- EPSS Score: %0.14
- Published: Jan. 03, 2016
- Modified: Apr. 12, 2025
-
7.8
HIGHCVE-2015-5038
IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 does not properly detect recursion during XML entity expansion, which allows remote attackers to cause a denial of service (CPU consumption and application crash) v... Read more
Affected Products : connections- EPSS Score: %0.89
- Published: Jan. 03, 2016
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2015-5037
Cross-site request forgery (CSRF) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS se... Read more
Affected Products : connections- EPSS Score: %0.04
- Published: Jan. 03, 2016
- Modified: Apr. 12, 2025
-
5.4
MEDIUMCVE-2015-5036
Cross-site scripting (XSS) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability th... Read more
Affected Products : connections- EPSS Score: %0.17
- Published: Jan. 03, 2016
- Modified: Apr. 12, 2025
-
5.4
MEDIUMCVE-2015-5035
Cross-site scripting (XSS) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability th... Read more
Affected Products : connections- EPSS Score: %0.17
- Published: Jan. 03, 2016
- Modified: Apr. 12, 2025
-
6.5
MEDIUMCVE-2015-5023
SQL injection vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.... Read more
Affected Products : curam_social_program_management- EPSS Score: %0.13
- Published: Jan. 03, 2016
- Modified: Apr. 12, 2025
-
5.5
MEDIUMCVE-2015-5017
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset M... Read more
Affected Products : maximo_asset_management maximo_for_life_sciences maximo_for_nuclear_power maximo_for_oil_and_gas maximo_for_transportation maximo_for_utilities smartcloud_control_desk change_and_configuration_management_database maximo_asset_management_essentials maximo_for_government +3 more products- EPSS Score: %0.10
- Published: Jan. 03, 2016
- Modified: Apr. 12, 2025
-
8.5
HIGHCVE-2015-5003
The portal in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 before FP7 allows remote authenticated users to execute arbitrary commands by leveraging Take Action view authority and providing crafted input.... Read more
Affected Products : tivoli_monitoring- EPSS Score: %1.32
- Published: Jan. 03, 2016
- Modified: Apr. 12, 2025
-
3.5
LOWCVE-2015-4962
Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before ... Read more
- EPSS Score: %0.07
- Published: Jan. 03, 2016
- Modified: Apr. 12, 2025
-
3.3
LOWCVE-2015-4946
Rational LifeCycle Project Administration in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x bef... Read more
- EPSS Score: %0.05
- Published: Jan. 03, 2016
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2016-1283
The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, w... Read more
- EPSS Score: %2.47
- Published: Jan. 03, 2016
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-2007
Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.5 Patch 6 allows remote authenticated users to read arbitrary files via a crafted URL.... Read more
Affected Products : qradar_security_information_and_event_manager- EPSS Score: %0.17
- Published: Jan. 03, 2016
- Modified: Apr. 12, 2025