Total
1752 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-0731 | 1 Apache | 1 Ambari | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| The File Browser View in Apache Ambari before 2.2.1 allows remote authenticated administrators to read arbitrary files via a file: URL in the WebHDFS URL configuration. | |||||
| CVE-2016-0611 | 4 Canonical, Opensuse, Oracle and 1 more | 5 Ubuntu Linux, Leap, Opensuse and 2 more | 2024-11-21 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. | |||||
| CVE-2016-0392 | 1 Ibm | 2 Elastic Storage Server, General Parallel File System Storage Server | 2024-11-21 | 4.6 MEDIUM | 8.4 HIGH |
| IBM General Parallel File System (GPFS) in GPFS Storage Server 2.0.0 through 2.0.7 and Elastic Storage Server 2.5.x through 2.5.5, 3.x before 3.5.5, and 4.x before 4.0.3, as distributed in Spectrum Scale RAID, allows local users to gain privileges via a crafted parameter to a setuid program. | |||||
| CVE-2016-0391 | 1 Ibm | 2 Bluemix, Watson Developer Cloud | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The IBM Watson Developer Cloud services on Bluemix platforms do not properly generate random numbers for service-instance credentials, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. | |||||
| CVE-2016-0357 | 1 Ibm | 1 Security Identity Manager Adapter | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 allows remote attackers to conduct clickjacking attacks via a crafted web site. | |||||
| CVE-2016-0349 | 1 Ibm | 1 Business Process Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before 8.5.7.CF201606 allows remote authenticated users to bypass intended access restrictions and update process-instance variables via a REST API call. | |||||
| CVE-2016-0342 | 1 Ibm | 1 Tririga Application Platform | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to read or modify arbitrary reports by leveraging an incorrect grant of access. IBM X-Force ID: 111783. | |||||
| CVE-2016-0340 | 1 Ibm | 1 Security Identity Manager Adapter | 2024-11-21 | 4.4 MEDIUM | 7.4 HIGH |
| IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session expiration, which allows remote attackers to hijack sessions by leveraging an unattended workstation. | |||||
| CVE-2016-0339 | 1 Ibm | 1 Security Identity Manager Adapter | 2024-11-21 | 4.3 MEDIUM | 5.6 MEDIUM |
| IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session identifiers after logout, which makes it easier for remote attackers to spoof users by leveraging knowledge of "traffic records." | |||||
| CVE-2016-0323 | 1 Ibm | 1 Bluemix | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Auto-Scaling agent in Liberty for Java in IBM Bluemix before 2.7-20160321-1358 allows remote authenticated users to disable X.509 certificate validation, and consequently bypass an intended HTTPS trust-management feature, via unspecified vectors. | |||||
| CVE-2016-0320 | 1 Ibm | 1 Urbancode Deploy | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM UrbanCode Deploy could allow an authenticated user to modify Ucd objects due to multiple REST endpoints not properly authorizing users editing UCD objects. This could affect the behavior of legitimately triggered processes. | |||||
| CVE-2016-0319 | 1 Ibm | 1 Jazz Reporting Service | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The XML parser in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote authenticated administrators to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2016-0318 | 1 Ibm | 1 Jazz Reporting Service | 2024-11-21 | 6.0 MEDIUM | 5.0 MEDIUM |
| Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote attackers to obtain access by leveraging an unattended workstation. | |||||
| CVE-2016-0317 | 1 Ibm | 1 Jazz Reporting Service | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||||
| CVE-2016-0315 | 1 Ibm | 1 Jazz Reporting Service | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 maintain session ID validity after a logout action, which allows remote authenticated users to hijack sessions by leveraging an unattended workstation. | |||||
| CVE-2016-0308 | 1 Ibm | 1 Connections | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images. | |||||
| CVE-2016-0304 | 1 Ibm | 1 Domino | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| The Java Console in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, aka SPR KLYHA7MM3J. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0920. | |||||
| CVE-2016-0289 | 1 Ibm | 1 Maximo Asset Management | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| shiprec.xml in the SHIPREC application in IBM Maximo Asset Management 7.1 and 7.5 before 7.5.0.10 and 7.6 before 7.6.0.4 allows remote authenticated users to bypass intended item-selection restrictions via unspecified vectors. | |||||
| CVE-2016-0279 | 1 Ibm | 1 Domino | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0278, and CVE-2016-0301. | |||||
| CVE-2016-0278 | 1 Ibm | 1 Domino | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0279, and CVE-2016-0301. | |||||