Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-03-31 CVE-2016-8917 Cross-Site Request Forgery (CSRF) vulnerability in IBM Sterling Selling and Fulfillment Foundation
IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
8.8
2017-03-31 CVE-2016-6111 XXE vulnerability in IBM Curam Social Program Management
IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data.
network
low complexity
ibm CWE-611
critical
 9.1
9.1
2017-03-31 CVE-2016-6036 Cross-site Scripting vulnerability in IBM Rational Quality Manager
IBM Rational Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2017-03-31 CVE-2016-6031 Cross-site Scripting vulnerability in IBM Rational Quality Manager
IBM Rational Quality Manager 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2017-03-31 CVE-2016-6022 Cross-site Scripting vulnerability in IBM Rational Quality Manager
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2017-03-31 CVE-2017-3010 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the rendering engine.
network
low complexity
adobe CWE-119
critical
 9.8
9.8
2017-03-31 CVE-2017-3009 Out-of-bounds Read vulnerability in Adobe products
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow vulnerability in the JPEG2000 parser.
network
low complexity
adobe CWE-125
7.5
7.5
2017-03-31 CVE-2016-6209 Cross-site Scripting vulnerability in Nagios
Cross-site scripting (XSS) vulnerability in Nagios.
network
low complexity
nagios CWE-79
6.1
6.1
2017-03-31 CVE-2015-4624 Improper Access Control vulnerability in Hak5 Wi-Fi Pineapple Firmware
Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens.
high complexity
hak5 CWE-284
7.5
7.5
2017-03-31 CVE-2014-9114 Command Injection vulnerability in multiple products
Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.
local
low complexity
opensuse fedoraproject kernel CWE-77
7.8
7.8