Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-22 | CVE-2016-8986 | Improper Access Control vulnerability in IBM Websphere MQ IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTTP requests. | 6.5 |
| 2017-02-22 | CVE-2016-8915 | Improper Access Control vulnerability in IBM Websphere MQ IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager and queue, to deny service to other channels running under the same process. | 6.5 |
| 2017-02-22 | CVE-2016-3052 | Information Exposure vulnerability in IBM Websphere MQ Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the network. | 5.9 |
| 2017-02-22 | CVE-2016-3013 | Data Processing Errors vulnerability in IBM Websphere MQ IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ channel due to improper data conversion handling. | 6.5 |
| 2017-02-22 | CVE-2017-5586 | Improper Input Validation vulnerability in Opentext Documentum D2 OpenText Documentum D2 (formerly EMC Documentum D2) 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell (bsh) and Apache Commons Collections (ACC) libraries. | 9.8 |
| 2017-02-22 | CVE-2017-5585 | Injection vulnerability in Opentext Documentum Content Server 7.3 OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and return_top_results_row_based config option is false, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and execute arbitrary DML or DDL commands via a crafted request. | 8.8 |
| 2017-02-22 | CVE-2016-9956 | Improper Access Control vulnerability in multiple products The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script. | 7.5 |
| 2017-02-22 | CVE-2016-9910 | Cross-site Scripting vulnerability in Html5Lib 0.99999999 The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of special characters in attribute values, a different vulnerability than CVE-2016-9909. | 6.1 |
| 2017-02-22 | CVE-2016-9909 | Cross-site Scripting vulnerability in Html5Lib 0.99999999 The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of the < (less than) character in attribute values. | 6.1 |
| 2017-02-22 | CVE-2016-9400 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code via vectors involving snap handling. | 9.8 |