Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-17 | CVE-2017-7892 | Improper Input Validation vulnerability in Capnproto Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a compiler optimization. | 7.5 |
| 2017-04-17 | CVE-2017-5645 | Deserialization of Untrusted Data vulnerability in multiple products In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. | 9.8 |
| 2017-04-17 | CVE-2017-1161 | Improper Input Validation vulnerability in IBM API Connect 5.0.6.0 IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal. | 7.3 |
| 2017-04-17 | CVE-2017-1160 | Cross-site Scripting vulnerability in IBM Financial Transaction Manager IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.0.x is vulnerable to cross-site scripting. | 5.4 |
| 2017-04-17 | CVE-2016-3038 | Cross-site Scripting vulnerability in IBM Cognos Business Intelligence 10.1/10.2/10.2.2 IBM Cognos TM1 10.1 and 10.2 is vulnerable to cross-site scripting. | 5.4 |
| 2017-04-17 | CVE-2016-3037 | Information Exposure vulnerability in IBM Cognos Business Intelligence 10.1/10.2/10.2.2 IBM Cognos TM1 10.1 and 10.2 provides a service to return the victim's password with a valid session key. | 5.7 |
| 2017-04-17 | CVE-2016-3036 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Cognos Business Intelligence 10.1/10.2/10.2.2 IBM Cognos TM1 10.1 and 10.2 is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing packets. | 7.5 |
| 2017-04-17 | CVE-2016-0228 | Open Redirect vulnerability in IBM Marketing Platform 10.0 IBM Marketing Platform 10.0 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in various scripts. | 5.4 |
| 2017-04-17 | CVE-2017-5659 | Improper Input Validation vulnerability in Apache Traffic Server Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding. | 7.5 |
| 2017-04-17 | CVE-2016-5396 | Resource Management Errors vulnerability in Apache Traffic Server Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Attack. | 7.5 |