Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-04-05 CVE-2017-0888 Improper Input Validation vulnerability in Nextcloud
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app.
network
low complexity
nextcloud CWE-20
4.3
2017-04-05 CVE-2017-0887 Improper Input Validation vulnerability in Nextcloud Server
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation.
network
low complexity
nextcloud CWE-20
4.3
2017-04-05 CVE-2017-0886 Uncontrolled Recursion vulnerability in Nextcloud Server
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of Service attack.
network
low complexity
nextcloud CWE-674
6.5
2017-04-05 CVE-2017-0885 Information Exposure vulnerability in Nextcloud Server
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share.
network
low complexity
nextcloud CWE-200
4.3
2017-04-05 CVE-2017-0884 Incorrect Permission Assignment for Critical Resource vulnerability in Nextcloud Server
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue.
network
low complexity
nextcloud CWE-732
4.3
2017-04-05 CVE-2017-0883 Incorrect Permission Assignment for Critical Resource vulnerability in Nextcloud Server
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue.
network
low complexity
nextcloud CWE-732
6.4
2017-04-05 CVE-2017-1180 Unspecified vulnerability in IBM Tririga Application Platform
The IBM TRIRIGA Document Manager contains a vulnerability that could allow an authenticated user to execute actions they did not have access to.
network
high complexity
ibm
5.3
2017-04-05 CVE-2016-6100 Cross-Site Request Forgery (CSRF) vulnerability in IBM products
IBM Disposal and Governance Management for IT and IBM Global Retention Policy and Schedule Management, components of IBM Atlas Policy Suite 6.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2017-04-05 CVE-2016-3031 Cross-site Scripting vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-04-05 CVE-2016-3015 Cross-site Scripting vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4