Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-01 | CVE-2016-2939 | Cross-site Scripting vulnerability in IBM Domino and Inotes IBM iNotes is vulnerable to cross-site scripting. | 4.3 |
| 2017-02-01 | CVE-2016-2938 | Cross-site Scripting vulnerability in IBM Domino and Inotes IBM iNotes is vulnerable to cross-site scripting. | 4.3 |
| 2017-02-01 | CVE-2016-2908 | XXE vulnerability in IBM products IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. | 6.4 |
| 2017-02-01 | CVE-2016-0396 | Command Injection vulnerability in IBM Bigfix Platform IBM Tivoli Endpoint Manager could allow a user under special circumstances to inject commands that would be executed with unnecessary higher privileges than expected. | 6.8 |
| 2017-02-01 | CVE-2016-0297 | Information Exposure vulnerability in IBM Bigfix Platform IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could allow a remote attacker to obtain sensitive information due to a missing HTTP Strict-Transport-Security Header through man in the middle techniques. | 4.3 |
| 2017-01-18 | CVE-2016-10086 | Permissions, Privileges, and Access Controls vulnerability in CA Service Desk Management and Service Desk Manager RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions applied to a RESTful request. | 5.5 |
| 2017-01-06 | CVE-2016-9879 | Channel and Path Errors vulnerability in multiple products An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. | 5.0 |
| 2016-12-13 | CVE-2015-5073 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis. | 6.4 |
| 2016-12-13 | CVE-2015-3217 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/. | 5.0 |
| 2016-12-01 | CVE-2016-3055 | XXE vulnerability in IBM Filenet Workplace 4.0.2 IBM FileNet Workplace 4.0.2 before 4.0.2.14 LA012 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 5.5 |