Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-05 | CVE-2016-8740 | Resource Management Errors vulnerability in Apache Http Server The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request. | 7.5 |
| 2016-12-05 | CVE-2016-9156 | Improper Access Control vulnerability in Siemens Sicam Pas/Pqs A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to upload, download, or delete files in certain parts of the file system by sending specially crafted packets to port 19235/TCP. | 7.3 |
| 2016-12-02 | CVE-2016-9638 | Permissions, Privileges, and Access Controls vulnerability in BMC Patrol 9.13.10.01 In BMC Patrol before 9.13.10.02, the binary "listguests64" is configured with the setuid bit. | 7.8 |
| 2016-12-02 | CVE-2016-9479 | Credentials Management vulnerability in B2Evolution The "lost password" functionality in b2evolution before 6.7.9 allows remote attackers to reset arbitrary user passwords via a crafted request. | 7.5 |
| 2016-12-01 | CVE-2016-9752 | Server-Side Request Forgery (SSRF) vulnerability in S9Y Serendipity In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code. | 8.6 |
| 2016-12-01 | CVE-2016-3055 | XXE vulnerability in IBM Filenet Workplace 4.0.2 IBM FileNet Workplace 4.0.2 before 4.0.2.14 LA012 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 8.1 |
| 2016-12-01 | CVE-2016-3033 | XXE vulnerability in IBM Appscan Source IBM AppScan Source 8.7 through 9.0.3.3 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 8.1 |
| 2016-12-01 | CVE-2016-3012 | Information Exposure vulnerability in IBM API Connect and Network Path Manager IBM API Connect (aka APIConnect) before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package, which might allow remote attackers to bypass intended access restrictions by leveraging knowledge of these credentials. | 7.5 |
| 2016-12-01 | CVE-2016-2946 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Tivoli Monitoring Stack-based buffer overflow in the ax Shared Libraries in the Agent in IBM Tivoli Monitoring (ITM) 6.2.2 before FP9, 6.2.3 before FP5, and 6.3.0 before FP2 on Linux and UNIX allows local users to gain privileges via unspecified vectors. | 7.8 |
| 2016-11-30 | CVE-2016-2917 | Permissions, Privileges, and Access Controls vulnerability in IBM Tririga Application Platform 10.4/10.5 The notifications component in IBM TRIRIGA Applications 10.4 and 10.5 before 10.5.1 allows remote authenticated users to obtain sensitive password information, and consequently gain privileges, via unspecified vectors. | 8.8 |