Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-03 | CVE-2016-9798 | Use After Free vulnerability in Bluez 5.42 In BlueZ 5.42, a use-after-free was identified in "conf_opt" function in "tools/parser/l2cap.c" source file. | 5.3 |
| 2016-12-03 | CVE-2016-9797 | Out-of-bounds Read vulnerability in Bluez 5.42 In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" function in "tools/parser/l2cap.c" source file. | 5.3 |
| 2016-12-01 | CVE-2016-9751 | Cross-site Scripting vulnerability in Piwigo 2.8.3 Cross-site scripting (XSS) vulnerability in the search results front end in Piwigo 2.8.3 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 6.1 |
| 2016-12-01 | CVE-2016-3047 | Open Redirect vulnerability in IBM Filenet Workplace 4.0.2 Open redirect vulnerability in IBM FileNet Workplace 4.0.2 through 4.0.2.14 IF001 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 6.8 |
| 2016-12-01 | CVE-2016-3044 | Improper Access Control vulnerability in IBM Powerkvm The Linux kernel component in IBM PowerKVM 2.1 before 2.1.1.3-65.10 and 3.1 before 3.1.0.2 allows guest OS users to cause a denial of service (host OS infinite loop and hang) via unspecified vectors. | 6.5 |
| 2016-12-01 | CVE-2016-2994 | Cross-site Scripting vulnerability in IBM Urbancode Deploy Cross-site scripting (XSS) vulnerability in IBM UrbanCode Deploy 6.2.x before 6.2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2016-12-01 | CVE-2016-2991 | Cross-site Scripting vulnerability in IBM Lotus Protector for Mail Security 2.8/2.8.1 Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Protector for Mail Security 2.8.0.0 through 2.8.1.0 before 2.8.1.0-22115 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2016-12-01 | CVE-2016-2955 | Cross-site Scripting vulnerability in IBM Connections 5.0.0.0/5.5.0.0 Cross-site scripting (XSS) vulnerability in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2016-11-30 | CVE-2016-2881 | 7PK - Security Features vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 and QRadar Incident Forensics 7.2 before 7.2.7 allow remote attackers to bypass intended access restrictions via modified request parameters. | 6.5 |
| 2016-11-30 | CVE-2016-2869 | Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager Multiple cross-site scripting (XSS) vulnerabilities in the UI in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allow remote authenticated users to inject arbitrary web script or HTML via crafted fields in a URL. | 5.4 |