Total
2820 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-0319 | 1 Ibm | 1 Jazz Reporting Service | 2024-08-05 | N/A |
The XML parser in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote authenticated administrators to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||||
CVE-2016-0320 | 1 Ibm | 1 Urbancode Deploy | 2024-08-05 | N/A |
IBM UrbanCode Deploy could allow an authenticated user to modify Ucd objects due to multiple REST endpoints not properly authorizing users editing UCD objects. This could affect the behavior of legitimately triggered processes. | ||||
CVE-2016-0317 | 1 Ibm | 1 Jazz Reporting Service | 2024-08-05 | N/A |
Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | ||||
CVE-2016-0318 | 1 Ibm | 1 Jazz Reporting Service | 2024-08-05 | N/A |
Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote attackers to obtain access by leveraging an unattended workstation. | ||||
CVE-2016-0278 | 1 Ibm | 1 Domino | 2024-08-05 | N/A |
Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0279, and CVE-2016-0301. | ||||
CVE-2016-0304 | 1 Ibm | 1 Domino | 2024-08-05 | N/A |
The Java Console in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, aka SPR KLYHA7MM3J. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0920. | ||||
CVE-2016-0225 | 1 Ibm | 1 Websphere Commerce | 2024-08-05 | N/A |
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.9 allows remote authenticated Commerce Accelerator administrators to obtain sensitive information via unspecified vectors. | ||||
CVE-2016-0315 | 1 Ibm | 1 Jazz Reporting Service | 2024-08-05 | N/A |
The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 maintain session ID validity after a logout action, which allows remote authenticated users to hijack sessions by leveraging an unattended workstation. | ||||
CVE-2016-0241 | 1 Ibm | 1 Security Guardium Database Activity Monitor | 2024-08-05 | N/A |
IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to spoof administrator accounts by sending a modified login request over HTTP. | ||||
CVE-2016-0289 | 1 Ibm | 1 Maximo Asset Management | 2024-08-05 | N/A |
shiprec.xml in the SHIPREC application in IBM Maximo Asset Management 7.1 and 7.5 before 7.5.0.10 and 7.6 before 7.6.0.4 allows remote authenticated users to bypass intended item-selection restrictions via unspecified vectors. | ||||
CVE-2016-0279 | 1 Ibm | 1 Domino | 2024-08-05 | N/A |
Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0278, and CVE-2016-0301. | ||||
CVE-2016-0308 | 1 Ibm | 1 Connections | 2024-08-05 | N/A |
IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images. | ||||
CVE-2016-0226 | 2 Ibm, Microsoft | 2 Informix Dynamic Server, Windows | 2024-08-05 | N/A |
The client implementation in IBM Informix Dynamic Server 11.70.xCn on Windows does not properly restrict access to the (1) nsrd, (2) nsrexecd, and (3) portmap executable files, which allows local users to gain privileges via a Trojan horse file. | ||||
CVE-2016-0188 | 1 Microsoft | 1 Internet Explorer | 2024-08-05 | N/A |
The User Mode Code Integrity (UMCI) implementation in Device Guard in Microsoft Internet Explorer 11 allows remote attackers to bypass a code-signing protection mechanism via unspecified vectors, aka "Internet Explorer Security Feature Bypass." | ||||
CVE-2016-0214 | 1 Ibm | 1 Bigfix Platform | 2024-08-05 | N/A |
IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. A remote attacker could exploit this vulnerability to upload a malicious file. The only way that file would be executed would be through a phishing attack to trick an unsuspecting victim to execute the file. | ||||
CVE-2016-0208 | 1 Ibm | 1 Websphere Commerce | 2024-08-05 | N/A |
IBM WebSphere Commerce 6.x through 6.0.0.11, 7.x through 7.0.0.9, and 8.x before 8.0.0.3 allows remote attackers to cause a denial of service (order-processing outage) via unspecified vectors. | ||||
CVE-2016-0222 | 1 Ibm | 8 Maximo Asset Management, Maximo For Government, Maximo For Life Sciences and 5 more | 2024-08-05 | N/A |
IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors. | ||||
CVE-2016-0153 | 1 Microsoft | 6 Windows 7, Windows 8.1, Windows Rt 8.1 and 3 more | 2024-08-05 | N/A |
OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows remote attackers to execute arbitrary code via a crafted file, aka "Windows OLE Remote Code Execution Vulnerability." | ||||
CVE-2016-0179 | 1 Microsoft | 4 Windows 10, Windows 8.1, Windows Rt 8.1 and 1 more | 2024-08-05 | N/A |
Windows Shell in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Shell Remote Code Execution Vulnerability." | ||||
CVE-2016-0142 | 1 Microsoft | 5 Windows 10, Windows 7, Windows 8.1 and 2 more | 2024-08-05 | N/A |
Video Control in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted web page, aka "Microsoft Video Control Remote Code Execution Vulnerability." |