| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying an identity column within a crafted ALTER TABLE statement. |
| IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying the same column within multiple ALTER TABLE statements. |
| The command-line scripts in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 2 through 8, when debugging is configured, do not properly restrict the logging of personal data, which allows local users to obtain sensitive information by reading a log file. |
| The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing 9.5 before 9.5.1.3 iFix2, 10.0.0.x before 10.0.0.1 iFix1, 10.0.1.x before 10.0.1.3 iFix1, and 10.0.2.x before 10.0.2.5; and Emptoris Program Management (aka PGM) and Strategic Supply Management (aka SSMP) 10.0.0.x before 10.0.0.3 iFix6, 10.0.1.x before 10.0.1.4 iFix1, and 10.0.2.x before 10.0.2.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. |
| Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. |
| The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 does not properly generate random numbers, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. |
| Directory traversal vulnerability in IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before 8.6.0.8, 9.0.x before 9.0.0.4.1, 9.1.0.x before 9.1.0.5, and 9.1.1.x before 9.1.1.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL. |
| Integer overflow in the string_chunk_split function in hphp/runtime/base/zend-string.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted arguments to the chunk_split function. |
| The HashContext class in hphp/runtime/ext/ext_hash.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 incorrectly expects that a certain key string uses '\0' for termination, which allows remote attackers to obtain sensitive information by leveraging read access beyond the end of the string, and makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging truncation of a string containing an internal '\0' character. |
| WP-Ban plugin before 1.6.4 for WordPress, when running in certain configurations, allows remote attackers to bypass the IP blacklist via a crafted X-Forwarded-For header. |
| Unspecified vulnerability in the CWT Frontend Edit (cwt_feedit) extension before 1.2.5 for TYPO3 allows remote authenticated users to execute arbitrary code via unknown vectors. |
| Unspecified vulnerability in the LDAP (eu_ldap) extension before 2.8.18 for TYPO3 allows remote authenticated users to obtain sensitive information via unknown vectors. |
| SQL injection vulnerability in the Flat Manager (flatmgr) extension before 2.7.10 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| Cross-site scripting (XSS) vulnerability in the Open Graph protocol (jh_opengraphprotocol) extension before 1.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| Unspecified vulnerability in the ke DomPDF extension before 0.0.5 for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors. |
| Unspecified vulnerability in the LumoNet PHP Include (lumophpinclude) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary scripts via vectors related to extension links. |
| Cross-site scripting (XSS) vulnerability in the News Pack extension 0.1.0 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| Cross-site scripting (XSS) vulnerability in the Akronymmanager (aka SB Folderdownload) extension 0.5.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| SQL injection vulnerability in the Address visualization with Google Maps (st_address_map) extension before 0.3.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| Cross-site scripting (XSS) vulnerability in the Google Sitemap (weeaar_googlesitemap) extension 0.4.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |