CVSS: 6.5EPSS: 0%CPEs: 39EXPL: 0CVE-2017-1110 – Ubuntu Security Notice USN-4309-1
https://notcve.org/view.php?id=CVE-2017-1110
28 Aug 2017 — IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 contains an unspecified vulnerability that could allow an authenticated user to view the incidents of a higher privileged user. IBM X-Force ID: 120915. IBM Curam Social Program Management 6.0, 6.1, 6.2 y 7.0 contiene una vulnerabilidad no especificada que podría permitir que un usuario autenticado visualice los incidentes de un usuario con más privilegios. IBM X-Force ID: 120915. It was discovered that Vim incorrectly handled certain sources. • http://www.ibm.com/support/docview.wss?uid=swg22007161 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 45EXPL: 0CVE-2017-1106
https://notcve.org/view.php?id=CVE-2017-1106
28 Jun 2017 — IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120744. IBM Curam Social Program Management 5.2, 6.0 y 7.0 es vulnerable a ataques de tipo Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la in... • http://www.ibm.com/support/docview.wss?uid=swg22004580 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 33EXPL: 0CVE-2016-9979
https://notcve.org/view.php?id=CVE-2016-9979
20 Apr 2017 — IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120255. IBM Curam Social Program Management 5.2, 6.0 y 7.0 es vulnerable a XSS. Esta vulnerabilidad permite a los usuarios integrar código JavaScript arbitrario en la interfaz de usuario Web, alterando así la ... • http://www.ibm.com/support/docview.wss?uid=swg22001780 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 39EXPL: 0CVE-2016-9978
https://notcve.org/view.php?id=CVE-2016-9978
20 Apr 2017 — IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an authenticated attacker to disclose sensitive information. IBM X-Force ID: 120254. IBM Curam Social Program Management 5.2, 6.0 y 7.0 podría permitir a un atacante autenticado revelar información confidencial. IBM X-Force ID: 120254. • http://www.ibm.com/support/docview.wss?uid=swg22001782 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 39EXPL: 0CVE-2016-8923
https://notcve.org/view.php?id=CVE-2016-8923
20 Apr 2017 — IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a vulnerability that would allow an authorized user to obtain sensitive information from the profile of a higher privileged user that they should not have access to. IBM X-Force ID: 118536. IBM Curam Social Program Management 5.2, 6.0 y 7.0 contienen una vulnerabilidad que podría permitir a usuarios autorizados obtener información sensible del perfil de un usuario más privilegiado al que no debería tener acceso. IBM X-Force ID: 118536. • http://www.ibm.com/support/docview.wss?uid=swg22001774 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 39EXPL: 0CVE-2016-9980
https://notcve.org/view.php?id=CVE-2016-9980
20 Apr 2017 — IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120256. IBM Curam Social Program Management 5.2, 6.0 y 7.0 es vulnerable a XSS. Esta vulnerabilidad permite a los usuarios integrar código JavaScript arbitrario en la interfaz de usuario Web, alterando así la ... • http://www.ibm.com/support/docview.wss?uid=swg22001779 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 39EXPL: 0CVE-2016-6111
https://notcve.org/view.php?id=CVE-2016-6111
31 Mar 2017 — IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000833. IBM Curam Social Program Management 6.0 y 7.0 son vulnerables a una denegación de servicio, causada por un error de XML Entity Injection XXE al procesar datos XML. Un atacante remoto po... • http://www.ibm.com/support/docview.wss?uid=swg22000833 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2015-5023
https://notcve.org/view.php?id=CVE-2015-5023
03 Jan 2016 — SQL injection vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en IBM Curam Social Program Management 6.1 en versiones anteriores a 6.1.1 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21967851 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7402
https://notcve.org/view.php?id=CVE-2015-7402
02 Jan 2016 — Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Curam Social Program Management 6.1 en versiones anteriores a 6.1.1.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21970661 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •