CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1502
https://notcve.org/view.php?id=CVE-2018-1502
01 May 2018 — IBM Content Manager Enterprise Edition Resource Manager 8.4.3 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141338. IBM Content Manager Enterprise Edition Resource Manager en sus versiones 8.4.3 y 9.5 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban cód... • http://www-01.ibm.com/support/docview.wss?uid=swg22014917 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2016-8922
https://notcve.org/view.php?id=CVE-2016-8922
01 Feb 2017 — Exphox WebRadar is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Exphox WebRadar es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de creden... • http://www.ibm.com/support/docview.wss?uid=swg21993561 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 94%CPEs: 42EXPL: 1CVE-2015-4000 – LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks
https://notcve.org/view.php?id=CVE-2015-4000
21 May 2015 — The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. El protocolo TLS 1.2 y anteriores, cuando una suite de cifrado DHE_EXPORT está habilitada en un servidor pero no en un cliente, no t... • https://github.com/fatlan/HAProxy-Keepalived-Sec-HighLoads • CWE-310: Cryptographic Issues CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.8EPSS: 2%CPEs: 7EXPL: 0CVE-2013-6329
https://notcve.org/view.php?id=CVE-2013-6329
17 Dec 2013 — IBM Global Security Kit (aka GSKit), as used in Content Manager OnDemand 8.5 and 9.0 and other products, allows remote attackers to cause a denial of service via a crafted handshake during resumption of an SSLv2 session. IBM Global Security Kit (aka GSKit), tal como se utiliza en Content Manager OnDemand 8.5 y 9.0 y otros productos, permite a atacantes remotos provocar una denegación de servicio a través de un handshake manipulado durante la reanudación de una sesión de SSLv2. • http://secunia.com/advisories/56058 • CWE-310: Cryptographic Issues •