LiveActive security incident?Get immediate response
CVE archive

August 2016

Browse CVE records published in August 2016, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 665 matching CVEs · Page 2 of 14.

Unknown · CVSS Not scored

CVE-2016-6021: IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 is vulnerable to cross-site scripting.

IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116755.

Published Aug 14, 2017 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-6121: IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x is vulnerable to cross-site scripting.

IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118383.

Published Aug 9, 2017 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-5001: This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the...

This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. A local user on an HDFS DataNode may be able to craft a block token that grants unauthorized read access to random files by guessing certain fields in the token.

Published Aug 30, 2017 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-4975: mod_userdir CRLF injection

Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).

Published Aug 14, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-2967: IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting.

IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Sametime away message altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113848.

Published Aug 29, 2017 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-6800: The default configuration of the Apache OFBiz framework offers a blog functionality.

The default configuration of the Apache OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creation of new blog articles the user input of the summary field as well as the article field is not properly sanitized. It is possible to inject arbitrary JavaScript code in these form fields. This code gets executed from the browser of every user who is visiting this article. Mitigation: Upgrade to Apache OFBiz 16.11.01.

Published Aug 30, 2017 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-8949: IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phish...

IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118836.

Published Aug 9, 2017 · Updated Sep 16, 2024

Medium · CVSS 4

CVE-2016-15035: Doc2k RE-Chat re_chat.js cross site scripting

A vulnerability was found in Doc2k RE-Chat 1.0. It has been classified as problematic. This affects an unknown part of the file js_on_radio-emergency.de_/re_chat.js. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The patch is named bd17d497ddd3bab4ef9c6831c747c37cc016c570. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-238155.

Published Aug 28, 2023 · Updated Aug 6, 2024