Unknown · CVSS Not scored
IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user to upload a malicious file to a Sametime meeting room, that could be downloaded by unsuspecting users which could be executed with user privileges. IBM X-Force ID: 111893.
Published Aug 29, 2017 · Updated Sep 16, 2024
Unknown · CVSS Not scored
In all Qualcomm products with Android releases from CAF using the Linux kernel, a use-after-free vulnerability exists in IMS RCS.
Published Aug 18, 2017 · Updated Sep 16, 2024
Unknown · CVSS Not scored
IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting room manager to remove the primary managers privileges. IBM X-Force ID: 113804.
Published Aug 29, 2017 · Updated Sep 16, 2024
Unknown · CVSS Not scored
In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a handover scenario.
Published Aug 18, 2017 · Updated Sep 16, 2024
Unknown · CVSS Not scored
IBM Sametime 8.5.2 and 9.0 could allow an unauthorized authenticated user to enumerate group chat ID numbers and join meetings that he was not invited to. IBM X-Force ID: 111928.
Published Aug 29, 2017 · Updated Sep 16, 2024
Unknown · CVSS Not scored
In an audio driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a function is called with a very large length, an integer overflow could occur followed by a heap buffer overflow.
Published Aug 16, 2017 · Updated Sep 16, 2024
Unknown · CVSS Not scored
IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. IBM X-Force ID: 111894.
Published Aug 29, 2017 · Updated Sep 16, 2024
Unknown · CVSS Not scored
IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116755.
Published Aug 14, 2017 · Updated Sep 16, 2024
Unknown · CVSS Not scored
In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unprotected MeasurementReports revealing UE location.
Published Aug 18, 2017 · Updated Sep 16, 2024
Unknown · CVSS Not scored
In all Qualcomm products with Android releases from CAF using the Linux kernel, a configuration vulnerability exists when loading a 3rd-party QTEE application.
Published Aug 18, 2017 · Updated Sep 16, 2024
Unknown · CVSS Not scored
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118383.
Published Aug 9, 2017 · Updated Sep 16, 2024
Unknown · CVSS Not scored
XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted redirect field to modules/apps/foundation/frontend-js/frontend-js-spa-web/src/main/resources/META-INF/resources/init.jsp.
Published Aug 7, 2017 · Updated Sep 16, 2024
Unknown · CVSS Not scored
In all Qualcomm products with Android releases from CAF using the Linux kernel, arguments to several QTEE syscalls are not properly validated.
Published Aug 18, 2017 · Updated Sep 16, 2024
Unknown · CVSS Not scored
In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a hypervisor function is not properly validated.
Published Aug 18, 2017 · Updated Sep 16, 2024
Unknown · CVSS Not scored
IBM Sametime 8.5.2 and 9.0 could store potentially sensitive information from the browser cache locally that could be available to a local user. IBM X-Force ID: 113938.
Published Aug 29, 2017 · Updated Sep 16, 2024
Unknown · CVSS Not scored
This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. A local user on an HDFS DataNode may be able to craft a block token that grants unauthorized read access to random files by guessing certain fields in the token.
Published Aug 30, 2017 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).
Published Aug 14, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, several sanity checks are missing which can lead to out-of-bounds accesses.
Published Aug 16, 2017 · Updated Sep 16, 2024
Unknown · CVSS Not scored
IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113945.
Published Aug 29, 2017 · Updated Sep 16, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in the updateAmazonOrderTracking function in upload/admin/model/openbay/amazon.php in OpenCart before version 2.3.0.0 allows remote authenticated administrators to execute arbitrary SQL commands via a carrier (aka courier_id) parameter to openbay.php.
Published Aug 31, 2017 · Updated Sep 16, 2024
Unknown · CVSS Not scored
In all Qualcomm products with Android releases from CAF using the Linux kernel, access control to the I2C bus is not sufficient.
Published Aug 18, 2017 · Updated Sep 16, 2024
Unknown · CVSS Not scored
IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Sametime away message altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113848.
Published Aug 29, 2017 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img.
Published Aug 29, 2017 · Updated Sep 16, 2024
Unknown · CVSS Not scored
In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.
Published Aug 10, 2017 · Updated Sep 16, 2024
Unknown · CVSS Not scored
In all Qualcomm products with Android releases from CAF using the Linux kernel, there is a TOCTOU race condition in Secure UI.
Published Aug 18, 2017 · Updated Sep 16, 2024
Unknown · CVSS Not scored
In an audio driver in all Qualcomm products with Android releases from CAF using the Linux kernel, when a sanity check encounters a length value not in the correct range, an error message is printed, but code execution continues in the same way as for a correct length value.
Published Aug 16, 2017 · Updated Sep 16, 2024
Unknown · CVSS Not scored
In a driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a user-supplied buffer is casted to a structure without checking if the source buffer is large enough.
Published Aug 16, 2017 · Updated Sep 16, 2024
Unknown · CVSS Not scored
In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in LTE.
Published Aug 18, 2017 · Updated Sep 16, 2024
Unknown · CVSS Not scored
IBM Sametime Connect 8.5.2 and 9.0, after uninstalling the Sametime Rich Client, could disclose potentially sensitive information related to the Sametime environment as well as other users on the local machine of the user. IBM X-Force ID: 113934.
Published Aug 29, 2017 · Updated Sep 16, 2024
Unknown · CVSS Not scored
In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unprotected MeasurementReports revealing UE location.
Published Aug 18, 2017 · Updated Sep 16, 2024
Unknown · CVSS Not scored
IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. IBM X-Force ID: 111895.
Published Aug 29, 2017 · Updated Sep 16, 2024
Unknown · CVSS Not scored
IBM Sametime Media Services 8.5.2 and 9.0 can disclose sensitive information in stack trace error logs that could aid an attacker in future attacks. IBM X-Force ID: 113898.
Published Aug 29, 2017 · Updated Sep 16, 2024
Unknown · CVSS Not scored
IBM Sametime Meeting Server 8.5.2 and 9.0 could store credentials of the Sametime Meetings user in the local cache of their browser which could be accessed by a local user. IBM X-Force ID: 113855.
Published Aug 29, 2017 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in phpThumb() before 1.7.14 allow remote attackers to inject arbitrary web script or HTML via parameters in demo/phpThumb.demo.showpic.php.
Published Aug 31, 2017 · Updated Sep 16, 2024
Unknown · CVSS Not scored
IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting invitee to obtain previously cleared sensitive information by viewing the meeting report history. IBM X-Force ID: 113936.
Published Aug 29, 2017 · Updated Sep 16, 2024
Unknown · CVSS Not scored
IBM Sametime 8.5.1 and 9.0 could allow an authenticated user to enumerate meeting rooms by guessing the meeting room id. IBM X-Force ID: 113847.
Published Aug 29, 2017 · Updated Sep 16, 2024
Low · CVSS 3.1
IBM UrbanCode Deploy 6.0 through 6.2.2.1 could allow an authenticated user to read sensitive information due to UCD REST endpoints not properly authorizing users when determining who can read data. IBM X-Force ID: 112119.
Published Aug 30, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an image file.
Published Aug 18, 2017 · Updated Sep 16, 2024
Unknown · CVSS Not scored
IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119761.
Published Aug 28, 2017 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The default configuration of the Apache OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creation of new blog articles the user input of the summary field as well as the article field is not properly sanitized. It is possible to inject arbitrary JavaScript code in these form fields. This code gets executed from the browser of every user who is visiting this article. Mitigation: Upgrade to Apache OFBiz 16.11.01.
Published Aug 30, 2017 · Updated Sep 16, 2024
Medium · CVSS 4
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow a local user to obtain sensitive information when a previous user has logged out of the system but neglected to close their browser. IBM X-Force ID: 110303.
Published Aug 30, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118836.
Published Aug 9, 2017 · Updated Sep 16, 2024
Medium · CVSS 4
A vulnerability was found in Doc2k RE-Chat 1.0. It has been classified as problematic. This affects an unknown part of the file js_on_radio-emergency.de_/re_chat.js. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The patch is named bd17d497ddd3bab4ef9c6831c747c37cc016c570. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-238155.
Published Aug 28, 2023 · Updated Aug 6, 2024
Unknown · CVSS Not scored
php/qmn_options_questions_tab.php in the quiz-master-next plugin before 4.7.9 for WordPress allows CSRF, with resultant stored XSS, via the question_name parameter because js/admin_question.js mishandles parsing inside of a SCRIPT element.
Published Aug 16, 2020 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The gnucommerce plugin before 0.5.7-BETA for WordPress has XSS.
Published Aug 22, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The woocommerce-exporter plugin before 1.8.4 for WordPress has privilege escalation.
Published Aug 27, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The peters-login-redirect plugin before 2.9.1 for WordPress has XSS during the editing of redirect URLs.
Published Aug 22, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319.
Published Aug 22, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The advanced-ajax-page-loader plugin before 2.7.7 for WordPress has no protection against the reading of uploaded files when not logged in.
Published Aug 22, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The search-everything plugin before 8.1.6 for WordPress has SQL injection related to empty search strings, a different vulnerability than CVE-2014-2316.
Published Aug 22, 2019 · Updated Aug 6, 2024