Author: Cyberthreat Blog

The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter.

IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 8.0 could allow a local user to hijack a user’s session. IBM X-Force ID: 123230.

IBM BigFix Inventory 9.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 118851.

IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user’s session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to...

Buffer overflow in PrivateTunnel 2.7 and 2.8 allows local attackers to cause a denial of service (SEH overwrite) or possibly have unspecified other impact via a long password.