Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-02-22 | CVE-2017-3821 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager 10.5(2.14076.1) A vulnerability in the serviceability page of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. | 4.3 |
2017-02-22 | CVE-2017-2684 | Authentication Bypass vulnerability in Siemens Simatic Logon 1.5 Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level authentication. network siemens | 6.8 |
2017-02-21 | CVE-2016-9053 | Improper Validation of Array Index vulnerability in Aerospike Database Server 3.10.0.3 An exploitable out-of-bounds indexing vulnerability exists within the RW fabric message particle type of Aerospike Database Server 3.10.0.3. | 9.8 |
2017-02-21 | CVE-2016-9051 | Out-of-bounds Write vulnerability in Aerospike Database Server 3.10.0.3 An exploitable out-of-bounds write vulnerability exists in the batch transaction field parsing functionality of Aerospike Database Server 3.10.0.3. | 9.8 |
2017-02-21 | CVE-2016-9049 | NULL Pointer Dereference vulnerability in Aerospike Database Server 3.10.0.3 An exploitable denial-of-service vulnerability exists in the fabric-worker component of Aerospike Database Server 3.10.0.3. | 7.5 |
2017-02-21 | CVE-2017-6127 | Cross-Site Request Forgery (CSRF) vulnerability in Digisol Dg-Hr1400 Firmware 1.00.02 Multiple cross-site request forgery (CSRF) vulnerabilities in the access portal on the DIGISOL DG-HR1400 Wireless Router with firmware 1.00.02 allow remote attackers to hijack the authentication of administrators for requests that (1) change the SSID, (2) change the Wi-Fi password, or (3) possibly have unspecified other impact via crafted requests to form2WlanBasicSetup.cgi. | 6.8 |
2017-02-21 | CVE-2015-4057 | Information Exposure vulnerability in Dell VCE Vision Intelligent Operations 2.5/2.6/2.6.4 The "Plug-in for VMware vCenter" in VCE Vision Intelligent Operations before 2.6.5 sends a cleartext HTTP response upon a request for the Settings screen, which allows remote attackers to discover the admin user password by sniffing the network. | 5.0 |
2017-02-21 | CVE-2015-4056 | Cryptographic Issues vulnerability in Dell VCE Vision Intelligent Operations 2.5/2.6/2.6.4 The System Library in VCE Vision Intelligent Operations before 2.6.5 does not properly implement cryptography, which makes it easier for local users to discover credentials by leveraging administrative access. | 2.1 |
2017-02-21 | CVE-2017-6098 | SQL Injection vulnerability in Mail-Masta Project Mail-Masta 1.0 A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. | 6.5 |
2017-02-21 | CVE-2017-6097 | SQL Injection vulnerability in Mail-Masta Project Mail-Masta 1.0 A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. | 6.5 |