Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-09-25 | CVE-2016-4658 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document. | 9.8 |
| 2016-09-25 | CVE-2016-4618 | Cross-site Scripting vulnerability in Apple Iphone OS and Safari Cross-site scripting (XSS) vulnerability in Safari Reader in Apple iOS before 10 and Safari before 10 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)." | 6.1 |
| 2016-09-25 | CVE-2016-4611 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Tvos WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4730, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735. | 8.8 |
| 2016-09-24 | CVE-2016-6532 | Use of Hard-coded Credentials vulnerability in Dexis Imaging Suite 10.0 DEXIS Imaging Suite 10 has a hardcoded password for the sa account, which allows remote attackers to obtain administrative access by entering this password in a DEXIS_DATA SQL Server session. | 9.8 |
| 2016-09-24 | CVE-2016-6531 | Credentials Management vulnerability in Opendental Open Dental 16.1 and earlier has a hardcoded MySQL root password, which allows remote attackers to obtain administrative access by leveraging access to intranet TCP port 3306. | 9.8 |
| 2016-09-24 | CVE-2016-5793 | Unquoted Search Path or Element vulnerability in Moxa Active OPC Server 2.4.18 Unquoted Windows search path vulnerability in Moxa Active OPC Server before 2.4.19 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory. | 8.8 |
| 2016-09-24 | CVE-2016-4845 | Cross-Site Request Forgery (CSRF) vulnerability in Iodata products Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL-AT1.0S, HVL-AT2.0, HVL-AT3.0, HVL-AT4.0, HVL-AT2.0A, HVL-AT3.0A, and HVL-AT4.0A devices with firmware before 2.04 allows remote attackers to hijack the authentication of arbitrary users for requests that delete content. | 8.8 |
| 2016-09-24 | CVE-2016-0918 | Information Exposure vulnerability in EMC products EMC RSA Identity Management and Governance before 6.8.1 P25 and 6.9.x before 6.9.1 P15 and RSA Via Lifecycle and Governance before 7.0.0 P04 allow remote authenticated users to obtain User Detail Popup information via a modified URL. | 4.3 |
| 2016-09-24 | CVE-2016-6413 | Permissions, Privileges, and Access Controls vulnerability in Cisco Application Policy Infrastructure Controller 1.3(2F) The installation procedure on Cisco Application Policy Infrastructure Controller (APIC) devices 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCva50496. | 7.8 |
| 2016-09-24 | CVE-2016-6412 | Improper Input Validation vulnerability in Cisco IOS 15.6(1)T1 The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the IOx feature set is enabled, allows man-in-the-middle attackers to trigger arbitrary downloads via crafted HTTP headers, aka Bug ID CSCuz84773. | 6.5 |