Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-09-12 | CVE-2016-6399 | Improper Input Validation vulnerability in Cisco products Cisco ACE30 Application Control Engine Module through A5 3.3 and ACE 4700 Application Control Engine appliances through A5 3.3 allow remote attackers to cause a denial of service (device reload) via crafted (1) SSL or (2) TLS packets, aka Bug ID CSCvb16317. | 7.5 |
| 2016-09-12 | CVE-2016-6398 | Information Exposure vulnerability in Cisco IOS 15.5(3)M The PPTP server in Cisco IOS 15.5(3)M does not properly initialize packet buffers, which allows remote attackers to obtain sensitive information from earlier network communication by reading packet data, aka Bug ID CSCvb16274. | 5.3 |
| 2016-09-12 | CVE-2016-6396 | Improper Input Validation vulnerability in Cisco Firesight System Software Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via crafted fields in HTTP headers, aka Bug ID CSCuz44482. | 5.3 |
| 2016-09-12 | CVE-2016-6395 | Cross-site Scripting vulnerability in Cisco Firesight System Software Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz58658. | 5.4 |
| 2016-09-12 | CVE-2016-6394 | Permissions, Privileges, and Access Controls vulnerability in Cisco Firesight System Software Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug ID CSCuz80503. | 9.1 |
| 2016-09-12 | CVE-2016-6371 | Path Traversal vulnerability in Cisco Hosted Collaboration Mediation Fulfillment 10.6(1)Base/10.6(2)Base/10.6(3)Base Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote attackers to write to arbitrary files via a crafted URL, aka Bug ID CSCuz64717. | 7.5 |
| 2016-09-12 | CVE-2016-6370 | Path Traversal vulnerability in Cisco Hosted Collaboration Mediation Fulfillment 10.6(1)Base/10.6(2)Base/10.6(3)Base Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote authenticated users to read arbitrary files via a crafted pathname in an HTTP request, aka Bug ID CSCuz27255. | 4.3 |
| 2016-09-12 | CVE-2016-5954 | Improper Access Control vulnerability in IBM Websphere Portal IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF30, 8.0.0 through 8.0.0.1 CF21, and 8.5.0 before CF12 allows remote authenticated users to cause a denial of service by uploading temporary files. | 6.5 |
| 2016-09-12 | CVE-2016-5927 | Information Exposure vulnerability in IBM Tivoli Storage Manager for Space Management IBM Tivoli Storage Manager for Space Management (aka Spectrum Protect for Space Management) 6.3.x before 6.3.2.6, 6.4.x before 6.4.3.3, and 7.1.x before 7.1.6, when certain dsmsetpw tracing is configured, allows local users to discover an encrypted password by reading application-trace output. | 5.5 |
| 2016-09-12 | CVE-2016-4852 | Improper Input Validation vulnerability in Aki-Null Yorufukurou YoruFukurou (NightOwl) before 2.85 relies on support for emoji skin-tone modifiers even though this support is missing from the CoreText CTFramesetter API on OS X 10.9, which allows remote attackers to cause a denial of service (application crash) via a crafted emoji character sequence. | 6.5 |