Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-09-02 | CVE-2016-5105 | Use of Uninitialized Resource vulnerability in multiple products The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command. | 4.4 |
| 2016-09-02 | CVE-2016-4952 | Out-of-bounds Write vulnerability in multiple products QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vectors related to the (1) PVSCSI_CMD_SETUP_RINGS or (2) PVSCSI_CMD_SETUP_MSG_RING SCSI command. | 6.0 |
| 2016-09-02 | CVE-2016-0772 | Protection Mechanism Failure vulnerability in Python The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack." | 6.5 |
| 2016-09-02 | CVE-2016-6483 | Server-Side Request Forgery (SSRF) vulnerability in Vbulletin The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3.8.9 before Patch Level 1, 4.x before 4.2.2 Patch Level 6, 4.2.3 before Patch Level 2, 5.x before 5.2.0 Patch Level 3, 5.2.1 before Patch Level 1, and 5.2.2 before Patch Level 1 allows remote attackers to conduct SSRF attacks via a crafted URL that results in a Redirection HTTP status code. | 8.6 |
| 2016-09-02 | CVE-2016-4853 | OS Command Injection vulnerability in Akabei Soft2 Happy Wardrobe AKABEi SOFT2 games allow remote attackers to execute arbitrary OS commands via crafted saved data, as demonstrated by Happy Wardrobe. | 7.8 |
| 2016-09-02 | CVE-2016-4851 | Cross-site Scripting vulnerability in Let'S PHP! Simple Chat Cross-site scripting (XSS) vulnerability in Let's PHP! simple chat before 2016-08-15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2016-09-02 | CVE-2016-4848 | Cross-site Scripting vulnerability in Clip-Bucket Clipbucket Cross-site scripting (XSS) vulnerability in ClipBucket before 2.8.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2016-09-02 | CVE-2016-6376 | Resource Management Errors vulnerability in Cisco products The Adaptive Wireless Intrusion Prevention System (wIPS) feature on Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device restart) via a malformed wIPS packet, aka Bug ID CSCuz40263. | 6.5 |
| 2016-09-02 | CVE-2016-1473 | Information Exposure vulnerability in Cisco Small Business 220 Series Smart Plus Switches 1.0.0.17/1.0.0.18/1.0.0.19 Cisco Small Business 220 devices with firmware before 1.0.1.1 have a hardcoded SNMP community, which allows remote attackers to read or modify SNMP objects by leveraging knowledge of this community, aka Bug ID CSCuz76216. | 9.8 |
| 2016-09-02 | CVE-2016-1472 | Improper Input Validation vulnerability in Cisco Small Business 220 Series Smart Plus Switches 1.0.0.17/1.0.0.18/1.0.0.19 The web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to cause a denial of service (interface outage) via a crafted HTTP request, aka Bug ID CSCuz76238. | 7.5 |