Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-08-19 | CVE-2016-3089 | Cross-site Scripting vulnerability in Apache Openmeetings Cross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the swf parameter. | 6.1 |
| 2016-08-19 | CVE-2016-0760 | Improper Access Control vulnerability in Apache Sentry 1.5.1/1.6.0 Multiple incomplete blacklist vulnerabilities in Apache Sentry before 1.7.0 allow remote authenticated users to execute arbitrary code via the (1) reflect, (2) reflect2, or (3) java_method Hive builtin functions. | 8.8 |
| 2016-08-19 | CVE-2015-8949 | Use After Free vulnerability in multiple products Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login. | 9.8 |
| 2016-08-19 | CVE-2015-8022 | Permissions, Privileges, and Access Controls vulnerability in F5 products The Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, and Link Controller 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP AFM and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.x before 11.2.1 HF16 and 11.3.0; and BIG-IP PSM 11.x before 11.2.1 HF16, 11.3.x, and 11.4.x before 11.4.1 HF10 allows remote authenticated users with certain permissions to gain privileges by leveraging an Access Policy Manager customization configuration section that allows file uploads. | 7.5 |
| 2016-08-19 | CVE-2014-9906 | Use After Free vulnerability in multiple products Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection. | 9.8 |
| 2016-08-18 | CVE-2016-4654 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS 9.3.3 IOMobileFrameBuffer in Apple iOS before 9.3.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 7.8 |
| 2016-08-18 | CVE-2016-1458 | Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Firewall Management Center The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 allows remote authenticated users to increase user-account privileges via crafted HTTP requests, aka Bug ID CSCur25483. | 8.8 |
| 2016-08-18 | CVE-2016-1457 | Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Firewall Management Center The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 allows remote authenticated users to execute arbitrary commands as root via crafted HTTP requests, aka Bug ID CSCur25513. | 8.8 |
| 2016-08-18 | CVE-2016-1365 | Improper Input Validation vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module 1.0.10 The Grapevine update process in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0 allows remote authenticated users to execute arbitrary commands as root via a crafted upgrade parameter, aka Bug ID CSCux15507. | 8.8 |
| 2016-08-18 | CVE-2016-6367 | Command Injection vulnerability in Cisco Adaptive Security Appliance Software Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FWSM devices allows local users to gain privileges via invalid CLI commands, aka Bug ID CSCtu74257 or EPICBANANA. | 7.8 |