Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-06 | CVE-2015-2867 | Use of Hard-coded Credentials vulnerability in Trane Comfortlink II Firmware 2.0.2 A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system. | 9.8 |
| 2017-01-05 | CVE-2017-5179 | Cross-site Scripting vulnerability in Tenable Nessus Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2017-01-05 | CVE-2016-8006 | Permissions, Privileges, and Access Controls vulnerability in Mcafee Security Information and Event Management 9.6.0 Authentication bypass vulnerability in Enterprise Security Manager (ESM) and License Manager (LM) in Intel Security McAfee Security Information and Event Management (SIEM) 9.6.0 MR3 allows an administrator to make changes to other SIEM users' information including user passwords without supplying the current administrator password a second time via the GUI or GUI terminal commands. | 4.4 |
| 2017-01-05 | CVE-2016-6892 | Use After Free vulnerability in Matrixssl The x509FreeExtensions function in MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (free of unallocated memory) via a crafted X.509 certificate. | 7.5 |
| 2017-01-05 | CVE-2016-6891 | Out-of-bounds Read vulnerability in Matrixssl MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ASN.1 Bit Field primitive in an X.509 certificate. | 7.5 |
| 2017-01-05 | CVE-2016-6890 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Matrixssl Heap-based buffer overflow in MatrixSSL before 3.8.6 allows remote attackers to execute arbitrary code via a crafted Subject Alt Name in an X.509 certificate. | 9.8 |
| 2017-01-05 | CVE-2015-3441 | Command Injection vulnerability in Genexia Drgos 1.14 The Parental Control panel in Genexis devices with DRGOS before 1.14.1 allows remote authenticated users to execute arbitrary CLI commands via the (1) start_hour, (2) start_minute, (3) end_hour, (4) end_minute, or (5) hostname parameter. | 8.8 |
| 2017-01-05 | CVE-2016-9754 | Integer Overflow or Wraparound vulnerability in Linux Kernel The ring_buffer_resize function in kernel/trace/ring_buffer.c in the profiling subsystem in the Linux kernel before 4.6.1 mishandles certain integer calculations, which allows local users to gain privileges by writing to the /sys/kernel/debug/tracing/buffer_size_kb file. | 7.8 |
| 2017-01-05 | CVE-2016-10030 | Improper Access Control vulnerability in Schedmd Slurm The _prolog_error function in slurmd/req.c in Slurm before 15.08.13, 16.x before 16.05.7, and 17.x before 17.02.0-pre4 has a vulnerability in how the slurmd daemon informs users of a Prolog failure on a compute node. | 8.1 |
| 2017-01-05 | CVE-2016-7169 | Path Traversal vulnerability in Wordpress Directory traversal vulnerability in the File_Upload_Upgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress before 4.6.1 allows remote authenticated users to access arbitrary files via a crafted urlholder parameter. | 6.3 |