Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-05-10 CVE-2016-9250 Permissions, Privileges, and Access Controls vulnerability in F5 products
In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism.
network
low complexity
f5 CWE-264
7.5
2017-05-10 CVE-2016-6037 Cross-site Scripting vulnerability in IBM Rational Quality Manager and Rational Team Concert
IBM Rational Team Concert (RTC) is vulnerable to HTML injection.
network
low complexity
ibm CWE-79
4.8
2017-05-10 CVE-2016-6035 Cross-site Scripting vulnerability in IBM Rational Quality Manager and Rational Team Concert
IBM Rational Quality Manager is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-05-10 CVE-2016-5889 Cross-Site Request Forgery (CSRF) vulnerability in IBM Interact
IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2017-05-10 CVE-2016-5888 Cross-site Scripting vulnerability in IBM Interact
IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-05-10 CVE-2016-3032 Cross-site Scripting vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-05-10 CVE-2017-8878 Information Exposure vulnerability in Asus Rt-Ac1750 Firmware 3.0.0.4.380.7266
ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow remote authenticated users to discover the Wi-Fi password via WPS_info.xml.
network
low complexity
asus CWE-200
6.5
2017-05-10 CVE-2017-8877 Information Exposure vulnerability in Asus Rt-Ac1750 Firmware 3.0.0.4.380.7266
ASUS RT-AC* and RT-N* devices with firmware through 3.0.0.4.380.7378 allow JSONP Information Disclosure such as the SSID.
network
low complexity
asus CWE-200
6.5
2017-05-10 CVE-2017-8876 Cross-site Scripting vulnerability in Getsymphony Symphony 2.6.11
Symphony 2 2.6.11 has XSS in the meta[navigation_group] parameter to content/content.blueprintssections.php.
network
low complexity
getsymphony CWE-79
6.1
2017-05-10 CVE-2017-8875 Cross-Site Request Forgery (CSRF) vulnerability in Codection Clean Login 1.7.12
CSRF in the Clean Login plugin before 1.8 for WordPress allows remote attackers to change the login redirect URL or logout redirect URL.
network
low complexity
codection CWE-352
6.5