Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-02-01 CVE-2016-0296 Information Exposure Through Log Files vulnerability in IBM Bigfix Platform
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user.
local
low complexity
ibm CWE-532
3.3
2017-02-01 CVE-2016-0265 Cross-site Scripting vulnerability in IBM Campaign
IBM Campaign is vulnerable to cross-site scripting, caused by improper validation of user-supplied input.
network
low complexity
ibm CWE-79
5.4
2017-02-01 CVE-2017-3792 Improper Input Validation vulnerability in Cisco Telepresence MCU Software
A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition.
network
low complexity
cisco CWE-20
critical
9.8
2017-02-01 CVE-2017-3791 Improper Authentication vulnerability in Cisco Prime Home
A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges.
network
low complexity
cisco CWE-287
critical
10.0
2017-02-01 CVE-2017-3790 Improper Input Validation vulnerability in Cisco products
A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software could allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-20
8.6
2017-02-01 CVE-2016-9225 Resource Management Errors vulnerability in Cisco ASA CX Context-Aware Security Software
A vulnerability in the data plane IP fragment handler of the Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security module could allow an unauthenticated, remote attacker to cause the CX module to be unable to process further traffic, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-399
8.6
2017-02-01 CVE-2016-10079 Improper Input Validation vulnerability in SAP Saplpd 7400.3.11.33
SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of Service vulnerability (service crash) with a long string to TCP port 515.
network
low complexity
sap CWE-20
7.5
2017-02-01 CVE-2016-8491 Use of Hard-coded Credentials vulnerability in Fortinet Fortiwlc
The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell.
network
low complexity
fortinet CWE-798
critical
9.1
2017-02-01 CVE-2016-9963 Key Management Errors vulnerability in multiple products
Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.
network
high complexity
exim canonical debian CWE-320
5.9
2017-02-01 CVE-2016-4038 Improper Input Validation vulnerability in Samsung Mobile 4.4/5.0/5.1
Array index error in the msm_sensor_config function in kernel/SM-G9008V_CHN_KK_Opensource/Kernel/drivers/media/platform/msm/camera_v2/sensor/msm_sensor.c in Samsung devices with Android KK(4.4) or L and an APQ8084, MSM8974, or MSM8974pro chipset allows local users to have unspecified impact via the gpio_config.gpio_name value.
local
low complexity
samsung CWE-20
7.8