Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-02-03 CVE-2017-3818 Improper Input Validation vulnerability in Cisco Email Security Appliance Firmware 9.7.1066
A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device, aka a Malformed MIME Header Filtering Bypass.
network
low complexity
cisco CWE-20
5.8
2017-02-03 CVE-2017-3814 Improper Input Validation vulnerability in Cisco Secure Firewall Management Center
A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to maliciously bypass the appliance's ability to block certain web content, aka a URL Bypass.
network
low complexity
cisco CWE-20
5.8
2017-02-03 CVE-2017-3812 Missing Release of Resource after Effective Lifetime vulnerability in Cisco Industrial Ethernet 2000 Series Firmware 15.2(5.4.32I)E2
A vulnerability in the implementation of Common Industrial Protocol (CIP) functionality in Cisco Industrial Ethernet 2000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to a system memory leak.
network
high complexity
cisco CWE-772
6.8
2017-02-03 CVE-2017-3810 Open Redirect vulnerability in Cisco Prime Service Catalog 10.0(R2)Base
A vulnerability in the web framework of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a web URL redirect attack against a user who is logged in to an affected system.
network
low complexity
cisco CWE-601
5.4
2017-02-03 CVE-2017-3809 Improper Input Validation vulnerability in Cisco Secure Firewall Management Center 6.1.0/6.2.0
A vulnerability in the Policy deployment module of the Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to prevent deployment of a complete and accurate rule base.
network
low complexity
cisco CWE-20
5.8
2017-02-03 CVE-2017-3806 OS Command Injection vulnerability in Cisco Firepower Threat Defense
A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to inject arbitrary shell commands that are executed by the device.
local
low complexity
cisco CWE-78
5.3
2017-02-03 CVE-2017-2768 Improper Authentication vulnerability in EMC Smarts Network Configuration Manager
EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contains an Improper Authentication vulnerability that could potentially be exploited by malicious users to compromise the affected system.
network
low complexity
emc CWE-287
critical
9.8
2017-02-03 CVE-2017-2767 Improper Authentication vulnerability in EMC Smarts Network Configuration Manager
EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contains a Java RMI Remote Code Execution vulnerability that could potentially be exploited by malicious users to compromise the affected system.
network
low complexity
emc CWE-287
critical
9.8
2017-02-03 CVE-2017-2766 Weak Password Recovery Mechanism for Forgotten Password vulnerability in EMC Documentum Eroom 7.4.4/7.4.5/7.5.0
EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified password change vulnerability that could potentially be exploited by malicious users to compromise the affected system.
network
low complexity
emc CWE-640
critical
9.8
2017-02-03 CVE-2016-9873 Command Injection vulnerability in EMC Documentum D2 4.5/4.6
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a DQL Injection Vulnerability that could potentially be exploited by malicious users to compromise the affected system.
network
low complexity
emc CWE-77
6.3