Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-02-03 CVE-2017-3812 Missing Release of Resource after Effective Lifetime vulnerability in Cisco Industrial Ethernet 2000 Series Firmware 15.2(5.4.32I)E2
A vulnerability in the implementation of Common Industrial Protocol (CIP) functionality in Cisco Industrial Ethernet 2000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to a system memory leak.
network
high complexity
cisco CWE-772
6.8
2017-02-03 CVE-2017-3810 Open Redirect vulnerability in Cisco Prime Service Catalog 10.0(R2)Base
A vulnerability in the web framework of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a web URL redirect attack against a user who is logged in to an affected system.
network
low complexity
cisco CWE-601
5.4
2017-02-03 CVE-2017-3809 Improper Input Validation vulnerability in Cisco Secure Firewall Management Center 6.1.0/6.2.0
A vulnerability in the Policy deployment module of the Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to prevent deployment of a complete and accurate rule base.
network
low complexity
cisco CWE-20
5.8
2017-02-03 CVE-2017-3806 OS Command Injection vulnerability in Cisco Firepower Threat Defense
A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to inject arbitrary shell commands that are executed by the device.
local
low complexity
cisco CWE-78
5.3
2017-02-03 CVE-2017-2768 Improper Authentication vulnerability in EMC Smarts Network Configuration Manager
EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contains an Improper Authentication vulnerability that could potentially be exploited by malicious users to compromise the affected system.
network
low complexity
emc CWE-287
critical
9.8
2017-02-03 CVE-2017-2767 Improper Authentication vulnerability in EMC Smarts Network Configuration Manager
EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contains a Java RMI Remote Code Execution vulnerability that could potentially be exploited by malicious users to compromise the affected system.
network
low complexity
emc CWE-287
critical
9.8
2017-02-03 CVE-2017-2766 Weak Password Recovery Mechanism for Forgotten Password vulnerability in EMC Documentum Eroom 7.4.4/7.4.5/7.5.0
EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified password change vulnerability that could potentially be exploited by malicious users to compromise the affected system.
network
low complexity
emc CWE-640
critical
9.8
2017-02-03 CVE-2016-9873 Command Injection vulnerability in EMC Documentum D2 4.5/4.6
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a DQL Injection Vulnerability that could potentially be exploited by malicious users to compromise the affected system.
network
low complexity
emc CWE-77
6.3
2017-02-03 CVE-2016-9872 Cross-site Scripting vulnerability in EMC Documentum D2 4.5/4.6
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has Reflected Cross-Site Scripting Vulnerabilities that could potentially be exploited by malicious users to compromise the affected system.
network
low complexity
emc CWE-79
6.1
2017-02-03 CVE-2016-9871 Permissions, Privileges, and Access Controls vulnerability in EMC Isilon Onefs
EMC Isilon OneFS 7.2.1.0 - 7.2.1.3, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, EMC Isilon OneFS 7.1.0.x is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system.
network
low complexity
emc CWE-264
7.2