Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-05 | CVE-2016-6550 | Cryptographic Issues vulnerability in Bb&T the U 1.5.4 The U by BB&T app 1.5.4 and earlier for iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2016-10-05 | CVE-2016-0913 | Improper Input Validation vulnerability in EMC products The client in EMC Replication Manager (RM) before 5.5.3.0_01-PatchHotfix, EMC Network Module for Microsoft 3.x, and EMC Networker Module for Microsoft 8.2.x before 8.2.3.6 allows remote RM servers to execute arbitrary commands by placing a crafted script in an SMB share. | 9.8 |
| 2016-10-03 | CVE-2016-8280 | Path Traversal vulnerability in Huawei Esight V300R002C00/V300R003C10/V300R003C20 Directory traversal vulnerability in Huawei eSight before V300R003C20SPC005 allows remote authenticated users to read arbitrary files via unspecified vectors. | 6.5 |
| 2016-10-03 | CVE-2016-8278 | Improper Input Validation vulnerability in Huawei Usg9520, Usg9560 and Usg9580 Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote attackers to cause a denial of service (device restart) via an unspecified URL. | 7.5 |
| 2016-10-03 | CVE-2016-8277 | Improper Input Validation vulnerability in Huawei Usg9520, Usg9560 and Usg9580 Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote authenticated users to cause a denial of service (device restart) via an unspecified command parameter. | 6.5 |
| 2016-10-03 | CVE-2016-8276 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products Buffer overflow in the Point-to-Point Protocol over Ethernet (PPPoE) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600, when CHAP authentication is configured on the server, allows remote attackers to cause a denial of service (server restart) or execute arbitrary code via crafted packets sent during authentication. | 9.8 |
| 2016-10-03 | CVE-2016-7141 | Improper Authentication vulnerability in multiple products curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420. | 7.5 |
| 2016-10-03 | CVE-2016-7046 | Resource Management Errors vulnerability in Redhat Jboss Enterprise Application Platform 7.0 Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via a long URL. | 5.9 |
| 2016-10-03 | CVE-2016-6905 | Out-of-bounds Read vulnerability in multiple products The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image. | 6.5 |
| 2016-10-03 | CVE-2015-8086 | Inadequate Encryption Strength vulnerability in Huawei products Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC500 makes it easier for remote authenticated administrators to obtain encryption keys and ciphertext passwords via vectors related to key storage. | 4.9 |