Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-01-12 CVE-2016-3149 Unspecified vulnerability in Barco products
Barco ClickShare CSC-1 devices with firmware before 01.09.03 and CSM-1 devices with firmware before 01.06.02 allow remote attackers to execute arbitrary code via unspecified vectors.
network
low complexity
barco
critical
9.8
2017-01-12 CVE-2016-10027 Race Condition vulnerability in multiple products
Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server response.
network
high complexity
igniterealtime fedoraproject CWE-362
5.9
2017-01-12 CVE-2015-6501 Open Redirect vulnerability in Puppet Enterprise
Open redirect vulnerability in the Console in Puppet Enterprise before 2015.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the string parameter.
network
low complexity
puppet CWE-601
6.1
2017-01-12 CVE-2016-8606 Improper Access Control vulnerability in multiple products
The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack.
network
low complexity
gnu fedoraproject CWE-284
critical
9.8
2017-01-12 CVE-2016-8605 Permission Issues vulnerability in multiple products
The mkdir procedure of GNU Guile temporarily changed the process' umask to zero.
network
low complexity
fedoraproject gnu CWE-275
5.3
2017-01-12 CVE-2016-8221 Permissions, Privileges, and Access Controls vulnerability in Lenovo Xclarity Administrator
Privilege Escalation in Lenovo XClarity Administrator earlier than 1.2.0, if LXCA is used to manage rack switches or chassis with embedded input/output modules (IOMs), certain log files viewable by authenticated users may contain passwords for internal administrative LXCA accounts with temporary passwords that are used internally by LXCA code.
local
high complexity
lenovo CWE-264
7.0
2017-01-12 CVE-2016-7791 Improper Input Validation vulnerability in Exponentcms Exponent CMS 2.3.9
Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php.
network
low complexity
exponentcms CWE-20
critical
9.8
2017-01-12 CVE-2016-7790 Improper Input Validation vulnerability in Exponentcms Exponent CMS 2.3.9
Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php.
network
low complexity
exponentcms CWE-20
critical
9.8
2017-01-12 CVE-2017-0404 Unspecified vulnerability in Linux Kernel 3.10/3.18
An elevation of privilege vulnerability in the kernel sound subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel.
local
high complexity
linux
7.0
2017-01-12 CVE-2017-0403 Unspecified vulnerability in Linux Kernel 3.10/3.18
An elevation of privilege vulnerability in the kernel performance subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel.
local
high complexity
linux
7.0