Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-09-18 | CVE-2016-6405 | Improper Input Validation vulnerability in Cisco FOG Director 1.0(0) Cisco Fog Director 1.0(0) for IOx allows remote authenticated users to bypass intended access restrictions and write to arbitrary files via the Cartridge interface, aka Bug ID CSCuz89368. | 6.5 |
| 2016-09-18 | CVE-2016-6404 | Cross-site Scripting vulnerability in Cisco IOS 15.5(2)T Cross-site scripting (XSS) vulnerability in the web framework in Cisco IOx Local Manager in IOS 15.5(2)T and IOS XE allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy19854. | 6.1 |
| 2016-09-18 | CVE-2016-6403 | Resource Management Errors vulnerability in Cisco IOS The Data in Motion (DMo) application in Cisco IOS 15.6(1)T and IOS XE, when the IOx feature set is enabled, allows remote attackers to cause a denial of service via a crafted packet, aka Bug IDs CSCuy82904, CSCuy82909, and CSCuy82912. | 5.9 |
| 2016-09-18 | CVE-2016-6402 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Computing System UCS Manager and UCS 6200 Fabric Interconnects in Cisco Unified Computing System (UCS) through 3.0(2d) allow local users to obtain OS root access via crafted CLI input, aka Bug ID CSCuz91263. | 7.8 |
| 2016-09-18 | CVE-2016-4749 | Information Exposure vulnerability in Apple Iphone OS Printing UIKit in Apple iOS before 10 mishandles environment variables, which allows local users to discover cleartext AirPrint preview content by reading a temporary file. | 3.3 |
| 2016-09-18 | CVE-2016-4747 | Information Exposure vulnerability in Apple Iphone OS Mail in Apple iOS before 10 mishandles certificates, which makes it easier for man-in-the-middle attackers to discover mail credentials via unspecified vectors. | 3.7 |
| 2016-09-18 | CVE-2016-4746 | Information Exposure vulnerability in Apple Iphone OS The Keyboards component in Apple iOS before 10 does not properly use a cache for auto-correct suggestions, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an unintended correction. | 5.3 |
| 2016-09-18 | CVE-2016-4741 | 7PK - Security Features vulnerability in Apple Iphone OS The Assets component in Apple iOS before 10 allows man-in-the-middle attackers to block software updates via vectors related to lack of an HTTPS session for retrieving updates. | 5.9 |
| 2016-09-18 | CVE-2016-4740 | Information Exposure vulnerability in Apple Iphone OS Apple iOS before 10, when Handoff for Messages is used, does not ensure that a Messages signin has occurred before displaying messages, which might allow attackers to obtain sensitive information via unspecified vectors. | 2.9 |
| 2016-09-18 | CVE-2016-4719 | Information Exposure vulnerability in Apple Iphone OS and Watchos The GeoServices component in Apple iOS before 10 and watchOS before 3 does not properly restrict access to PlaceData information, which allows attackers to discover physical locations via a crafted application. | 5.5 |