Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-09-03 | CVE-2016-6377 | Improper Authentication vulnerability in Cisco Media Origination System Suite Media Origination System Suite Software 2.6 and earlier in Cisco Virtual Media Packager (VMP) allows remote attackers to bypass authentication and make arbitrary Platform and Applications Manager (PAM) API calls via unspecified vectors, aka Bug ID CSCuz52110. | 8.1 |
| 2016-09-03 | CVE-2016-5430 | Information Exposure vulnerability in Jose-PHP Project Jose-PHP The RSA 1.5 algorithm implementation in the JOSE_JWE class in JWE.php in jose-php before 2.2.1 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA). | 5.3 |
| 2016-09-03 | CVE-2016-5429 | Information Exposure vulnerability in Jose-PHP Project Jose-PHP jose-php before 2.2.1 does not use constant-time operations for HMAC comparison, which makes it easier for remote attackers to obtain sensitive information via a timing attack, related to JWE.php and JWS.php. | 3.7 |
| 2016-09-03 | CVE-2016-1464 | Improper Input Validation vulnerability in Cisco Webex WRF Player T29 Sp10Base Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375. | 7.8 |
| 2016-09-03 | CVE-2016-1415 | Resource Management Errors vulnerability in Cisco Webex WRF Player T29 Sp10Base Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted file, aka Bug ID CSCuz80455. | 5.5 |
| 2016-09-03 | CVE-2015-5721 | Code Injection vulnerability in Misp-Project Malware Information Sharing Platform Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp. | 9.8 |
| 2016-09-03 | CVE-2015-5720 | Cross-site Scripting vulnerability in Misp-Project Malware Information Sharing Platform Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) add.ctp, (2) edit.ctp, and (3) ajaxification.js. | 6.1 |
| 2016-09-03 | CVE-2015-5719 | Unspecified vulnerability in Misp-Project Malware Information Sharing Platform app/Controller/TemplatesController.php in Malware Information Sharing Platform (MISP) before 2.3.92 does not properly restrict filenames under the tmp/files/ directory, which has unspecified impact and attack vectors. | 9.8 |
| 2016-09-02 | CVE-2016-7123 | Cross-Site Request Forgery (CSRF) vulnerability in GNU Mailman Cross-site request forgery (CSRF) vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators. | 8.8 |
| 2016-09-02 | CVE-2016-6893 | Cross-Site Request Forgery (CSRF) vulnerability in GNU Mailman Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account. | 8.8 |