Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-09 | CVE-2016-7811 | Improper Access Control vulnerability in Corega Cg-Wlr300Nx Firmware 1.20 Corega CG-WLR300NX firmware Ver. | 8.8 |
| 2017-06-09 | CVE-2016-7809 | Cross-Site Request Forgery (CSRF) vulnerability in Corega Cg-Wlr300Nx Firmware 1.20 Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX firmware Ver. | 8.8 |
| 2017-06-09 | CVE-2016-7807 | Improper Access Control vulnerability in Iodata Wfs-Sr01 Firmware 1.10 I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to bypass access restriction to access data on storage devices inserted into the product via unspecified vectors. | 7.5 |
| 2017-06-09 | CVE-2016-7803 | SQL Injection vulnerability in Cybozu Garoon SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function. | 8.8 |
| 2017-06-09 | CVE-2016-4907 | Cross-Site Request Forgery (CSRF) vulnerability in Cybozu Garoon Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors. | 8.8 |
| 2017-06-09 | CVE-2016-4902 | Untrusted Search Path vulnerability in Jpki products Untrusted search path vulnerability in The Public Certification Service for Individuals "The JPKI user's software (for Windows 7 and later)" Ver3.0.1 and earlier, The Public Certification Service for Individuals "The JPKI user's software (for Windows Vista)" Ver3.0.1 and earlier and The Public Certification Service for Individuals "The JPKI user's software" Ver2.6 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
| 2017-06-08 | CVE-2017-1319 | Inadequate Encryption Strength vulnerability in IBM Tivoli Federated Identity Manager 6.2.0/6.2.1/6.2.2 IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure attribute in encrypted session (SSL) cookie. | 7.5 |
| 2017-06-08 | CVE-2016-9991 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Sterling Selling and Fulfillment Foundation IBM Sterling Order Management 9.2 through 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.0 |
| 2017-06-08 | CVE-2016-9698 | XXE vulnerability in IBM Rational Rhapsody Design Manager IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. | 8.1 |
| 2017-06-08 | CVE-2016-6098 | Improper Access Control vulnerability in IBM products IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. | 8.1 |