Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-06-09 CVE-2016-4902 Untrusted Search Path vulnerability in Jpki products
Untrusted search path vulnerability in The Public Certification Service for Individuals "The JPKI user's software (for Windows 7 and later)" Ver3.0.1 and earlier, The Public Certification Service for Individuals "The JPKI user's software (for Windows Vista)" Ver3.0.1 and earlier and The Public Certification Service for Individuals "The JPKI user's software" Ver2.6 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
local
low complexity
jpki CWE-426
7.8
2017-06-08 CVE-2017-1319 Inadequate Encryption Strength vulnerability in IBM Tivoli Federated Identity Manager 6.2.0/6.2.1/6.2.2
IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure attribute in encrypted session (SSL) cookie.
network
low complexity
ibm CWE-326
7.5
2017-06-08 CVE-2016-9991 Cross-Site Request Forgery (CSRF) vulnerability in IBM Sterling Selling and Fulfillment Foundation
IBM Sterling Order Management 9.2 through 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.0
2017-06-08 CVE-2016-9698 XXE vulnerability in IBM Rational Rhapsody Design Manager
IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data.
network
low complexity
ibm CWE-611
8.1
2017-06-08 CVE-2016-6098 Improper Access Control vulnerability in IBM products
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
network
low complexity
ibm CWE-284
8.1
2017-06-08 CVE-2015-3913 Improper Input Validation vulnerability in Huawei products
The IP stack in multiple Huawei Campus series switch models allows remote attackers to cause a denial of service (reboot) via a crafted ICMP request message.
network
low complexity
huawei CWE-20
7.5
2017-06-08 CVE-2015-3634 Information Exposure vulnerability in Slideshow Project Slideshow
The SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX function in the Slideshow plugin 2.2.8 through 2.2.21 for Wordpress allows remote attackers to read arbitrary Wordpress option values.
network
low complexity
slideshow-project CWE-200
7.5
2017-06-08 CVE-2015-1786 Cross-Site Request Forgery (CSRF) vulnerability in Zend Framework
Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers.
network
low complexity
zend CWE-352
8.8
2017-06-08 CVE-2015-1379 Improper Input Validation vulnerability in Dest-Unreach Socat
The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b8 allow remote attackers to cause a denial of service (process freeze or crash).
network
low complexity
dest-unreach CWE-20
7.5
2017-06-08 CVE-2016-6594 7PK - Security Features vulnerability in Bluecoat Advanced Secure Gateway, Cacheflow and Proxysg
Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5 and 6.6 allows remote attackers to bypass blocked requests, user authentication, and payload scanning.
network
low complexity
bluecoat CWE-254
7.5