Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-09-02 | CVE-2016-6893 | Cross-Site Request Forgery (CSRF) vulnerability in GNU Mailman Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account. | 8.8 |
| 2016-09-02 | CVE-2016-5879 | Improper Input Validation vulnerability in IBM MQ Appliance Firmware 8.0 MQCLI on IBM MQ Appliance M2000 and M2001 devices allows local users to execute arbitrary shell commands via a crafted (1) Disaster Recovery or (2) High Availability command. | 8.8 |
| 2016-09-02 | CVE-2016-6483 | Server-Side Request Forgery (SSRF) vulnerability in Vbulletin The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3.8.9 before Patch Level 1, 4.x before 4.2.2 Patch Level 6, 4.2.3 before Patch Level 2, 5.x before 5.2.0 Patch Level 3, 5.2.1 before Patch Level 1, and 5.2.2 before Patch Level 1 allows remote attackers to conduct SSRF attacks via a crafted URL that results in a Redirection HTTP status code. | 8.6 |
| 2016-09-02 | CVE-2016-4853 | OS Command Injection vulnerability in Akabei Soft2 Happy Wardrobe AKABEi SOFT2 games allow remote attackers to execute arbitrary OS commands via crafted saved data, as demonstrated by Happy Wardrobe. | 7.8 |
| 2016-09-02 | CVE-2016-1472 | Improper Input Validation vulnerability in Cisco Small Business 220 Series Smart Plus Switches 1.0.0.17/1.0.0.18/1.0.0.19 The web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to cause a denial of service (interface outage) via a crafted HTTP request, aka Bug ID CSCuz76238. | 7.5 |
| 2016-09-02 | CVE-2016-1470 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Small Business 220 Series Smart Plus Switches 1.0.0.17/1.0.0.18/1.0.0.19 Cross-site request forgery (CSRF) vulnerability in the web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuz76230. | 8.8 |
| 2016-09-01 | CVE-2016-4264 | XXE vulnerability in Adobe Coldfusion 10.0/11.0 The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before Update 21 and 11 before Update 10 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via a crafted OOXML spreadsheet containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 8.6 |
| 2016-09-01 | CVE-2016-2183 | Information Exposure vulnerability in multiple products The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. | 7.5 |
| 2016-08-31 | CVE-2016-5680 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command. | 8.8 |
| 2016-08-31 | CVE-2016-5679 | OS Command Injection vulnerability in multiple products cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command. | 8.8 |