Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2016-08-23 CVE-2016-6364 Information Exposure vulnerability in Cisco Unified Communications Manager 11.5.0
The User Data Services (UDS) API implementation in Cisco Unified Communications Manager 11.5 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified API calls, aka Bug ID CSCux67855.
network
low complexity
cisco CWE-200
7.5
2016-08-23 CVE-2016-6355 Resource Management Errors vulnerability in Cisco IOS XR
Memory leak in Cisco IOS XR 5.1.x through 5.1.3, 5.2.x through 5.2.5, and 5.3.x through 5.3.2 on ASR 9001 devices allows remote attackers to cause a denial of service (control-plane protocol outage) via crafted fragmented packets, aka Bug ID CSCux26791.
network
low complexity
cisco CWE-399
7.5
2016-08-23 CVE-2016-1484 Improper Input Validation vulnerability in Cisco Webex Meetings Server 2.6.0/2.6.1.39
Cisco WebEx Meetings Server 2.6 allows remote attackers to bypass intended access restrictions and obtain sensitive application information via unspecified vectors, aka Bug ID CSCuy92724.
network
low complexity
cisco CWE-20
7.5
2016-08-22 CVE-2016-6362 Permissions, Privileges, and Access Controls vulnerability in Cisco Aironet Access Point Software
Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.110.0, 8.2.12x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow local users to gain privileges via crafted CLI parameters, aka Bug ID CSCuz24725.
local
low complexity
cisco CWE-264
7.8
2016-08-22 CVE-2016-4377 Unspecified vulnerability in HP products
HPE Smart Update in Storage Sizing Tool before 13.0, Converged Infrastructure Solution Sizer Suite (CISSS) before 2.13.1, Power Advisor before 7.8.2, Insight Management Sizer before 16.12.1, Synergy Planning Tool before 3.3, SAP Sizing Tool before 16.12.1, Sizing Tool for SAP Business Suite powered by HANA before 16.11.1, Sizer for ConvergedSystems Virtualization before 16.7.1, Sizer for Microsoft Exchange Server before 16.12.1, Sizer for Microsoft Lync Server 2013 before 16.12.1, Sizer for Microsoft SharePoint 2013 before 16.13.1, Sizer for Microsoft SharePoint 2010 before 16.11.1, and Sizer for Microsoft Skype for Business Server 2015 before 16.5.1 allows remote attackers to execute arbitrary code via unspecified vectors.
network
high complexity
hp
8.1
2016-08-22 CVE-2016-1479 Improper Input Validation vulnerability in Cisco IP Phone 8800 Series Firmware 11.0(1)
Cisco IP Phone 8800 devices with software 11.0(1) allow remote attackers to cause a denial of service (memory corruption) via a crafted HTTP request, aka Bug ID CSCuz03038.
network
low complexity
cisco CWE-20
7.5
2016-08-22 CVE-2016-0915 Permissions, Privileges, and Access Controls vulnerability in EMC Authentication Manager Prime 3.0/3.1
The Self-Service Portal in EMC RSA Authentication Manager (AM) Prime Self-Service 3.0 and 3.1 before 3.1 1915.42871 allows remote authenticated users to cause a denial of service (PIN change for an arbitrary user) via a modified token serial number within a PIN change request, related to a "direct object reference vulnerability."
network
low complexity
emc CWE-264
8.1
2016-08-19 CVE-2016-5736 Improper Access Control vulnerability in F5 products
The default configuration of the IPsec IKE peer listener in F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.1 before HF16, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF2; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF2; BIG-IP DNS 12.x before 12.0.0 HF2; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.1 before HF16; BIG-IP GTM 11.2.1 before HF16, 11.4.x, 11.5.x before 11.5.4 HF2, and 11.6.x before 11.6.1; and BIG-IP PSM 11.4.0 through 11.4.1 improperly enables the anonymous IPsec IKE peer configuration object, which allows remote attackers to establish an IKE Phase 1 negotiation and possibly conduct brute-force attacks against Phase 2 negotiations via unspecified vectors.
network
low complexity
f5 CWE-284
7.5
2016-08-19 CVE-2016-4475 7PK - Security Features vulnerability in Theforeman Foreman
The (1) Organization and (2) Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3 allow remote authenticated users to bypass organization and location restrictions and (a) read, (b) edit, or (c) delete arbitrary organizations or locations via unspecified vectors.
network
low complexity
theforeman CWE-254
8.8
2016-08-19 CVE-2016-0760 Improper Access Control vulnerability in Apache Sentry 1.5.1/1.6.0
Multiple incomplete blacklist vulnerabilities in Apache Sentry before 1.7.0 allow remote authenticated users to execute arbitrary code via the (1) reflect, (2) reflect2, or (3) java_method Hive builtin functions.
network
low complexity
apache CWE-284
8.8