Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-04-20 CVE-2017-6617 Improper Authentication vulnerability in Cisco Integrated Management Controller Supervisor 3.0(1C)
A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system.
network
low complexity
cisco CWE-287
5.4
2017-04-20 CVE-2017-6615 Out-of-bounds Read vulnerability in Cisco IOS XE
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE 3.16 could allow an authenticated, remote attacker to cause a denial of service (DoS) condition.
network
high complexity
cisco CWE-125
6.3
2017-04-20 CVE-2017-6614 Information Exposure vulnerability in Cisco Findit Network Probe 1.0.0
A vulnerability in the file-download feature of the web user interface for Cisco FindIT Network Probe Software 1.0.0 could allow an authenticated, remote attacker to download and view any system file by using the affected software.
network
low complexity
cisco CWE-200
6.5
2017-04-20 CVE-2017-6613 Improper Input Validation vulnerability in Cisco Prime Network Registrar
A vulnerability in the DNS input packet processor for Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause the DNS process to momentarily restart, which could lead to a partial denial of service (DoS) condition on the affected system.
network
low complexity
cisco CWE-20
5.8
2017-04-20 CVE-2017-6611 Cross-site Scripting vulnerability in Cisco Prime Infrastructure 2.2(2)
A vulnerability in the web framework code of Cisco Prime Infrastructure 2.2(2) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system.
network
low complexity
cisco CWE-79
6.1
2017-04-20 CVE-2017-4969 Unspecified vulnerability in Cloudfoundry Cf-Release
The Cloud Controller in Cloud Foundry cf-release versions prior to v255 allows authenticated developer users to exceed memory and disk quotas for tasks.
network
low complexity
cloudfoundry
6.5
2017-04-20 CVE-2017-3793 Resource Exhaustion vulnerability in Cisco Adaptive Security Appliance Software
A vulnerability in the TCP normalizer of Cisco Adaptive Security Appliance (ASA) Software (8.0 through 8.7 and 9.0 through 9.6) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause Cisco ASA and FTD to drop any further incoming traffic on all interfaces, resulting in a denial of service (DoS) condition.
network
high complexity
cisco CWE-400
4.0
2017-04-20 CVE-2016-9980 Cross-site Scripting vulnerability in IBM Curam Social Program Management
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-04-20 CVE-2016-9979 Cross-site Scripting vulnerability in IBM Curam Social Program Management
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-04-20 CVE-2016-9978 Information Exposure vulnerability in IBM Curam Social Program Management
IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an authenticated attacker to disclose sensitive information.
network
low complexity
ibm CWE-200
4.3