Multiple stack-based buffer overflows in the web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 14.6%.
The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Cisco Adaptive Security Appliances (ASA) devices, when SMP is used, do not properly process X.509 certificates, which allows remote attackers to cause a denial of service (device crash) via a large. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.
Apple AirPort Base Station Firmware before 7.6.4 does not properly handle incorrect frame lengths, which allows remote attackers to cause a denial of service (device crash) by associating with the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.
The SSL implementation in IBM Security AppScan Enterprise before 8.7.0.1 enables cipher suites with weak encryption algorithms, which makes it easier for remote attackers to obtain sensitive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-site scripting (XSS) vulnerability in bookmarklet.jsp in Cisco SocialMiner allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuh73868. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
AdvancePro Advanceware allows remote authenticated users to obtain sensitive information about arbitrary customers' orders via a modified id parameter. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Security AppScan Enterprise before 8.7 does not invalidate the session context upon a logout action, which allows remote attackers to hijack sessions by leveraging an unattended workstation. Rated low severity (CVSS 1.7), this vulnerability is low attack complexity. No vendor patch available.