The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which. Rated low severity (CVSS 3.6), this vulnerability is remotely exploitable. Public exploit code available.
Cisco IOS XE does not properly manage memory for TFTP UDP flows, which allows remote attackers to cause a denial of service (memory consumption) via TFTP (1) client or (2) server traffic, aka Bug IDs. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.
The TLS/SSLv3 module on Cisco ONS 15454 controller cards allows remote attackers to cause a denial of service (card reset) via crafted (1) TLS or (2) SSLv3 packets, aka Bug ID CSCuh34787. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.
The IP Device Tracking (IPDT) feature in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (IPDT AVL corruption and device reload) via a crafted sequence of ARP packets, aka. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.
Multiple cross-site scripting (XSS) vulnerabilities in the web interface in the Assurance component in Cisco Prime Collaboration allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.