The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 78.5%.
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 60.8%.
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files, and consequently obtain administrator. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 51.2%.
Untrusted search path vulnerability in the client in Symantec Endpoint Protection 12.1 before 12.1-RU6-MP1 allows local users to gain privileges via a Trojan horse DLL in a client install package. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.
Cisco IOS XE 2.x before 2.4.3 and 2.5.x before 2.5.1 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted series of fragmented. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Chiyu BF-630 and BF-630W fingerprint access-control devices allow remote attackers to bypass authentication and (1) read or (2) modify (a) Voice Time Set configuration settings via a request to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Chiyu BF-660C fingerprint access-control devices allow remote attackers to bypass authentication and (1) read or (2) modify communication configuration settings via a request to net.htm, a different. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Directory traversal vulnerability in Cisco AnyConnect Secure Mobility Client 4.0(2049) allows remote head-end systems to write to arbitrary files via a crafted configuration attribute, aka Bug ID. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to execute arbitrary SQL commands via. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.
The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21 does not enforce a. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.
Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via a. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-site scripting (XSS) vulnerability on Chiyu BF-630, BF-630W, and BF-660C fingerprint access-control devices allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(2) allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Cross-site scripting (XSS) vulnerability in Cisco IM and Presence Service before 10.5 MR1 allows remote attackers to inject arbitrary web script or HTML by constructing a crafted URL that leverages. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via unknown. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Prime Collaboration Deployment component in Cisco Unified Communications Manager 10.5(3.10000.9) allows remote authenticated users to discover root credentials via a direct request to an. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0, when external Enterprise Content Management (ECM) integration is. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.
Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local. Rated low severity (CVSS 1.7), this vulnerability is low attack complexity. No vendor patch available.