Skip to main content
CVE-2016-1358 MEDIUM This Month

Cisco Prime Infrastructure 2.2, 3.0, and 3.1(0.0) allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco XXE Buffer Overflow Prime Infrastructure
NVD
CVSS 3.0
6.4
EPSS
0.5%
CVE-2016-1355 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Device Management UI in the management interface in Cisco FireSIGHT System Software 6.1.0 allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Firesight System Software
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-1354 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 8.x before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Communications Domain Manager
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-0227 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the document-list control implementation in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, and 8.5.5 and 8.5.6 through. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Business Process Manager
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-1288 MEDIUM This Month

The HTTPS Proxy feature in Cisco AsyncOS before 8.5.3-051 and 9.x before 9.0.0-485 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (service outage) by. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Web Security Appliance
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2016-1357 MEDIUM This Month

The password-management administration component in Cisco Policy Suite (CPS) 7.0.1.3, 7.0.2, 7.0.2-att, 7.0.3-att, 7.0.4-att, and 7.5.0 allows remote attackers to bypass intended RBAC restrictions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Cisco Policy Suite
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-0702 MEDIUM PATCH This Month

The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

OpenSSL Intel Information Disclosure Node Js Debian Linux +1
NVD
CVSS 3.1
5.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy