The administrative web interface in Cisco Prime Infrastructure (PI) before 3.1.1 allows remote authenticated users to execute arbitrary commands via crafted field values, aka Bug ID CSCuy96280. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The virtual network stack on Cisco AMP Threat Grid Appliance devices before 2.1.1 allows remote attackers to bypass a sandbox protection mechanism, and consequently obtain sensitive interprocess. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
IBM WebSphere Application Server (WAS) 8.5 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified JAX-RS API cookie,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM Power Hardware Management Console (HMC) 7.3 through 7.3.0 SP7, 7.9 through 7.9.0 SP3, 8.1 through 8.1.0 SP3, 8.2 through 8.2.0 SP2, 8.3 through 8.3.0 SP2, 8.4 through 8.4.0 SP1, and 8.5.0 allows. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.
The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Admin Center in IBM WebSphere Application Server (WAS) 8.5.5.2 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.