Skip to main content
CVE-2016-6423 MEDIUM This Month

The IKEv2 client and initiator implementations in Cisco IOS 15.5(3)M and IOS XE allow remote IKEv2 servers to cause a denial of service (device reload) via crafted IKEv2 packets, aka Bug ID. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2016-6420 MEDIUM This Month

Cisco FireSIGHT System Software 4.10.3 through 5.4.0 in Firepower Management Center allows remote authenticated users to bypass authorization checks and gain privileges via a crafted HTTP request,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Firesight System Software
NVD
CVSS 3.0
6.5
EPSS
0.0%
CVE-2016-6418 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.0 through 3.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Videoscape Distribution Suite Service Manager
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2016-6416 MEDIUM This Month

The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Cisco Buffer Overflow Content Security Management Appliance Email Security Appliance +1
NVD
CVSS 3.0
5.9
EPSS
0.9%
CVE-2016-6652 MEDIUM PATCH This Month

SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 (Gosling SR6) and 1.10.x before 1.10.4 (Hopper SR4), when used with a repository that defines a String query using the @Query. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required.

SQLi Java Spring Data Jpa
NVD GitHub
CVSS 3.0
5.6
EPSS
0.3%
CVE-2016-5901 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in a test page in IBM Business Process Manager Advanced 8.5.6.0 through 8.5.7.0 before cumulative fix 2016.09 allows remote authenticated users to inject. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Business Process Manager
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-5892 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in IBM 10x, as used in Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications before 1.0.0.5_2, allows remote authenticated. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Multi Enterprise Integration Gateway B2B Advanced Communications
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-6421 MEDIUM This Month

Cisco IOS XR 5.2.2 allows remote attackers to cause a denial of service (process restart) via a crafted OSPF Link State Advertisement (LSA) update, aka Bug ID CSCvb05643. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xr
NVD
CVSS 3.0
5.3
EPSS
0.5%
CVE-2016-6550 MEDIUM This Month

The U by BB&T app 1.5.4 and earlier for iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure The U
NVD
CVSS 3.0
5.4
EPSS
0.0%
CVE-2016-7909 MEDIUM PATCH This Month

The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1). Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2016-7908 MEDIUM PATCH This Month

The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2016-7907 MEDIUM PATCH This Month

The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Denial Of Service Qemu
NVD
CVSS 3.1
4.4
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy