Security Vulnerabilities - CVEs Published In March 2016
IBM Tivoli NetView Access Services (NVAS) allows remote authenticated users to gain privileges by entering the ADM command and modifying a "page ID" field to the EMSPG2 transaction code. NOTE: the vendor's perspective is that configuration and use of available security controls in the NVAS product mitigates the reported vulnerability
CVSS Score
8.8
EPSS Score
0.01
Published
2016-03-18
HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vectors.
CVSS Score
7.7
EPSS Score
0.001
Published
2016-03-18
HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors.
CVSS Score
9.8
EPSS Score
0.164
Published
2016-03-18
HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information via unspecified vectors.
CVSS Score
6.5
EPSS Score
0.003
Published
2016-03-18
HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
CVSS Score
8.1
EPSS Score
0.003
Published
2016-03-18
Cross-site scripting (XSS) vulnerability in Novell Filr 1.2 before Hot Patch 4 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVSS Score
6.1
EPSS Score
0.002
Published
2016-03-18
The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
CVSS Score
9.8
EPSS Score
0.063
Published
2016-03-17
Stack-based buffer overflow in dwrcs.exe in the dwmrcs daemon in SolarWinds DameWare Mini Remote Control 12.0 allows remote attackers to execute arbitrary code via a crafted string.
CVSS Score
9.8
EPSS Score
0.535
Published
2016-03-17
The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted packet.
CVSS Score
8.1
EPSS Score
0.204
Published
2016-03-17
HPE ArcSight ESM before 6.8c, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to obtain sensitive information via unspecified vectors.
CVSS Score
6.5
EPSS Score
0.003
Published
2016-03-17