Security Vulnerabilities - CVEs Published In May 2016
Cross-site request forgery (CSRF) vulnerability on Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 allows remote attackers to hijack the authentication of arbitrary users.
CVSS Score
8.8
EPSS Score
0.002
Published
2016-05-31
Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to cause a denial of service (cold start) by sending two crafted ping requests.
CVSS Score
7.5
EPSS Score
0.01
Published
2016-05-31
Memory leak on Moxa Secure Router EDR-G903 devices before 3.4.12 allows remote attackers to cause a denial of service (memory consumption) by executing the ping function.
CVSS Score
7.5
EPSS Score
0.01
Published
2016-05-31
Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to discover cleartext passwords by reading a configuration file.
CVSS Score
7.5
EPSS Score
0.002
Published
2016-05-31
Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to read configuration and log files via a crafted URL.
CVSS Score
7.5
EPSS Score
0.004
Published
2016-05-31
Untrusted search path vulnerability in the installer in Adobe Connect Add-In before 11.9.976.291 on Windows allows local users to gain privileges via unspecified vectors.
CVSS Score
7.8
EPSS Score
0.005
Published
2016-05-30
Black Box AlertWerks ServSensor with firmware before SP473, AlertWerks ServSensor Junior with firmware before SP473, AlertWerks ServSensor Junior with PoE with firmware before SP473, and AlertWerks ServSensor Contact with firmware before SP473 allow remote authenticated users to discover administrator and user passwords via unspecified vectors.
CVSS Score
6.5
EPSS Score
0.002
Published
2016-05-30
iRZ RUH2 before 2b does not validate firmware patches, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.
CVSS Score
7.2
EPSS Score
0.002
Published
2016-05-30
HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote attackers to obtain sensitive information via unspecified vectors, related to the Web Client, Service Request Catalog, and Mobility components.
CVSS Score
7.5
EPSS Score
0.016
Published
2016-05-30
HPE RESTful Interface Tool 1.40 allows local users to obtain sensitive information via unspecified vectors.
CVSS Score
5.5
EPSS Score
0.001
Published
2016-05-30