Security Vulnerabilities - CVEs Published In September 2016
Cisco WebEx Meetings Server 2.6 allows remote attackers to cause a denial of service (CPU consumption) by repeatedly accessing the account-validation component of an unspecified service, aka Bug ID CSCuy92704.
CVSS Score
7.5
EPSS Score
0.005
Published
2016-09-19
The web server in Trane Tracer SC 4.2.1134 and earlier allows remote attackers to read sensitive configuration files via a direct request.
CVSS Score
5.3
EPSS Score
0.004
Published
2016-09-19
Cisco Fog Director 1.0(0) for IOx allows remote authenticated users to bypass intended access restrictions and write to arbitrary files via the Cartridge interface, aka Bug ID CSCuz89368.
CVSS Score
6.5
EPSS Score
0.002
Published
2016-09-18
Cross-site scripting (XSS) vulnerability in the web framework in Cisco IOx Local Manager in IOS 15.5(2)T and IOS XE allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy19854.
CVSS Score
6.1
EPSS Score
0.003
Published
2016-09-18
The Data in Motion (DMo) application in Cisco IOS 15.6(1)T and IOS XE, when the IOx feature set is enabled, allows remote attackers to cause a denial of service via a crafted packet, aka Bug IDs CSCuy82904, CSCuy82909, and CSCuy82912.
CVSS Score
5.9
EPSS Score
0.006
Published
2016-09-18
UCS Manager and UCS 6200 Fabric Interconnects in Cisco Unified Computing System (UCS) through 3.0(2d) allow local users to obtain OS root access via crafted CLI input, aka Bug ID CSCuz91263.
CVSS Score
7.8
EPSS Score
0.001
Published
2016-09-18
Printing UIKit in Apple iOS before 10 mishandles environment variables, which allows local users to discover cleartext AirPrint preview content by reading a temporary file.
CVSS Score
3.3
EPSS Score
0.001
Published
2016-09-18
Mail in Apple iOS before 10 mishandles certificates, which makes it easier for man-in-the-middle attackers to discover mail credentials via unspecified vectors.
CVSS Score
3.7
EPSS Score
0.002
Published
2016-09-18
The Keyboards component in Apple iOS before 10 does not properly use a cache for auto-correct suggestions, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an unintended correction.
CVSS Score
5.3
EPSS Score
0.005
Published
2016-09-18
Apple iOS before 10, when Handoff for Messages is used, does not ensure that a Messages signin has occurred before displaying messages, which might allow attackers to obtain sensitive information via unspecified vectors.
CVSS Score
2.9
EPSS Score
0.001
Published
2016-09-18