Security Vulnerabilities - CVEs Published In October 2016
SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP Security Note 2139366.
CVSS Score
7.5
EPSS Score
0.006
Published
2016-10-13
Siemens Automation License Manager (ALM) before 5.3 SP3 allows remote attackers to write to files, rename files, create directories, or delete directories via crafted packets.
CVSS Score
9.1
EPSS Score
0.01
Published
2016-10-13
SQL injection vulnerability in Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to execute arbitrary SQL commands via crafted traffic to TCP port 4410.
CVSS Score
6.5
EPSS Score
0.002
Published
2016-10-13
Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to cause a denial of service (ALM service outage) via crafted packets to TCP port 4410.
CVSS Score
7.5
EPSS Score
0.01
Published
2016-10-13
Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration information via unspecified vectors.
CVSS Score
2.5
EPSS Score
0.001
Published
2016-10-13
Siemens SIMATIC STEP 7 (TIA Portal) before 14 improperly stores pre-shared key data in TIA project files, which makes it easier for local users to obtain sensitive information by leveraging access to a file and conducting a brute-force attack.
CVSS Score
4.7
EPSS Score
0.001
Published
2016-10-13
Ruckus Wireless H500 web management interface authenticated command injection
CVSS Score
8.8
EPSS Score
0.202
Published
2016-10-10
Reflected XSS in wordpress plugin wpsolr-search-engine v7.6
CVSS Score
6.1
EPSS Score
0.022
Published
2016-10-10
Reflected XSS in wordpress plugin whizz v1.0.7
CVSS Score
6.1
EPSS Score
0.086
Published
2016-10-10
Reflected XSS in wordpress plugin tidio-gallery v1.1
CVSS Score
6.1
EPSS Score
0.046
Published
2016-10-10