Security Vulnerabilities - CVEs Published In October 2016
A vulnerability in the local Certificate Authority (CA) feature of Cisco ASA Software before 9.6(1.5) could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper handling of crafted packets during the enrollment operation. An attacker could exploit this vulnerability by sending a crafted enrollment request to the affected system. An exploit could allow the attacker to cause the reload of the affected system. Note: Only HTTPS packets directed to the Cisco ASA interface, where the local CA is allowing user enrollment, can be used to trigger this vulnerability. This vulnerability affects systems configured in routed firewall mode and in single or multiple context mode.
CVSS Score
7.5
EPSS Score
0.002
Published
2016-10-27
XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension
CVSS Score
7.2
EPSS Score
0.009
Published
2016-10-27
XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension
CVSS Score
4.8
EPSS Score
0.003
Published
2016-10-27
SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla
CVSS Score
7.2
EPSS Score
0.009
Published
2016-10-27
Micro Focus Rumba FTP 4.X client buffer overflow makes it possible to corrupt the stack and allow arbitrary code execution. Fixed in: Rumba FTP 4.5 (HF 14668). This can only occur if a client connects to a malicious server.
CVSS Score
8.8
EPSS Score
0.084
Published
2016-10-27
XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attackers able to change their username to inject arbitrary HTML code into the Role Assignment administrator HTML pages.
CVSS Score
5.4
EPSS Score
0.003
Published
2016-10-27
XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the nrfEntitlementReport.do CGI.
CVSS Score
6.1
EPSS Score
0.002
Published
2016-10-27
XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the accessMgrDN value of the forgotUser.do CGI.
CVSS Score
6.1
EPSS Score
0.002
Published
2016-10-27
XSS in Yandex Browser Translator in Yandex browser for desktop for versions from 15.12 to 16.2 could be used by remote attacker for evaluation arbitrary javascript code.
CVSS Score
6.1
EPSS Score
0.002
Published
2016-10-26
XSS in Yandex Browser BookReader in Yandex browser for desktop for versions before 16.6. could be used by remote attacker for evaluation arbitrary javascript code.
CVSS Score
6.1
EPSS Score
0.002
Published
2016-10-26