Security Vulnerabilities - CVEs Published In 2016
IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive information or spoof e-mail transmission via a crafted POST request, related to an "untrusted information vulnerability."
CVSS Score
6.5
EPSS Score
0.002
Published
2016-11-30
IBM BigFix Remote Control before 9.1.3 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information via unknown vectors.
CVSS Score
7.3
EPSS Score
0.002
Published
2016-11-30
The broker application in IBM BigFix Remote Control before 9.1.3 allows remote attackers to cause a denial of service via an invalid HTTP request.
CVSS Score
5.3
EPSS Score
0.007
Published
2016-11-30
Cross-site scripting (XSS) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
6.1
EPSS Score
0.003
Published
2016-11-30
Directory traversal vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated administrators to read arbitrary files via a crafted request.
CVSS Score
6.8
EPSS Score
0.006
Published
2016-11-30
IBM BigFix Remote Control before 9.1.3 allows remote attackers to conduct XML injection attacks via unspecified vectors.
CVSS Score
5.3
EPSS Score
0.003
Published
2016-11-30
IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive cleartext information by sniffing the network.
CVSS Score
5.3
EPSS Score
0.002
Published
2016-11-30
In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into showComments. The method showComments is defined in the expCommentControllercontroller with the parameter '$this->params['content_id']' used directly in SQL. Impact is a SQL injection.
CVSS Score
9.8
EPSS Score
0.004
Published
2016-11-29
libdwarf 2016-10-21 allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the "malformed dwarf file" approach, related to a "Heap Buffer Over-read" issue affecting the dwarf_util.c component, aka DW201611-006.
CVSS Score
9.1
EPSS Score
0.004
Published
2016-11-29
A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Management Engine (ME) protections. This could result in a denial of service or privilege escalation attack on the system.
CVSS Score
4.4
EPSS Score
0.0
Published
2016-11-29