Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-06 | CVE-2016-3968 | Cross-site Scripting vulnerability in Sophos products Multiple cross-site scripting (XSS) vulnerabilities in Sophos Cyberoam CR100iNG UTM appliance with firmware 10.6.3 MR-1 build 503, CR35iNG UTM appliance with firmware 10.6.2 MR-1 build 383, and CR35iNG UTM appliance with firmware 10.6.2 Build 378 allow remote attackers to inject arbitrary web script or HTML via the (1) ipFamily parameter to corporate/webpages/trafficdiscovery/LiveConnections.jsp; the (2) ipFamily, (3) applicationname, or (4) username parameter to corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp; or the (5) X-Forwarded-For HTTP header. | 6.1 |
| 2016-04-06 | CVE-2016-3118 | Unspecified vulnerability in Broadcom API Gateway CRLF injection vulnerability in CA API Gateway (formerly Layer7 API Gateway) 7.1 before 7.1.04, 8.0 through 8.3 before 8.3.01, and 8.4 before 8.4.01 allows remote attackers to have an unspecified impact via unknown vectors. | 6.5 |
| 2016-04-05 | CVE-2016-3125 | 7PK - Security Features vulnerability in multiple products The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors. | 7.5 |
| 2016-04-05 | CVE-2016-2000 | Data Processing Errors vulnerability in HP products HPE Asset Manager 9.40, 9.41, and 9.50 and Asset Manager CloudSystem Chargeback 9.40 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | 9.8 |
| 2016-04-05 | CVE-2016-1177 | 7PK - Security Features vulnerability in Falconsc Wisepoint and Wisepoint Authenticator The management screen in Falcon WisePoint 4.3.1 and earlier and WisePoint Authenticator 4.1.19.22 and earlier allows remote attackers to conduct clickjacking attacks via unspecified vectors. | 6.1 |
| 2016-04-05 | CVE-2016-1789 | Unspecified vulnerability in Apple Ibooks Author 2.4.0 Apple iBooks Author before 2.4.1 allows remote attackers to read arbitrary files via an iBooks Author file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 5.5 |
| 2016-04-05 | CVE-2016-1176 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sharp EVA Animator Buffer overflow in the ActiveX control in Sharp EVA Animeter allows remote attackers to execute arbitrary code via a crafted web page. | 6.3 |
| 2016-04-05 | CVE-2016-1175 | Cross-Site Request Forgery (CSRF) vulnerability in Sharp Aquos Hn-Pp150 Firmware 1.02.00.04/1.03.01.04 Cross-site request forgery (CSRF) vulnerability in AQUOS Photo Player HN-PP150 1.02.00.04 through 1.03.01.04 allows remote attackers to hijack the authentication of arbitrary users. | 4.3 |
| 2016-04-05 | CVE-2016-0289 | Improper Access Control vulnerability in IBM Maximo Asset Management shiprec.xml in the SHIPREC application in IBM Maximo Asset Management 7.1 and 7.5 before 7.5.0.10 and 7.6 before 7.6.0.4 allows remote authenticated users to bypass intended item-selection restrictions via unspecified vectors. | 4.3 |
| 2016-04-05 | CVE-2015-8523 | Improper Access Control vulnerability in IBM Tivoli Storage Manager Fastback The server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to cause a denial of service (service crash) via crafted packets to a TCP port. | 7.5 |