Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-18 | CVE-2016-3409 | Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 102637. | 6.1 |
| 2017-01-18 | CVE-2016-3408 | Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 101813. | 6.1 |
| 2017-01-18 | CVE-2016-3407 | Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104222, 104910, 105071, and 105175. | 6.1 |
| 2017-01-18 | CVE-2016-3401 | Unspecified vulnerability in Synacor Zimbra Collaboration Suite Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote authenticated users to affect integrity via unknown vectors, aka bug 99810. | 6.5 |
| 2017-01-18 | CVE-2016-6897 | Cross-Site Request Forgery (CSRF) vulnerability in Wordpress Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the check_ajax_referer function, a related issue to CVE-2016-6896. | 6.5 |
| 2017-01-18 | CVE-2016-10148 | Improper Access Control vulnerability in Wordpress The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a get_plugin_data call before checking the update_plugins capability, which allows remote authenticated users to bypass intended read-access restrictions via the plugin parameter to wp-admin/admin-ajax.php, a related issue to CVE-2016-6896. | 4.3 |
| 2017-01-18 | CVE-2016-10147 | NULL Pointer Dereference vulnerability in Linux Kernel crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an AF_ALG socket with an incompatible algorithm, as demonstrated by mcryptd(md5). | 5.5 |
| 2017-01-18 | CVE-2016-9844 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Unzip Project Unzip 6.0 Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header. | 4.0 |
| 2017-01-18 | CVE-2016-9278 | Improper Input Validation vulnerability in Samsung Exynos Fimg2D Driver The Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows local users to cause a denial of service (kernel panic) via a crafted ioctl command. | 5.5 |
| 2017-01-18 | CVE-2016-9273 | Out-of-bounds Read vulnerability in Libtiff 4.0.6 tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode. | 5.5 |