Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-14 | CVE-2016-6471 | Information Exposure vulnerability in Cisco Firesight System Software 5.4.1.6 A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authenticated, remote attacker to view the Remote Storage Password. | 6.5 |
| 2016-12-14 | CVE-2016-6465 | Improper Input Validation vulnerability in Cisco Email Security Appliance A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances and Cisco Web Security Appliances could allow an unauthenticated, remote attacker to bypass user filters that are configured for an affected device. | 4.3 |
| 2016-12-14 | CVE-2016-1411 | Cryptographic Issues vulnerability in Cisco products A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server. | 5.9 |
| 2016-12-13 | CVE-2016-5060 | Cross-site Scripting vulnerability in Naver Ngrinder Multiple cross-site scripting (XSS) vulnerabilities in nGrinder before 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) description, (2) email, or (3) username parameter to user/save. | 6.1 |
| 2016-12-13 | CVE-2016-6313 | Information Exposure vulnerability in multiple products The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits. | 5.3 |
| 2016-12-13 | CVE-2016-6722 | Information Exposure vulnerability in Google Android An information disclosure vulnerability in libstagefright in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to access data outside of its permission levels. | 5.5 |
| 2016-12-13 | CVE-2016-6720 | Information Exposure vulnerability in Google Android An information disclosure vulnerability in libstagefright in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to access data outside of its permission levels. | 5.5 |
| 2016-12-13 | CVE-2016-6712 | Improper Input Validation vulnerability in Google Android A remote denial of service vulnerability in libvpx in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. | 5.5 |
| 2016-12-13 | CVE-2016-6711 | Improper Input Validation vulnerability in Google Android A remote denial of service vulnerability in libvpx in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. | 5.5 |
| 2016-12-13 | CVE-2016-7440 | The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences. | 5.5 |