Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-30 | CVE-2016-5304 | Unspecified vulnerability in Symantec Endpoint Protection Manager 12.1.6 Open redirect vulnerability in a report-routing component in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 6.8 |
| 2016-06-30 | CVE-2016-3652 | Cross-site Scripting vulnerability in Symantec Endpoint Protection Manager 12.1.6 Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2016-06-30 | CVE-2016-3649 | Information Exposure vulnerability in Symantec Endpoint Protection Manager 12.1.6 Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated administrators to enumerate administrator accounts via modified GET requests. | 4.3 |
| 2016-06-30 | CVE-2016-3189 | Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block. | 6.5 |
| 2016-06-30 | CVE-2016-5248 | Permissions, Privileges, and Access Controls vulnerability in Lenovo Solution Center 3.3.0001 The StopProxy command in LSC.Services.SystemService in Lenovo Solution Center before 3.3.003 allows local users to terminate arbitrary processes via the PID argument. | 5.5 |
| 2016-06-30 | CVE-2016-5232 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei Mate 8 Firmware NXT Buffer overflow in Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (system crash) via a crafted app. | 5.5 |
| 2016-06-30 | CVE-2016-4086 | Unspecified vulnerability in Huawei Hisuite Huawei HiSuite (In China) before 4.0.4.301 and (Out of China) before 4.0.4.204_ove allows remote attackers to install arbitrary apps on a connected phone via unspecified vectors. high complexity huawei | 5.3 |
| 2016-06-30 | CVE-2016-4057 | Resource Management Errors vulnerability in Huawei Fusioncompute V100R005C00 Huawei FusionCompute before V100R005C10SPC700 allows remote authenticated users to cause a denial of service (resource consumption) via a large number of crafted packets. | 6.5 |
| 2016-06-30 | CVE-2016-0349 | Improper Access Control vulnerability in IBM Business Process Manager 8.5.6.0/8.5.7.0 IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before 8.5.7.CF201606 allows remote authenticated users to bypass intended access restrictions and update process-instance variables via a REST API call. | 6.5 |
| 2016-06-30 | CVE-2016-0322 | Cross-site Scripting vulnerability in IBM Connections Cross-site scripting (XSS) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 through CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML by uploading an HTML document. | 5.4 |