Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-29 | CVE-2016-5834 | Cross-site Scripting vulnerability in Wordpress Cross-site scripting (XSS) vulnerability in the wp_get_attachment_link function in wp-includes/post-template.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5833. | 6.1 |
| 2016-06-29 | CVE-2016-5833 | Cross-site Scripting vulnerability in Wordpress Cross-site scripting (XSS) vulnerability in the column_title function in wp-admin/includes/class-wp-media-list-table.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5834. | 6.1 |
| 2016-06-29 | CVE-2016-1237 | Improper Access Control vulnerability in Linux Kernel nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c. | 5.5 |
| 2016-06-29 | CVE-2016-0298 | Information Exposure vulnerability in IBM Security Guardium Directory traversal vulnerability in IBM Security Guardium Database Activity Monitor 10 before 10.0p100 allows remote authenticated users to read arbitrary files via a crafted URL. | 6.5 |
| 2016-06-29 | CVE-2015-8699 | Cross-site Scripting vulnerability in Broadcom Release Automation Multiple cross-site scripting (XSS) vulnerabilities in CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2016-06-28 | CVE-2016-0229 | Cross-site Scripting vulnerability in IBM Marketing Platform Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 8.6.x and 9.x before 9.1.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 6.1 |
| 2016-06-27 | CVE-2016-5728 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Race condition in the vop_ioctl function in drivers/misc/mic/vop/vop_vringh.c in the MIC VOP driver in the Linux kernel before 4.6.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (memory corruption and system crash) by changing a certain header, aka a "double fetch" vulnerability. | 6.3 |
| 2016-06-27 | CVE-2016-5243 | Information Exposure vulnerability in Linux Kernel The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel through 4.6.3 does not properly copy a certain string, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message. | 5.5 |
| 2016-06-27 | CVE-2016-4470 | The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command. | 5.5 |
| 2016-06-27 | CVE-2014-9903 | Information Exposure vulnerability in Linux Kernel 3.14 The sched_read_attr function in kernel/sched/core.c in the Linux kernel 3.14-rc before 3.14-rc4 uses an incorrect size, which allows local users to obtain sensitive information from kernel stack memory via a crafted sched_getattr system call. | 5.5 |