Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-04-13 CVE-2016-2116 Resource Management Errors vulnerability in multiple products
Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file.
network
low complexity
canonical jasper-project CWE-399
5.7
2016-04-13 CVE-2016-1496 Resource Management Errors vulnerability in Huawei P8 Firmware
The graphics driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 allows attackers to cause a denial of service (system crash) via a crafted application, aka a "semaphore deadlock issue."
local
low complexity
huawei CWE-399
5.5
2016-04-13 CVE-2015-8682 Improper Input Validation vulnerability in Huawei Mate S Firmware and P8 Firmware
The Video0 driver in Huawei P8 smartphones with software GRA-UL00 before GRA-UL00C00B350, GRA-UL10 before GRA-UL10C00B350, GRA-TL00 before GRA-TL00C01B350, GRA-CL00 before GRA-CL00C92B350, and GRA-CL10 before GRA-CL10C92B350 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to obtain sensitive information from stack memory or cause a denial of service (system crash) via a crafted application, which triggers an invalid memory access.
local
low complexity
huawei CWE-20
6.1
2016-04-13 CVE-2014-6276 Permissions, Privileges, and Access Controls vulnerability in multiple products
schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details.
network
low complexity
roundup-tracker debian CWE-264
4.3
2016-04-12 CVE-2016-1377 Cross-site Scripting vulnerability in Cisco Unity Connection
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCus21776.
network
low complexity
cisco CWE-79
6.1
2016-04-12 CVE-2016-1376 Improper Input Validation vulnerability in Cisco IOS XR
Cisco IOS XR 4.2.3, 4.3.0, 4.3.4, and 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (CRC and symbol errors, and interface flap) via crafted bit patterns in packets, aka Bug ID CSCuv78548.
network
low complexity
cisco CWE-20
5.3
2016-04-12 CVE-2016-0887 Information Exposure vulnerability in Dell products
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application's failure to detect an RSA signature failure during a TLS session.
network
high complexity
dell CWE-200
5.9
2016-04-12 CVE-2016-0162 Unspecified vulnerability in Microsoft Internet Explorer 10/11/9
Microsoft Internet Explorer 9 through 11 allows remote attackers to determine the existence of files via crafted JavaScript code, aka "Internet Explorer Information Disclosure Vulnerability."
network
low complexity
microsoft
4.3
2016-04-12 CVE-2016-0161 7PK - Security Features vulnerability in Microsoft Edge
Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0158.
network
low complexity
microsoft CWE-254
6.5
2016-04-12 CVE-2016-0158 7PK - Security Features vulnerability in Microsoft Edge
Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0161.
network
low complexity
microsoft CWE-254
6.5