Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-20 | CVE-2015-8288 | Unspecified vulnerability in Netgear D3600 Firmware and D6000 Firmware NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation. | 5.9 |
| 2016-06-19 | CVE-2016-4811 | Improper Access Control vulnerability in Ntt-Bp Japan Connected-Free Wi-Fi 1.13.0/1.15.1 The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.15.1 and earlier for Android and 1.13.0 and earlier for iOS allows man-in-the-middle attackers to obtain API access via unspecified vectors. | 5.6 |
| 2016-06-19 | CVE-2016-4530 | Improper Input Validation vulnerability in Osisoft PI SQL Data Access Server 2016 1.5 OSIsoft PI SQL Data Access Server (aka OLE DB) 2016 1.5 allows remote authenticated users to cause a denial of service (service outage and data loss) via a message. | 6.5 |
| 2016-06-19 | CVE-2016-4518 | Improper Input Validation vulnerability in Osisoft PI AF Server 2016 OSIsoft PI AF Server before 2016 2.8.0 allows remote authenticated users to cause a denial of service (service outage) via a message. | 6.5 |
| 2016-06-19 | CVE-2016-1864 | Information Exposure vulnerability in Apple Safari The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL. | 4.3 |
| 2016-06-19 | CVE-2016-1196 | Information Exposure vulnerability in Cybozu Garoon Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776. | 4.3 |
| 2016-06-19 | CVE-2016-1192 | Information Exposure vulnerability in Cybozu Garoon Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors. | 4.3 |
| 2016-06-19 | CVE-2016-1191 | Path Traversal vulnerability in Cybozu Garoon Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors. | 5.3 |
| 2016-06-19 | CVE-2015-7776 | Information Exposure vulnerability in Cybozu Garoon Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196. | 4.3 |
| 2016-06-19 | CVE-2015-7462 | Information Exposure vulnerability in IBM Websphere MQ 8.0.0.4 IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to discover cleartext certificate-keystore passwords within MQ trace output by leveraging administrator privileges to execute the mqcertck program. | 4.4 |