Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-01-17 CVE-2015-4960 7PK - Security Features vulnerability in IBM Infosphere Master Data Management
IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.
network
low complexity
ibm CWE-254
4.1
2016-01-16 CVE-2016-1295 Information Exposure vulnerability in Cisco Adaptive Security Appliance Software
Cisco Adaptive Security Appliance (ASA) Software 8.4 allows remote attackers to obtain sensitive information via an AnyConnect authentication attempt, aka Bug ID CSCuo65775.
network
low complexity
cisco CWE-200
5.3
2016-01-16 CVE-2016-1294 Cross-site Scripting vulnerability in Cisco Firesight System Software 6.0.1
Cross-site scripting (XSS) vulnerability in the Management Center in Cisco FireSIGHT System Software 6.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted cookie, aka Bug ID CSCuw89094.
network
low complexity
cisco CWE-79
6.1
2016-01-16 CVE-2016-1293 Cross-site Scripting vulnerability in Cisco Firesight System Software 6.0.0/6.0.1
Multiple cross-site scripting (XSS) vulnerabilities in the Management Center in Cisco FireSIGHT System Software 6.0.0 and 6.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCux40414.
network
low complexity
cisco CWE-79
6.1
2016-01-16 CVE-2015-6864 Improper Input Validation vulnerability in HP Arcsight Logger
HPE ArcSight Logger before 6.1P1 allows remote authenticated users to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component.
network
low complexity
hp CWE-20
6.3
2016-01-15 CVE-2016-1913 Cross-site Scripting vulnerability in Redhen Project Redhen
Multiple cross-site scripting (XSS) vulnerabilities in the Redhen module 7.x-1.x before 7.x-1.11 for Drupal allow remote authenticated users with certain access to inject arbitrary web script or HTML via unspecified vectors, related to (1) individual contacts, (2) notes, or (3) engagement scores.
network
low complexity
redhen-project CWE-79
5.4
2016-01-15 CVE-2016-1912 Cross-site Scripting vulnerability in Dolibarr
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lastname, (2) firstname, (3) email, (4) job, or (5) signature parameter to htdocs/user/card.php.
network
low complexity
dolibarr CWE-79
5.4
2016-01-15 CVE-2016-1911 Cross-site Scripting vulnerability in SAP Netweaver 7.40
Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) Runtime Workbench (RWB) or (2) Pmitest servlet in the Process Monitoring Infrastructure (PMI), aka SAP Security Notes 2206793 and 2234918.
network
low complexity
sap CWE-79
6.1
2016-01-15 CVE-2016-1910 Information Exposure vulnerability in SAP Netweaver 7.40
The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290.
network
low complexity
sap CWE-200
5.3
2016-01-15 CVE-2016-1262 Improper Input Validation vulnerability in Juniper Junos
Juniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.1X48 before 12.3X48-D20, and 15.1X49 before 15.1X49-D30 on SRX series devices, when the Real Time Streaming Protocol Application Layer Gateway (RTSP ALG) is enabled, allow remote attackers to cause a denial of service (flowd crash) via a crafted RTSP packet.
network
high complexity
juniper CWE-20
5.9