Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-01-15 CVE-2016-1260 Resource Management Errors vulnerability in Juniper Junos 13.2X51/14.1X53/15.2
Juniper Junos OS before 13.2X51-D36, 14.1X53 before 14.1X53-D25, and 15.2 before 15.2R1 on EX4300 series switches allow remote attackers to cause a denial of service (network loop and bandwidth consumption) via unspecified vectors related to Spanning Tree Protocol (STP) traffic.
network
low complexity
juniper CWE-399
5.3
2016-01-15 CVE-2016-1258 Improper Input Validation vulnerability in Juniper Junos
Embedthis Appweb, as used in J-Web in Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D20, 13.2X51 before 13.2X51-D20, 13.3 before 13.3R8, 14.1 before 14.1R6, and 14.2 before 14.2R5, allows remote attackers to cause a denial of service (J-Web crash) via unspecified vectors.
network
low complexity
juniper CWE-20
5.3
2016-01-15 CVE-2016-1257 Improper Input Validation vulnerability in Juniper Junos
The Routing Engine in Juniper Junos OS 13.2R5 through 13.2R8, 13.3R1 before 13.3R8, 13.3R7 before 13.3R7-S3, 14.1R1 before 14.1R6, 14.1R3 before 14.1R3-S9, 14.1R4 before 14.1R4-S7, 14.1X51 before 14.1X51-D65, 14.1X53 before 14.1X53-D12, 14.1X53 before 14.1X53-D28, 14.1X53 before 4.1X53-D35, 14.2R1 before 14.2R5, 14.2R3 before 14.2R3-S4, 14.2R4 before 14.2R4-S1, 15.1 before 15.1R3, 15.1F2 before 15.1F2-S2, and 15.1X49 before 15.1X49-D40, when LDP is enabled, allows remote attackers to cause a denial of service (RPD routing process crash) via a crafted LDP packet.
network
high complexity
juniper CWE-20
5.9
2016-01-15 CVE-2016-1256 Resource Management Errors vulnerability in Juniper Junos
Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D40, 13.3 before 13.3R7, 14.1 before 14.1R5, 14.1X53 before 14.1X53-D18 or 14.1X53-D30, 14.1X55 before 14.1X55-D25, 14.2 before 14.2R4, 15.1 before 15.1R2, and 15.1X49 before 15.1X49-D10 allow remote attackers to cause a denial of service via a malformed IGMPv3 packet, aka a "multicast denial of service."
network
low complexity
juniper CWE-399
5.3
2016-01-15 CVE-2015-8749 Information Exposure vulnerability in Openstack Nova
The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors.
network
high complexity
openstack CWE-200
5.9
2016-01-15 CVE-2015-8688 Improper Input Validation vulnerability in Gajim
Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza.
network
low complexity
gajim CWE-20
5.4
2016-01-15 CVE-2015-8685 Cross-site Scripting vulnerability in Dolibarr
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) external calendar url or (2) the bank name field in the "import external calendar" page.
network
low complexity
dolibarr CWE-79
6.1
2016-01-15 CVE-2015-8675 Credentials Management vulnerability in Huawei S5300 Firmware V200R005C02
Huawei S5300 Campus Series switches with software before V200R005SPH008 do not mask the password when uploading files, which allows physically proximate attackers to obtain sensitive password information by reading the display.
local
low complexity
huawei CWE-255
6.2
2016-01-15 CVE-2016-1898 Information Exposure vulnerability in multiple products
FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file.
local
low complexity
ffmpeg canonical opensuse CWE-200
5.5
2016-01-15 CVE-2016-1897 Information Exposure vulnerability in multiple products
FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file.
local
low complexity
ffmpeg canonical opensuse CWE-200
5.5