Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-01-08 CVE-2015-8759 Cross-site Scripting vulnerability in Typo3
Cross-site scripting (XSS) vulnerability in the typoLink function in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote authenticated editors to inject arbitrary web script or HTML via a link field.
network
low complexity
typo3 CWE-79
5.4
2016-01-08 CVE-2015-8758 Cross-site Scripting vulnerability in Typo3
Multiple cross-site scripting (XSS) vulnerabilities in unspecified frontend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors.
network
low complexity
typo3 CWE-79
5.4
2016-01-08 CVE-2015-8757 Cross-site Scripting vulnerability in Typo3
Cross-site scripting (XSS) vulnerability in the Extension Manager in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to extension data during an extension installation.
network
low complexity
typo3 CWE-79
6.1
2016-01-08 CVE-2015-8756 Cross-site Scripting vulnerability in Typo3
Cross-site scripting (XSS) vulnerability in the search result view in the Indexed Search (indexed_search) component in TYPO3 6.2.x before 6.2.16 allows remote authenticated editors to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
typo3 CWE-79
5.4
2016-01-08 CVE-2015-8755 Cross-site Scripting vulnerability in Typo3
Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors.
network
low complexity
typo3 CWE-79
5.4
2016-01-08 CVE-2015-8615 7PK - Security Features vulnerability in XEN 4.6.0
The hvm_set_callback_via function in arch/x86/hvm/irq.c in Xen 4.6 does not limit the number of printk console messages when logging the new callback method, which allows local HVM guest OS users to cause a denial of service via a large number of changes to the callback method (HVM_PARAM_CALLBACK_IRQ).
network
low complexity
xen CWE-254
5.0
2016-01-08 CVE-2015-8303 Information Exposure vulnerability in Huawei Document Security Management V100R002C03Spc005
Huawei Document Security Management (DSM) with software before V100R002C05SPC661 does not clear the clipboard when closing a secure file, which allows local users to obtain sensitive information by pasting the contents to another file.
local
low complexity
huawei CWE-200
4.0
2016-01-08 CVE-2015-8226 Improper Input Validation vulnerability in Huawei ALE Firmware and Gem-703L Firmware
The Joint Photographic Experts Group Processing Unit (JPU) driver in Huawei ALE smartphones with software before ALE-UL00C00B220 and ALE-TL00C01B220 and GEM-703L smartphones with software before V100R001C233B111 allows remote attackers to cause a denial of service (crash) via a crafted application with the system or camera permission, a different vulnerability than CVE-2015-8225.
local
low complexity
huawei CWE-20
5.5
2016-01-08 CVE-2015-8225 Improper Input Validation vulnerability in Huawei ALE Firmware and Gem-703L Firmware
The Joint Photographic Experts Group Processing Unit (JPU) driver in Huawei ALE smartphones with software before ALE-UL00C00B220 and ALE-TL00C01B220 and GEM-703L smartphones with software before V100R001C233B111 allows remote attackers to cause a denial of service (crash) via a crafted application with the system or camera permission, a different vulnerability than CVE-2015-8226.
local
low complexity
huawei CWE-20
5.5
2016-01-08 CVE-2015-7328 Information Exposure vulnerability in Puppet Enterprise
Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during the initial installation and configuration, which might allow local users to obtain sensitive information via unspecified vectors.
local
high complexity
puppet CWE-200
4.7