Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-29 | CVE-2016-3060 | Improper Access Control vulnerability in IBM Financial Transaction Manager Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to conduct clickjacking attacks via a crafted web site. | 5.7 |
| 2016-10-28 | CVE-2016-4394 | 7PK - Security Features vulnerability in HP System Management Homepage HPE System Management Homepage before v7.6 allows remote attackers to obtain sensitive information via unspecified vectors, related to an "HSTS" issue. | 6.5 |
| 2016-10-28 | CVE-2016-4393 | Cross-site Scripting vulnerability in HP System Management Homepage HPE System Management Homepage before v7.6 allows "remote authenticated" attackers to obtain sensitive information via unspecified vectors, related to an "XSS" issue. | 5.4 |
| 2016-10-28 | CVE-2016-9018 | NULL Pointer Dereference vulnerability in Realnetworks Realplayer 18.1.5.705 Improper handling of a repeating VRAT chunk in qcpfformat.dll allows attackers to cause a Null pointer dereference and crash in RealNetworks RealPlayer 18.1.5.705 through a crafted .QCP media file. | 5.5 |
| 2016-10-28 | CVE-2016-8889 | Information Exposure vulnerability in Bitcoin Knots Project Bitcoin Knots In Bitcoin Knots v0.11.0.ljr20150711 through v0.13.0.knots20160814 (fixed in v0.13.1.knots20161027), the debug console stores sensitive information including private keys and the wallet passphrase in its persistent command history. | 6.2 |
| 2016-10-28 | CVE-2016-8871 | Information Exposure vulnerability in Botan Project Botan In Botan 1.11.29 through 1.11.32, RSA decryption with certain padding options had a detectable timing channel which could given sufficient queries be used to recover plaintext, aka an "OAEP side channel" attack. | 6.2 |
| 2016-10-28 | CVE-2016-8583 | Cross-site Scripting vulnerability in Alienvault products Multiple GET parameters in the vulnerability scan scheduler of AlienVault OSSIM and USM before 5.3.2 are vulnerable to reflected XSS. | 6.1 |
| 2016-10-28 | CVE-2016-8581 | Cross-site Scripting vulnerability in Alienvault products A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to steal session IDs of logged in users when the current sessions are viewed by an administrator. | 6.1 |
| 2016-10-28 | CVE-2016-8579 | Resource Management Errors vulnerability in Docker2Aci Project Docker2Aci 0.12.3 docker2aci <= 0.12.3 has an infinite loop when handling local images with cyclic dependency chain. | 4.0 |
| 2016-10-28 | CVE-2016-1423 | Cross-site Scripting vulnerability in Cisco Email Security Appliance A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a user to click a malicious link in the MIQ view. | 6.1 |