Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-01-16 | CVE-2016-1293 | Cross-site Scripting vulnerability in Cisco Firesight System Software 6.0.0/6.0.1 Multiple cross-site scripting (XSS) vulnerabilities in the Management Center in Cisco FireSIGHT System Software 6.0.0 and 6.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCux40414. | 6.1 |
| 2016-01-16 | CVE-2015-6864 | Improper Input Validation vulnerability in HP Arcsight Logger HPE ArcSight Logger before 6.1P1 allows remote authenticated users to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component. | 6.3 |
| 2016-01-15 | CVE-2016-1913 | Cross-site Scripting vulnerability in Redhen Project Redhen Multiple cross-site scripting (XSS) vulnerabilities in the Redhen module 7.x-1.x before 7.x-1.11 for Drupal allow remote authenticated users with certain access to inject arbitrary web script or HTML via unspecified vectors, related to (1) individual contacts, (2) notes, or (3) engagement scores. | 5.4 |
| 2016-01-15 | CVE-2016-1912 | Cross-site Scripting vulnerability in Dolibarr Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lastname, (2) firstname, (3) email, (4) job, or (5) signature parameter to htdocs/user/card.php. | 5.4 |
| 2016-01-15 | CVE-2016-1911 | Cross-site Scripting vulnerability in SAP Netweaver 7.40 Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) Runtime Workbench (RWB) or (2) Pmitest servlet in the Process Monitoring Infrastructure (PMI), aka SAP Security Notes 2206793 and 2234918. | 6.1 |
| 2016-01-15 | CVE-2016-1910 | Information Exposure vulnerability in SAP Netweaver 7.40 The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290. | 5.3 |
| 2016-01-15 | CVE-2016-1262 | Improper Input Validation vulnerability in Juniper Junos Juniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.1X48 before 12.3X48-D20, and 15.1X49 before 15.1X49-D30 on SRX series devices, when the Real Time Streaming Protocol Application Layer Gateway (RTSP ALG) is enabled, allow remote attackers to cause a denial of service (flowd crash) via a crafted RTSP packet. | 5.9 |
| 2016-01-15 | CVE-2016-1260 | Resource Management Errors vulnerability in Juniper Junos 13.2X51/14.1X53/15.2 Juniper Junos OS before 13.2X51-D36, 14.1X53 before 14.1X53-D25, and 15.2 before 15.2R1 on EX4300 series switches allow remote attackers to cause a denial of service (network loop and bandwidth consumption) via unspecified vectors related to Spanning Tree Protocol (STP) traffic. | 5.3 |
| 2016-01-15 | CVE-2016-1258 | Improper Input Validation vulnerability in Juniper Junos Embedthis Appweb, as used in J-Web in Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D20, 13.2X51 before 13.2X51-D20, 13.3 before 13.3R8, 14.1 before 14.1R6, and 14.2 before 14.2R5, allows remote attackers to cause a denial of service (J-Web crash) via unspecified vectors. | 5.3 |
| 2016-01-15 | CVE-2016-1257 | Improper Input Validation vulnerability in Juniper Junos The Routing Engine in Juniper Junos OS 13.2R5 through 13.2R8, 13.3R1 before 13.3R8, 13.3R7 before 13.3R7-S3, 14.1R1 before 14.1R6, 14.1R3 before 14.1R3-S9, 14.1R4 before 14.1R4-S7, 14.1X51 before 14.1X51-D65, 14.1X53 before 14.1X53-D12, 14.1X53 before 14.1X53-D28, 14.1X53 before 4.1X53-D35, 14.2R1 before 14.2R5, 14.2R3 before 14.2R3-S4, 14.2R4 before 14.2R4-S1, 15.1 before 15.1R3, 15.1F2 before 15.1F2-S2, and 15.1X49 before 15.1X49-D40, when LDP is enabled, allows remote attackers to cause a denial of service (RPD routing process crash) via a crafted LDP packet. | 5.9 |