Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-01-13 | CVE-2016-0008 | Information Exposure vulnerability in Microsoft products The graphics device interface in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "Windows GDI32.dll ASLR Bypass Vulnerability." | 4.3 |
| 2016-01-13 | CVE-2016-0005 | Improper Input Validation vulnerability in Microsoft Internet Explorer 10/11/9 Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability." | 4.3 |
| 2016-01-13 | CVE-2015-6117 | Cross-site Scripting vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control Policy restrictions and conduct cross-site scripting (XSS) attacks by modifying a webpart, aka "Microsoft SharePoint Security Feature Bypass," a different vulnerability than CVE-2016-0011. | 6.1 |
| 2016-01-12 | CVE-2016-1715 | Numeric Errors vulnerability in multiple products The swin.sys kernel driver in McAfee Application Control (MAC) 6.1.0 before build 706, 6.1.1 before build 404, 6.1.2 before build 449, 6.1.3 before build 441, and 6.2.0 before build 505 on 32-bit Windows platforms allows local users to cause a denial of service (memory corruption and system crash) or gain privileges via a 768 syscall, which triggers a zero to be written to an arbitrary kernel memory location. | 6.6 |
| 2016-01-12 | CVE-2016-1231 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. | 5.9 |
| 2016-01-12 | CVE-2015-8673 | Credentials Management vulnerability in Huawei products Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 do not require entry of the old password when changing the password for the Debug account, which allows physically proximate attackers to change the password by leveraging an unattended workstation. | 6.8 |
| 2016-01-12 | CVE-2015-8672 | Data Processing Errors vulnerability in Huawei Te60 Firmware The presentation transmission permission management mechanism in Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 allows remote attackers to cause a denial of service (wired presentation outage) via unspecified vectors involving a wireless presentation. | 5.3 |
| 2016-01-12 | CVE-2015-8603 | Cross-site Scripting vulnerability in S9Y Serendipity Cross-site scripting (XSS) vulnerability in Serendipity before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the serendipity[entry_id] parameter in an "edit" admin action to serendipity_admin.php. | 5.4 |
| 2016-01-12 | CVE-2015-8337 | Unspecified vulnerability in Huawei Mate 7 Firmware and P8 Firmware The HIFI driver in Huawei P8 phones with software GRA-TL00 before GRA-TL00C01B220SP01, GRA-CL00 before GRA-CL00C92B220, GRA-CL10 before GRA-CL10C92B220, GRA-UL00 before GRA-UL00C00B220, GRA-UL10 before GRA-UL10C00B220 and Mate7 phones with software MT7-UL00 before MT7-UL00C17B354, MT7-TL10 before MT7-TL10C00B354, MT7-TL00 before MT7-TL00C01B354, and MT7-CL00 before MT7-CL00C92B354 allows remote attackers to cause a denial of service (invalid memory access and reboot) via unspecified vectors related to "input null pointer as parameter." | 5.5 |
| 2016-01-12 | CVE-2015-7242 | Cross-site Scripting vulnerability in AVM Fritz! OS 6.23 Cross-site scripting (XSS) vulnerability in the Push-Service-Mails feature in AVM FRITZ!OS before 6.30 allows remote attackers to inject arbitrary web script or HTML via the display name in the FROM field of an SIP INVITE message. | 6.1 |