Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-14 | CVE-2016-0073 | Information Exposure vulnerability in Microsoft products The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0075. | 5.0 |
| 2016-10-14 | CVE-2016-0070 | Information Exposure vulnerability in Microsoft products The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability." | 5.5 |
| 2016-10-13 | CVE-2016-7796 | Improper Input Validation vulnerability in multiple products The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled. | 5.5 |
| 2016-10-13 | CVE-2016-7795 | Improper Input Validation vulnerability in multiple products The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket. | 5.5 |
| 2016-10-13 | CVE-2016-4407 | Improper Access Control vulnerability in SAP Sapcryptolib 5.555.38 The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors, aka SAP Security Note 2223008. | 6.5 |
| 2016-10-13 | CVE-2016-3638 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP SLD Registration SAP SLD Registration Program (aka SLDREG) allows local users to cause a denial of service (memory corruption and process termination) via a crafted HOST parameter, aka SAP Security Note 2125623. | 5.5 |
| 2016-10-13 | CVE-2016-8564 | SQL Injection vulnerability in Siemens Automation License Manager 5.3 SQL injection vulnerability in Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to execute arbitrary SQL commands via crafted traffic to TCP port 4410. | 6.5 |
| 2016-10-13 | CVE-2016-7959 | 7PK - Security Features vulnerability in Siemens Simatic Step 7 Siemens SIMATIC STEP 7 (TIA Portal) before 14 improperly stores pre-shared key data in TIA project files, which makes it easier for local users to obtain sensitive information by leveraging access to a file and conducting a brute-force attack. | 4.7 |
| 2016-10-10 | CVE-2016-1000155 | Cross-site Scripting vulnerability in Wpsolr Wpsolr-Search-Engine 7.6 Reflected XSS in wordpress plugin wpsolr-search-engine v7.6 | 6.1 |
| 2016-10-10 | CVE-2016-1000154 | Cross-site Scripting vulnerability in Browserweb Whizz Reflected XSS in wordpress plugin whizz v1.0.7 | 6.1 |