Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-13 | CVE-2016-7796 | Improper Input Validation vulnerability in multiple products The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled. | 5.5 |
| 2016-10-13 | CVE-2016-7795 | Improper Input Validation vulnerability in multiple products The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket. | 5.5 |
| 2016-10-13 | CVE-2016-4407 | Improper Access Control vulnerability in SAP Sapcryptolib 5.555.38 The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors, aka SAP Security Note 2223008. | 6.5 |
| 2016-10-13 | CVE-2016-3638 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP SLD Registration SAP SLD Registration Program (aka SLDREG) allows local users to cause a denial of service (memory corruption and process termination) via a crafted HOST parameter, aka SAP Security Note 2125623. | 5.5 |
| 2016-10-13 | CVE-2016-8564 | SQL Injection vulnerability in Siemens Automation License Manager 5.3 SQL injection vulnerability in Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to execute arbitrary SQL commands via crafted traffic to TCP port 4410. | 6.5 |
| 2016-10-13 | CVE-2016-7959 | 7PK - Security Features vulnerability in Siemens Simatic Step 7 Siemens SIMATIC STEP 7 (TIA Portal) before 14 improperly stores pre-shared key data in TIA project files, which makes it easier for local users to obtain sensitive information by leveraging access to a file and conducting a brute-force attack. | 4.7 |
| 2016-10-10 | CVE-2016-1000155 | Cross-site Scripting vulnerability in Wpsolr Wpsolr-Search-Engine 7.6 Reflected XSS in wordpress plugin wpsolr-search-engine v7.6 | 6.1 |
| 2016-10-10 | CVE-2016-1000154 | Cross-site Scripting vulnerability in Browserweb Whizz Reflected XSS in wordpress plugin whizz v1.0.7 | 6.1 |
| 2016-10-10 | CVE-2016-1000153 | Cross-site Scripting vulnerability in Tidio-Gallery Project Tidio-Gallery 1.1 Reflected XSS in wordpress plugin tidio-gallery v1.1 | 6.1 |
| 2016-10-10 | CVE-2016-1000152 | Cross-site Scripting vulnerability in Tidio-Form Project Tidio-Form 1.0 Reflected XSS in wordpress plugin tidio-form v1.0 | 6.1 |