Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-04-13 CVE-2016-4068 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864.
network
low complexity
opensuse roundcube CWE-79
6.1
2017-04-13 CVE-2016-3106 Race Condition vulnerability in Pulpproject Pulp 2.8.21
Pulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner.
network
low complexity
pulpproject CWE-362
5.3
2017-04-13 CVE-2016-2104 Cross-site Scripting vulnerability in Redhat Satellite 5.7
Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the package_name, (3) search_subscribed_channels, or (4) channel_filter parameter to software/packages/NameOverview.do; or unspecified vectors related to (5) <input:hidden> or (6) <bean:message> tags.
network
low complexity
redhat CWE-79
6.1
2017-04-13 CVE-2016-1915 Cross-site Scripting vulnerability in Blackberry Enterprise Service
Multiple cross-site scripting (XSS) vulnerabilities in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to inject arbitrary web script or HTML via the locale parameter to (1) mydevice/index.jsp or (2) mydevice/loggedOut.jsp.
network
low complexity
blackberry CWE-79
6.1
2017-04-13 CVE-2015-8864 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068.
network
low complexity
opensuse roundcube CWE-79
6.1
2017-04-13 CVE-2015-8283 Path Traversal vulnerability in Seawell Networks Spectrum SDC 02.05.00
Directory traversal vulnerability in configure_manage.php in SeaWell Networks Spectrum SDC 02.05.00.
network
low complexity
seawell-networks CWE-22
6.5
2017-04-13 CVE-2015-8272 NULL Pointer Dereference vulnerability in Rtmpdump Project Rtmpdump 2.4
RTMPDump 2.4 allows remote attackers to trigger a denial of service (NULL pointer dereference and process crash).
network
low complexity
rtmpdump-project CWE-476
6.5
2017-04-13 CVE-2015-8223 Permission Issues vulnerability in Huawei P7 Firmware and P8 Ale-Ul00 Firmware
Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B85, and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) by leveraging camera permissions and via crafted input to the camera driver.
local
low complexity
huawei CWE-275
5.5
2017-04-13 CVE-2015-7740 Improper Input Validation vulnerability in Huawei P7 Firmware and P8 Ale-Ul00 Firmware
Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B851 and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) via vectors involving an application that passes crafted input to the GPU driver.
local
low complexity
huawei CWE-20
5.5
2017-04-13 CVE-2015-7565 Cross-site Scripting vulnerability in Emberjs Ember.Js
Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject arbitrary web script or HTML.
network
low complexity
emberjs CWE-79
6.1