Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-11-25 | CVE-2016-0318 | Improper Access Control vulnerability in IBM Jazz Reporting Service 6.0/6.0.1 Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote attackers to obtain access by leveraging an unattended workstation. | 5.0 |
| 2016-11-25 | CVE-2016-0317 | Improper Access Control vulnerability in IBM Jazz Reporting Service 6.0/6.0.1 Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | 6.5 |
| 2016-11-25 | CVE-2016-0316 | Cross-site Scripting vulnerability in IBM Jazz Reporting Service 6.0/6.0.1/6.0.2 Cross-site scripting (XSS) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 and 6.0.2 before iFix003 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 5.4 |
| 2016-11-25 | CVE-2016-9452 | Improper Input Validation vulnerability in Drupal The transliterate mechanism in Drupal 8.x before 8.2.3 allows remote attackers to cause a denial of service via a crafted URL. | 6.5 |
| 2016-11-25 | CVE-2016-9451 | Open Redirect vulnerability in Drupal Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors. | 6.8 |
| 2016-11-25 | CVE-2016-9449 | Information Exposure vulnerability in Drupal The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags. | 4.3 |
| 2016-11-25 | CVE-2016-6753 | Information Exposure vulnerability in Google Android An information disclosure vulnerability in kernel components, including the process-grouping subsystem and the networking subsystem, in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. | 5.5 |
| 2016-11-25 | CVE-2016-6752 | Information Exposure vulnerability in Google Android An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. | 5.5 |
| 2016-11-25 | CVE-2016-6751 | Information Exposure vulnerability in Google Android An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. | 5.5 |
| 2016-11-25 | CVE-2016-6750 | Information Exposure vulnerability in Google Android An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. | 5.5 |