Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-03-24 CVE-2016-1599 Cross-site Scripting vulnerability in Microfocus Self Service Password Reset
Cross-site scripting (XSS) vulnerability in NetIQ Self Service Password Reset (SSPR) 2.x and 3.x before 3.3.1 HF2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
microfocus CWE-79
6.1
2016-03-24 CVE-2009-2197 Data Processing Errors vulnerability in Apple Safari
Apple Safari before 9.1 allows remote attackers to spoof the user interface via a web page that places text in a crafted context, leading to unintended use of that text within a Safari dialog.
network
low complexity
apple CWE-19
4.3
2016-03-22 CVE-2016-3116 Unspecified vulnerability in Dropbear SSH Project Dropbear SSH
CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data.
network
low complexity
dropbear-ssh-project
6.4
2016-03-22 CVE-2016-3115 Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
network
low complexity
openbsd oracle
6.4
2016-03-21 CVE-2015-7454 Permissions, Privileges, and Access Controls vulnerability in IBM Business Process Manager and Websphere Process Server
Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote authenticated users to bypass intended access restrictions and create an arbitrary page or space via unspecified vectors.
network
low complexity
ibm CWE-264
4.3
2016-03-19 CVE-2016-0283 Cross-site Scripting vulnerability in IBM Websphere Application Server
Cross-site scripting (XSS) vulnerability in the OpenID Connect (OIDC) client web application in IBM WebSphere Application Server (WAS) Liberty Profile 8.5.5 before 8.5.5.9 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
6.1
2016-03-19 CVE-2016-2287 Cross-site Scripting vulnerability in Xzeres 442Sr OS
Cross-site scripting (XSS) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
xzeres CWE-79
6.1
2016-03-19 CVE-2015-2286 Information Exposure vulnerability in EDX Open EDX 20150127
lms/templates/footer-edx-new.html in Open edX edx-platform before 2015-01-29 does not properly restrict links on the password-reset page, which allows user-assisted remote attackers to discover password-reset tokens by reading a referer log after a victim navigates from this page to a social-sharing site.
network
low complexity
edx CWE-200
6.5
2016-03-18 CVE-2016-1994 Information Exposure vulnerability in HP System Management Homepage
HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information via unspecified vectors.
network
low complexity
hp CWE-200
6.5
2016-03-18 CVE-2015-5968 Cross-site Scripting vulnerability in Novell Filr 1.2
Cross-site scripting (XSS) vulnerability in Novell Filr 1.2 before Hot Patch 4 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
novell CWE-79
6.1