Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-30 | CVE-2016-9116 | NULL Pointer Dereference vulnerability in Uclouvain Openjpeg 2.1.2 NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. | 6.5 |
| 2016-10-30 | CVE-2016-9115 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Uclouvain Openjpeg 2.1.2 Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. | 6.5 |
| 2016-10-29 | CVE-2016-5920 | Cross-site Scripting vulnerability in IBM Financial Transaction Manager Cross-site scripting (XSS) vulnerability in the Web UI in IBM Financial Transaction Manager (FTM) for ACH Services 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2016-10-29 | CVE-2016-3060 | Improper Access Control vulnerability in IBM Financial Transaction Manager Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to conduct clickjacking attacks via a crafted web site. | 5.7 |
| 2016-10-28 | CVE-2016-4394 | 7PK - Security Features vulnerability in HP System Management Homepage HPE System Management Homepage before v7.6 allows remote attackers to obtain sensitive information via unspecified vectors, related to an "HSTS" issue. | 6.5 |
| 2016-10-28 | CVE-2016-4393 | Cross-site Scripting vulnerability in HP System Management Homepage HPE System Management Homepage before v7.6 allows "remote authenticated" attackers to obtain sensitive information via unspecified vectors, related to an "XSS" issue. | 5.4 |
| 2016-10-28 | CVE-2016-9018 | NULL Pointer Dereference vulnerability in Realnetworks Realplayer 18.1.5.705 Improper handling of a repeating VRAT chunk in qcpfformat.dll allows attackers to cause a Null pointer dereference and crash in RealNetworks RealPlayer 18.1.5.705 through a crafted .QCP media file. | 5.5 |
| 2016-10-28 | CVE-2016-8889 | Information Exposure vulnerability in Bitcoin Knots Project Bitcoin Knots In Bitcoin Knots v0.11.0.ljr20150711 through v0.13.0.knots20160814 (fixed in v0.13.1.knots20161027), the debug console stores sensitive information including private keys and the wallet passphrase in its persistent command history. | 6.2 |
| 2016-10-28 | CVE-2016-8871 | Information Exposure vulnerability in Botan Project Botan In Botan 1.11.29 through 1.11.32, RSA decryption with certain padding options had a detectable timing channel which could given sufficient queries be used to recover plaintext, aka an "OAEP side channel" attack. | 6.2 |
| 2016-10-28 | CVE-2016-8583 | Cross-site Scripting vulnerability in Alienvault products Multiple GET parameters in the vulnerability scan scheduler of AlienVault OSSIM and USM before 5.3.2 are vulnerable to reflected XSS. | 6.1 |