Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-11 | CVE-2015-8399 | Information Exposure vulnerability in Atlassian Confluence Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action. | 4.3 |
| 2016-04-11 | CVE-2015-8398 | Cross-site Scripting vulnerability in Atlassian Confluence Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.8.17 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to rest/prototype/1/session/check. | 6.1 |
| 2016-04-11 | CVE-2015-7528 | Information Exposure vulnerability in multiple products Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name. | 5.3 |
| 2016-04-11 | CVE-2015-7502 | Information Exposure vulnerability in Redhat Cloudforms and Cloudforms Management Engine Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users to obtain sensitive data and consequently gain privileges by leveraging access to (1) database exports or (2) log files. | 5.1 |
| 2016-04-11 | CVE-2015-5233 | Permissions, Privileges, and Access Controls vulnerability in multiple products Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary hosts or (2) remote authenticated users with the destroy_reports permission to delete reports from arbitrary hosts via direct access to the (a) individual report show/delete pages or (b) APIs. | 4.2 |
| 2016-04-11 | CVE-2014-9759 | Information Exposure vulnerability in Mantisbt 1.3.0 Incomplete blacklist vulnerability in the config_is_private function in config_api.php in MantisBT 1.3.x before 1.3.0 allows remote attackers to obtain sensitive master salt configuration information via a SOAP API request. | 5.3 |
| 2016-04-11 | CVE-2015-0265 | Cross-site Scripting vulnerability in Apache Ranger 0.4.0 Cross-site scripting (XSS) vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header. | 6.1 |
| 2016-04-11 | CVE-2016-3676 | 7PK - Security Features vulnerability in Huawei E3276S Firmware E3276S150Tcpuv200R002B250D04Sp00C00 Huawei E3276s USB modems with software before E3276s-150TCPU-V200R002B436D09SP00C00 allow man-in-the-middle attackers to intercept, spoof, or modify network traffic via unspecified vectors related to a fake network. | 6.4 |
| 2016-04-11 | CVE-2016-2163 | Cross-site Scripting vulnerability in Apache Openmeetings Cross-site scripting (XSS) vulnerability in Apache OpenMeetings before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the event description when creating an event. | 6.1 |
| 2016-04-11 | CVE-2016-0784 | Path Traversal vulnerability in Apache Openmeetings Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. | 6.5 |