Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-06 | CVE-2016-3118 | Unspecified vulnerability in Broadcom API Gateway CRLF injection vulnerability in CA API Gateway (formerly Layer7 API Gateway) 7.1 before 7.1.04, 8.0 through 8.3 before 8.3.01, and 8.4 before 8.4.01 allows remote attackers to have an unspecified impact via unknown vectors. | 6.5 |
| 2016-04-05 | CVE-2016-1177 | 7PK - Security Features vulnerability in Falconsc Wisepoint and Wisepoint Authenticator The management screen in Falcon WisePoint 4.3.1 and earlier and WisePoint Authenticator 4.1.19.22 and earlier allows remote attackers to conduct clickjacking attacks via unspecified vectors. | 6.1 |
| 2016-04-05 | CVE-2016-1789 | Unspecified vulnerability in Apple Ibooks Author 2.4.0 Apple iBooks Author before 2.4.1 allows remote attackers to read arbitrary files via an iBooks Author file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 5.5 |
| 2016-04-05 | CVE-2016-1176 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sharp EVA Animator Buffer overflow in the ActiveX control in Sharp EVA Animeter allows remote attackers to execute arbitrary code via a crafted web page. | 6.3 |
| 2016-04-05 | CVE-2016-1175 | Cross-Site Request Forgery (CSRF) vulnerability in Sharp Aquos Hn-Pp150 Firmware 1.02.00.04/1.03.01.04 Cross-site request forgery (CSRF) vulnerability in AQUOS Photo Player HN-PP150 1.02.00.04 through 1.03.01.04 allows remote attackers to hijack the authentication of arbitrary users. | 4.3 |
| 2016-04-05 | CVE-2016-0289 | Improper Access Control vulnerability in IBM Maximo Asset Management shiprec.xml in the SHIPREC application in IBM Maximo Asset Management 7.1 and 7.5 before 7.5.0.10 and 7.6 before 7.6.0.4 allows remote authenticated users to bypass intended item-selection restrictions via unspecified vectors. | 4.3 |
| 2016-03-29 | CVE-2016-1760 | Improper Access Control vulnerability in Apple Iphone OS The XPC Services API in LaunchServices in Apple iOS before 9.3 allows attackers to bypass intended event-handler restrictions and modify an arbitrary app's events via a crafted app. | 6.2 |
| 2016-03-28 | CVE-2016-1314 | Cross-site Scripting vulnerability in SUN Opensolaris Snv124 Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (CDM) 8.1(1) allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux80760. | 6.1 |
| 2016-03-26 | CVE-2016-3119 | The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. | 5.3 |
| 2016-03-26 | CVE-2016-1344 | Resource Management Errors vulnerability in multiple products The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417. | 5.9 |