Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-03-24 | CVE-2016-1737 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X Carbon in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dfont file. | 6.3 |
| 2016-03-24 | CVE-2016-1734 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS AppleUSBNetworking in Apple iOS before 9.3 and OS X before 10.11.4 allows physically proximate attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted USB device. | 6.8 |
| 2016-03-24 | CVE-2016-1732 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X AppleRAID in Apple OS X before 10.11.4 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors. | 5.5 |
| 2016-03-24 | CVE-2016-1599 | Cross-site Scripting vulnerability in Microfocus Self Service Password Reset Cross-site scripting (XSS) vulnerability in NetIQ Self Service Password Reset (SSPR) 2.x and 3.x before 3.3.1 HF2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 6.1 |
| 2016-03-24 | CVE-2009-2197 | Data Processing Errors vulnerability in Apple Safari Apple Safari before 9.1 allows remote attackers to spoof the user interface via a web page that places text in a crafted context, leading to unintended use of that text within a Safari dialog. | 4.3 |
| 2016-03-22 | CVE-2016-3116 | Unspecified vulnerability in Dropbear SSH Project Dropbear SSH CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data. | 6.4 |
| 2016-03-22 | CVE-2016-3115 | Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. | 6.4 |
| 2016-03-21 | CVE-2015-7454 | Permissions, Privileges, and Access Controls vulnerability in IBM Business Process Manager and Websphere Process Server Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote authenticated users to bypass intended access restrictions and create an arbitrary page or space via unspecified vectors. | 4.3 |
| 2016-03-19 | CVE-2016-0283 | Cross-site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in the OpenID Connect (OIDC) client web application in IBM WebSphere Application Server (WAS) Liberty Profile 8.5.5 before 8.5.5.9 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 6.1 |
| 2016-03-19 | CVE-2016-2287 | Cross-site Scripting vulnerability in Xzeres 442Sr OS Cross-site scripting (XSS) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |