Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-04-13 CVE-2016-2036 NULL Pointer Dereference vulnerability in Samsung Galaxy Note 3 Firmware and Galaxy S6 Firmware
The getURL function in drivers/secfilter/urlparser.c in secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to trigger a NULL pointer dereference via a "GET HTTP/1.1" request, aka SVE-2016-5036.
local
low complexity
samsung CWE-476
5.5
5.5
2017-04-13 CVE-2015-8780 Path Traversal vulnerability in Samsung Kies
Samsung wssyncmlnps before 2015-10-31 allows directory traversal in a Kies restore, aka ZipFury.
high complexity
samsung CWE-22
6.4
6.4
2017-04-13 CVE-2016-4068 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864.
network
low complexity
opensuse roundcube CWE-79
6.1
6.1
2017-04-13 CVE-2016-3106 Race Condition vulnerability in Pulpproject Pulp 2.8.21
Pulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner.
network
low complexity
pulpproject CWE-362
5.3
5.3
2017-04-13 CVE-2016-2104 Cross-site Scripting vulnerability in Redhat Satellite 5.7
Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the package_name, (3) search_subscribed_channels, or (4) channel_filter parameter to software/packages/NameOverview.do; or unspecified vectors related to (5) <input:hidden> or (6) <bean:message> tags.
network
low complexity
redhat CWE-79
6.1
6.1
2017-04-13 CVE-2016-1915 Cross-site Scripting vulnerability in Blackberry Enterprise Service
Multiple cross-site scripting (XSS) vulnerabilities in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to inject arbitrary web script or HTML via the locale parameter to (1) mydevice/index.jsp or (2) mydevice/loggedOut.jsp.
network
low complexity
blackberry CWE-79
6.1
6.1
2017-04-13 CVE-2015-8864 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068.
network
low complexity
opensuse roundcube CWE-79
6.1
6.1
2017-04-13 CVE-2015-8283 Path Traversal vulnerability in Seawell Networks Spectrum SDC 02.05.00
Directory traversal vulnerability in configure_manage.php in SeaWell Networks Spectrum SDC 02.05.00.
network
low complexity
seawell-networks CWE-22
6.5
6.5
2017-04-13 CVE-2015-8272 NULL Pointer Dereference vulnerability in Rtmpdump Project Rtmpdump 2.4
RTMPDump 2.4 allows remote attackers to trigger a denial of service (NULL pointer dereference and process crash).
network
low complexity
rtmpdump-project CWE-476
6.5
6.5
2017-04-13 CVE-2015-8223 Permission Issues vulnerability in Huawei P7 Firmware and P8 Ale-Ul00 Firmware
Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B85, and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) by leveraging camera permissions and via crafted input to the camera driver.
local
low complexity
huawei CWE-275
5.5
5.5