Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-02-06 | CVE-2016-1311 | Cross-site Scripting vulnerability in Cisco Jabber Guest 10.6.8 Cross-site scripting (XSS) vulnerability in the management interface in Cisco Jabber Guest Server 10.6(8) allows remote attackers to inject arbitrary web script or HTML via the host tag parameter, aka Bug ID CSCuy08224. | 6.1 |
| 2016-02-06 | CVE-2016-1310 | Cross-site Scripting vulnerability in SUN Opensolaris Snv124 Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 11.5(0.199) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy09033. | 6.1 |
| 2016-02-06 | CVE-2016-1306 | Cross-site Scripting vulnerability in SUN Opensolaris Snv124 Multiple cross-site scripting (XSS) vulnerabilities in Cisco Fog Director 1.0(0) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux80466. | 6.1 |
| 2016-02-06 | CVE-2015-7916 | Cross-site Scripting vulnerability in Sauter-Controls Moduweb Vision 1.5 Cross-site scripting (XSS) vulnerability in Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query. | 6.5 |
| 2016-02-05 | CVE-2016-0862 | Information Exposure vulnerability in GE Snmp/Web Adapter Firmware 4.7 General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext account information via unspecified vectors. | 6.5 |
| 2016-02-04 | CVE-2016-1284 | Improper Input Validation vulnerability in ISC Bind 9.9.8 rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S before 9.9.8-S5, when nxdomain-redirect is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via crafted flag values in a query. | 5.9 |
| 2016-02-03 | CVE-2015-8748 | Permissions, Privileges, and Access Controls vulnerability in Radicale 1.0/1.0.1 Radicale before 1.1 allows remote authenticated users to bypass owner_write and owner_only limitations via regex metacharacters in the user name, as demonstrated by ".*". | 5.3 |
| 2016-02-03 | CVE-2015-7536 | Cross-site Scripting vulnerability in Jenkins Cross-site scripting (XSS) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts. | 5.4 |
| 2016-02-03 | CVE-2016-2213 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ffmpeg The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.6 allows remote attackers to cause a denial of service (out-of-bounds array read access) via crafted JPEG 2000 data. | 6.5 |
| 2016-02-01 | CVE-2015-8783 | Out-of-bounds Read vulnerability in multiple products tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image. | 6.5 |