Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-01-04 | CVE-2015-8712 | Improper Input Validation vulnerability in Wireshark The dissect_hsdsch_channel_info function in epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 5.5 |
| 2016-01-04 | CVE-2015-8711 | Improper Input Validation vulnerability in Wireshark epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. | 5.5 |
| 2016-01-04 | CVE-2015-3182 | Improper Input Validation vulnerability in Wireshark 1.10.12/1.10.13/1.10.14 epan/dissectors/packet-dec-dnart.c in the DECnet NSP/RT dissector in Wireshark 1.10.12 through 1.10.14 mishandles a certain strdup return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 5.5 |
| 2016-01-03 | CVE-2015-8508 | Cross-site Scripting vulnerability in Mozilla Bugzilla Cross-site scripting (XSS) vulnerability in showdependencygraph.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2, when a local dot configuration is used, allows remote attackers to inject arbitrary web script or HTML via a crafted bug summary. | 4.7 |
| 2016-01-03 | CVE-2015-5051 | Permissions, Privileges, and Access Controls vulnerability in IBM products IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated users to bypass intended access restrictions on query results via unspecified vectors. | 4.3 |
| 2016-01-03 | CVE-2015-5037 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Connections Cross-site request forgery (CSRF) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 5.4 |
| 2016-01-03 | CVE-2015-5036 | Cross-site Scripting vulnerability in IBM Connections Cross-site scripting (XSS) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-5035. | 5.4 |
| 2016-01-03 | CVE-2015-5035 | Cross-site Scripting vulnerability in IBM Connections Cross-site scripting (XSS) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-5036. | 5.4 |
| 2016-01-03 | CVE-2015-5023 | SQL Injection vulnerability in IBM Curam Social Program Management SQL injection vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 5.4 |
| 2016-01-03 | CVE-2015-5017 | Improper Access Control vulnerability in IBM products IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password. | 5.4 |