Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-01-01 | CVE-2015-4941 | Code vulnerability in IBM Websphere MQ Light 1.0/1.0.0.1 IBM WebSphere MQ Light 1.x before 1.0.2 mishandles abbreviated TLS handshakes, which allows remote attackers to cause a denial of service (MQXR service crash) via unspecified vectors. | 5.3 |
| 2016-01-01 | CVE-2015-7441 | Code vulnerability in IBM Business Process Manager and Websphere Process Server Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.2 does not properly use SSL for its HTTPS connection, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. | 6.8 |
| 2015-12-31 | CVE-2015-7447 | Information Exposure vulnerability in IBM Websphere Portal IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF09 allows remote attackers to bypass intended Portal AccessControl REST API access restrictions and obtain sensitive information via unspecified vectors. | 5.3 |
| 2015-12-31 | CVE-2015-7282 | Improper Input Validation vulnerability in Readynet Solutions Wrt300N-Dd and Wrt300N-Dd Firmware ReadyNet WRT300N-DD devices with firmware 1.0.26 use the same source port number for every DNS query, which makes it easier for remote attackers to spoof responses by selecting that number for the destination port. | 5.8 |
| 2015-12-31 | CVE-2015-7279 | Unspecified vulnerability in Ampedwireless R10000 Firmware 2.5.2.11 Amped Wireless R10000 devices with firmware 2.5.2.11 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value. | 5.3 |
| 2015-12-31 | CVE-2015-6017 | Cross-site Scripting vulnerability in Zyxel P-660Hw-T1 V2 Firmware 3.40(Axh.0) Multiple cross-site scripting (XSS) vulnerabilities in Forms/rpAuth_1 on ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0) allow remote attackers to inject arbitrary web script or HTML via the (1) LoginPassword or (2) hiddenPassword parameter. | 6.1 |
| 2015-12-31 | CVE-2015-5994 | Credentials Management vulnerability in Mediabridge Medialink Mwn-Wapr300N Firmware 5.07.50 The web management interface on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 has a default password of admin for the admin account and a default password of password for the medialink account, which allows remote attackers to obtain administrative privileges by leveraging a Wi-Fi session. | 6.8 |
| 2015-12-31 | CVE-2015-2918 | Improper Input Validation vulnerability in Orientdb 2.0.14/2.1.0 The Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. | 6.1 |
| 2015-12-31 | CVE-2015-2913 | Information Exposure vulnerability in Orientdb 2.0.14/2.1.0 server/network/protocol/http/OHttpSessionManager.java in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 improperly relies on the java.util.Random class for generation of random Session ID values, which makes it easier for remote attackers to predict a value by determining the internal state of the PRNG in this class. | 5.9 |
| 2015-12-31 | CVE-2015-2896 | Information Exposure vulnerability in Idera Uptime Infrastructure Monitor The up.time client in Idera Uptime Infrastructure Monitor through 7.6 allows remote attackers to obtain potentially sensitive version, OS, process, and event-log information via a command. | 5.3 |