Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-14 | CVE-2016-9202 | Cross-site Scripting vulnerability in Cisco Email Security Appliance A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) Switches could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the affected interface on an affected device. | 6.1 |
| 2016-12-14 | CVE-2016-9200 | Cross-site Scripting vulnerability in Cisco Prime Collaboration Assurance 10.5.1/10.6.0 A vulnerability in the web framework code of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface. | 6.1 |
| 2016-12-14 | CVE-2016-9199 | Path Traversal vulnerability in Cisco IOX 1.1.0 A vulnerability in the Cisco application-hosting framework (CAF) of Cisco IOx could allow an authenticated, remote attacker to read arbitrary files on a targeted system. | 6.5 |
| 2016-12-14 | CVE-2016-6473 | Injection vulnerability in Cisco IOS A vulnerability in Cisco IOS on Catalyst Switches and Nexus 9300 Series Switches could allow an unauthenticated, adjacent attacker to cause a Layer 2 network storm. | 6.5 |
| 2016-12-14 | CVE-2016-6471 | Information Exposure vulnerability in Cisco Firesight System Software 5.4.1.6 A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authenticated, remote attacker to view the Remote Storage Password. | 6.5 |
| 2016-12-14 | CVE-2016-6465 | Improper Input Validation vulnerability in Cisco Email Security Appliance A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances and Cisco Web Security Appliances could allow an unauthenticated, remote attacker to bypass user filters that are configured for an affected device. | 4.3 |
| 2016-12-14 | CVE-2016-1411 | Cryptographic Issues vulnerability in Cisco products A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server. | 5.9 |
| 2016-12-13 | CVE-2016-5060 | Cross-site Scripting vulnerability in Naver Ngrinder Multiple cross-site scripting (XSS) vulnerabilities in nGrinder before 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) description, (2) email, or (3) username parameter to user/save. | 6.1 |
| 2016-12-13 | CVE-2016-6313 | Information Exposure vulnerability in multiple products The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits. | 5.3 |
| 2016-12-13 | CVE-2016-6722 | Information Exposure vulnerability in Google Android An information disclosure vulnerability in libstagefright in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to access data outside of its permission levels. | 5.5 |