Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-09-26 | CVE-2016-6913 | Cross-site Scripting vulnerability in Alienvault products Cross-site scripting (XSS) vulnerability in AlienVault OSSIM before 5.3 and USM before 5.3 allows remote attackers to inject arbitrary web script or HTML via the back parameter to ossim/conf/reload.php. | 5.4 |
| 2016-09-26 | CVE-2016-6901 | Improper Input Validation vulnerability in Huawei AR Firmware and Netengine 16Ex Firmware Format string vulnerability in Huawei AR100, AR120, AR150, AR200, AR500, AR550, AR1200, AR2200, AR2500, AR3200, and AR3600 routers with software before V200R007C00SPC900 and NetEngine 16EX routers with software before V200R007C00SPC900 allows remote authenticated users to cause a denial of service via format string specifiers in vectors involving partial commands. | 6.5 |
| 2016-09-26 | CVE-2016-6827 | Information Exposure vulnerability in Huawei Fusioncompute Huawei FusionCompute before V100R005C10CP7002 stores cleartext AES keys in a file, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | 6.5 |
| 2016-09-26 | CVE-2016-6826 | Improper Access Control vulnerability in Huawei Anyoffice Secureapp 2.5.0301.0190/2.5.0501.0190 Huawei AnyMail before 2.6.0301.0060 allows remote attackers to cause a denial of service (application crash) via a crafted compressed email attachment. | 6.5 |
| 2016-09-26 | CVE-2016-6172 | Resource Exhaustion vulnerability in multiple products PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response. | 6.8 |
| 2016-09-26 | CVE-2016-6153 | Improper Input Validation vulnerability in multiple products os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files. | 5.9 |
| 2016-09-26 | CVE-2016-3639 | Information Exposure vulnerability in SAP Hana DB 1.00.091.00.1418659308 SAP HANA DB 1.00.091.00.1418659308 allows remote attackers to obtain sensitive topology information via an unspecified HTTP request, aka SAP Security Note 2176128. | 4.3 |
| 2016-09-26 | CVE-2016-7142 | Permissions, Privileges, and Access Controls vulnerability in multiple products The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message. | 5.9 |
| 2016-09-26 | CVE-2016-5746 | libstorage, libstorage-ng, and yast-storage improperly store passphrases for encrypted storage devices in a temporary file on disk, which might allow local users to obtain sensitive information by reading the file, as demonstrated by /tmp/libstorage-XXXXXX/pwdf. | 5.1 |
| 2016-09-26 | CVE-2016-8279 | Improper Access Control vulnerability in Huawei Honor6 Firmware, Mate S Firmware and P8 Firmware The video driver in Huawei Mate S smartphones with software CRR-TL00 before CRR-TL00C01B362, CRR-UL20 before CRR-UL20C00B362, CRR-CL00 before CRR-CL00C92B362, and CRR-CL20 before CRR-CL20C92B362; P8 smartphones with software GRA-TL00 before GRA-TL00C01B366, GRA-UL00 before GRA-UL00C00B366, GRA-UL10 before GRA-UL10C00B366, and GRA-CL00 before GRA-CL00C92B366; and Honor 6 and Honor 6 Plus smartphones with software before 6.9.16 allows attackers to cause a denial of service (device reboot) via a crafted application. | 5.5 |