Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-13 | CVE-2015-8606 | Cross-site Scripting vulnerability in Silverstripe Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework before 3.1.16 and 3.2.x before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Locale or (2) FailedLoginCount parameter to admin/security/EditForm/field/Members/item/new/ItemEditForm. | 6.1 |
| 2016-04-13 | CVE-2015-8553 | Information Exposure vulnerability in multiple products Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. | 6.5 |
| 2016-04-13 | CVE-2015-8552 | Improper Input Validation vulnerability in multiple products The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity checks." | 4.4 |
| 2016-04-13 | CVE-2015-8551 | NULL Pointer Dereference vulnerability in multiple products The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka "Linux pciback missing sanity checks." | 6.0 |
| 2016-04-13 | CVE-2015-7555 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in giffix.c in giffix in giflib 5.1.1 allows attackers to cause a denial of service (program crash) via crafted image and logical screen width fields in a GIF file. | 5.5 |
| 2016-04-13 | CVE-2015-0861 | Permissions, Privileges, and Access Controls vulnerability in multiple products model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write to arbitrary fields via a sequence of records. | 4.3 |
| 2016-04-13 | CVE-2016-2116 | Resource Management Errors vulnerability in multiple products Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file. | 5.7 |
| 2016-04-13 | CVE-2016-1496 | Resource Management Errors vulnerability in Huawei P8 Firmware The graphics driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 allows attackers to cause a denial of service (system crash) via a crafted application, aka a "semaphore deadlock issue." | 5.5 |
| 2016-04-13 | CVE-2015-8682 | Improper Input Validation vulnerability in Huawei Mate S Firmware and P8 Firmware The Video0 driver in Huawei P8 smartphones with software GRA-UL00 before GRA-UL00C00B350, GRA-UL10 before GRA-UL10C00B350, GRA-TL00 before GRA-TL00C01B350, GRA-CL00 before GRA-CL00C92B350, and GRA-CL10 before GRA-CL10C92B350 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to obtain sensitive information from stack memory or cause a denial of service (system crash) via a crafted application, which triggers an invalid memory access. | 6.1 |
| 2016-04-13 | CVE-2014-6276 | Permissions, Privileges, and Access Controls vulnerability in multiple products schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details. | 4.3 |