Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-03-26 | CVE-2016-3119 | The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. | 5.3 |
| 2016-03-26 | CVE-2016-1344 | Resource Management Errors vulnerability in multiple products The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417. | 5.9 |
| 2016-03-26 | CVE-2016-1160 | Cross-site Scripting vulnerability in WP Favorite Posts Project WP Favorite Posts Cross-site scripting (XSS) vulnerability in the WP Favorite Posts plugin before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2016-03-25 | CVE-2016-2340 | Unspecified vulnerability in Graniteds Granite Data Services 3.1.1Snapshot The AMF framework in Granite Data Services 3.1.1-SNAPSHOT allows remote authenticated users to read arbitrary files, send TCP requests to intranet servers, or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 5.4 |
| 2016-03-24 | CVE-2016-1366 | Permissions, Privileges, and Access Controls vulnerability in Cisco IOS XR The SCP and SFTP modules in Cisco IOS XR 5.0.0 through 5.2.5 on Network Convergence System 6000 devices use weak permissions for system files, which allows remote authenticated users to cause a denial of service (overwrite) via unspecified vectors, aka Bug ID CSCuw75848. | 6.5 |
| 2016-03-24 | CVE-2016-1788 | Cryptographic Issues vulnerability in Apple Iphone OS and Watchos Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly implement a cryptographic protection mechanism, which allows remote attackers to read message attachments via vectors related to duplicate messages. | 5.9 |
| 2016-03-24 | CVE-2016-1787 | Information Exposure vulnerability in Apple mac OS X Server Wiki Server in Apple OS X Server before 5.1 allows remote attackers to obtain sensitive information from Wiki pages via unspecified vectors. | 5.3 |
| 2016-03-24 | CVE-2016-1786 | Information Exposure vulnerability in Apple Iphone OS The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx (aka redirection) status code, which allows remote attackers to spoof the displayed URL, bypass the Same Origin Policy, and obtain sensitive cached information via a crafted web site. | 5.4 |
| 2016-03-24 | CVE-2016-1785 | Information Exposure vulnerability in Apple Iphone OS The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | 6.5 |
| 2016-03-24 | CVE-2016-1784 | Resource Exhaustion vulnerability in Apple Iphone OS The History implementation in WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to cause a denial of service (resource consumption and application crash) via a crafted web site. | 6.5 |