Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-02-09 | CVE-2016-1318 | Cross-site Scripting vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module 1.1Base Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data, aka Bug ID CSCux15489. | 6.1 |
| 2016-02-09 | CVE-2016-1317 | Information Exposure vulnerability in Zyxel Gs1900-10Hp Firmware 2.40 Cisco Unified Communications Manager 11.5(0.98000.480) allows remote authenticated users to obtain sensitive database table-name and entity-name information via a direct request to an unspecified URL, aka Bug ID CSCuy11098. | 4.3 |
| 2016-02-09 | CVE-2016-1316 | Information Exposure vulnerability in Cisco Telepresence Video Communication Server Software Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct request to an unspecified URL, aka Bug ID CSCux73362. | 5.3 |
| 2016-02-08 | CVE-2016-2268 | Cryptographic Issues vulnerability in Dell Secureworks 2.0.6 Dell SecureWorks app before 2.1 for iOS does not validate SSL certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 6.8 |
| 2016-02-08 | CVE-2016-2214 | Cross-site Scripting vulnerability in Huawei Agile Controller-Campus V100R001C00Spc315 Cross-site scripting (XSS) vulnerability in an unspecified portal authentication page in Huawei Agile Controller-Campus with software before V100R001C00SPC319 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 6.1 |
| 2016-02-08 | CVE-2016-2089 | Improper Input Validation vulnerability in Jasper Project Jasper 1.900.1 The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image. | 6.5 |
| 2016-02-08 | CVE-2016-2048 | Improper Access Control vulnerability in Djangoproject Django 1.9/1.9.1 Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission. | 5.5 |
| 2016-02-08 | CVE-2015-3251 | Information Exposure vulnerability in Apache Cloudstack 4.4.4/4.5.1 Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified vectors related to API calls. | 4.9 |
| 2016-02-08 | CVE-2016-2201 | Improper Input Validation vulnerability in Siemens Simatic S7-1500 CPU Firmware 1.8.2 Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to bypass a replay protection mechanism via packets on TCP port 102. | 5.3 |
| 2016-02-08 | CVE-2015-2012 | Information Exposure vulnerability in IBM Websphere MQ The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable permissions for a cleartext file containing the SSL keystore password, which allows local users to obtain sensitive information by reading this file. | 4.0 |