Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-01-15 | CVE-2015-8749 | Information Exposure vulnerability in Openstack Nova The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors. | 5.9 |
| 2016-01-15 | CVE-2015-8688 | Improper Input Validation vulnerability in Gajim Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza. | 5.4 |
| 2016-01-15 | CVE-2015-8685 | Cross-site Scripting vulnerability in Dolibarr Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) external calendar url or (2) the bank name field in the "import external calendar" page. | 6.1 |
| 2016-01-15 | CVE-2015-8675 | Credentials Management vulnerability in Huawei S5300 Firmware V200R005C02 Huawei S5300 Campus Series switches with software before V200R005SPH008 do not mask the password when uploading files, which allows physically proximate attackers to obtain sensitive password information by reading the display. | 6.2 |
| 2016-01-15 | CVE-2016-1898 | Information Exposure vulnerability in multiple products FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file. | 5.5 |
| 2016-01-15 | CVE-2016-1897 | Information Exposure vulnerability in multiple products FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file. | 5.5 |
| 2016-01-15 | CVE-2015-6423 | Permissions, Privileges, and Access Controls vulnerability in Cisco Adaptive Security Appliance Software The DCERPC Inspection implementation in Cisco Adaptive Security Appliance (ASA) Software 9.4.1 through 9.5.1 allows remote authenticated users to bypass an intended DCERPC-only ACL by sending arbitrary network traffic, aka Bug ID CSCuu67782. | 4.3 |
| 2016-01-15 | CVE-2015-3948 | Cross-site Scripting vulnerability in Advantech Webaccess Cross-site scripting (XSS) vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2016-01-15 | CVE-2015-3943 | Information Exposure vulnerability in Advantech Webaccess Advantech WebAccess before 8.1 allows remote attackers to read sensitive cleartext information about e-mail project accounts via unspecified vectors. | 5.3 |
| 2016-01-14 | CVE-2016-0777 | Information Exposure vulnerability in multiple products The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. | 6.5 |