Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-03 | CVE-2016-9802 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Bluez 5.42 In BlueZ 5.42, a buffer over-read was identified in "l2cap_packet" function in "monitor/packet.c" source file. | 5.0 |
| 2016-12-03 | CVE-2016-9801 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Bluez 5.42 In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" function in "tools/parser/l2cap.c" source file when processing corrupted dump file. | 5.0 |
| 2016-12-03 | CVE-2016-9800 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Bluez 5.42 In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" function in "tools/parser/hci.c" source file. | 5.0 |
| 2016-12-03 | CVE-2016-9799 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Bluez 5.42 In BlueZ 5.42, a buffer overflow was observed in "pklg_read_hci" function in "btsnoop.c" source file. | 5.0 |
| 2016-12-03 | CVE-2016-9798 | Use After Free vulnerability in Bluez 5.42 In BlueZ 5.42, a use-after-free was identified in "conf_opt" function in "tools/parser/l2cap.c" source file. | 5.0 |
| 2016-12-03 | CVE-2016-9797 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Bluez 5.42 In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" function in "tools/parser/l2cap.c" source file. | 5.0 |
| 2016-12-02 | CVE-2016-9479 | Credentials Management vulnerability in B2Evolution The "lost password" functionality in b2evolution before 6.7.9 allows remote attackers to reset arbitrary user passwords via a crafted request. | 5.0 |
| 2016-12-01 | CVE-2016-9752 | Server-Side Request Forgery (SSRF) vulnerability in S9Y Serendipity In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code. | 5.0 |
| 2016-12-01 | CVE-2016-9751 | Cross-site Scripting vulnerability in Piwigo 2.8.3 Cross-site scripting (XSS) vulnerability in the search results front end in Piwigo 2.8.3 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 4.3 |
| 2016-12-01 | CVE-2016-3055 | XXE vulnerability in IBM Filenet Workplace 4.0.2 IBM FileNet Workplace 4.0.2 before 4.0.2.14 LA012 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 5.5 |