Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-11-23 | CVE-2016-1248 | Improper Input Validation vulnerability in VIM vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened. | 6.8 |
| 2016-11-23 | CVE-2016-9567 | Information Exposure vulnerability in Samsung Mobile 6.0 The mDNIe system service on Samsung Mobile S7 devices with M(6.0) software does not properly restrict setmDNIeScreenCurtain API calls, enabling attackers to control a device's screen. | 4.3 |
| 2016-11-23 | CVE-2016-8673 | Cross-Site Request Forgery (CSRF) vulnerability in Siemens products A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. | 6.8 |
| 2016-11-23 | CVE-2016-8672 | Information Exposure vulnerability in Siemens products A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. | 5.0 |
| 2016-11-23 | CVE-2016-9563 | XXE vulnerability in SAP Netweaver Application Server Java 7.50 BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via the sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn URI, aka SAP Security Note 2296909. | 4.0 |
| 2016-11-23 | CVE-2016-9562 | NULL Pointer Dereference vulnerability in SAP Netweaver 7.40 SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service (null pointer exception and icman outage) via an HTTPS request to the sap.com~P4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835. | 5.0 |
| 2016-11-22 | CVE-2015-8978 | Resource Management Errors vulnerability in Soap::Lite Project Soap::Lite In Soap Lite (aka the SOAP::Lite extension for Perl) 1.14 and earlier, an example attack consists of defining 10 or more XML entities, each defined as consisting of 10 of the previous entity, with the document consisting of a single instance of the largest entity, which expands to one billion copies of the first entity. | 5.0 |
| 2016-11-22 | CVE-2016-9155 | Improper Access Control vulnerability in Siemens products The following SIEMENS branded IP Camera Models CCMW3025, CVMW3025-IR, CFMW3025 prior to version 1.41_SP18_S1; CCPW3025, CCPW5025 prior to version 0.1.73_S1; CCMD3025-DN18 prior to version v1.394_S1; CCID1445-DN18, CCID1445-DN28, CCID1145-DN36, CFIS1425, CCIS1425, CFMS2025, CCMS2025, CVMS2025-IR, CFMW1025, CCMW1025 prior to version v2635_SP1 could allow an attacker with network access to the web server to obtain administrative credentials under certain circumstances. | 5.0 |
| 2016-11-19 | CVE-2016-9151 | Permissions, Privileges, and Access Controls vulnerability in Paloaltonetworks Pan-Os Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows local users to gain privileges via crafted values of unspecified environment variables. | 4.6 |
| 2016-11-19 | CVE-2016-9149 | Data Processing Errors vulnerability in Paloaltonetworks Pan-Os The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 mishandles single quote characters, which allows remote authenticated users to conduct XPath injection attacks via a crafted string. | 4.0 |