Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-09-18 | CVE-2016-4719 | Information Exposure vulnerability in Apple Iphone OS and Watchos The GeoServices component in Apple iOS before 10 and watchOS before 3 does not properly restrict access to PlaceData information, which allows attackers to discover physical locations via a crafted application. | 4.3 |
2016-09-18 | CVE-2016-4620 | Information Exposure vulnerability in Apple Iphone OS The Sandbox Profiles component in Apple iOS before 10 does not properly restrict access to directory metadata for SMS draft directories, which allows attackers to discover text-message recipients via a crafted app. | 4.3 |
2016-09-18 | CVE-2016-1433 | Resource Management Errors vulnerability in Cisco IOS XR 6.0.0/6.0.1/6.0Base Cisco IOS XR 6.0 and 6.0.1 on NCS 6000 devices allows remote attackers to cause a denial of service (OSPFv3 process reload) via crafted OSPFv3 packets, aka Bug ID CSCuz66289. | 5.0 |
2016-09-18 | CVE-2016-6643 | Cross-site Scripting vulnerability in EMC Vipr SRM 3.6.0/3.6.4 Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2016-09-18 | CVE-2016-6642 | Cross-Site Request Forgery (CSRF) vulnerability in EMC Vipr SRM 3.6.0/3.6.4 Cross-site request forgery (CSRF) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to hijack the authentication of administrators for requests that upload files. | 5.8 |
2016-09-18 | CVE-2016-6639 | 7PK - Security Features vulnerability in multiple products Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products, place the .profile file in the htdocs directory, which might allow remote attackers to obtain sensitive information via an HTTP GET request for this file. | 5.0 |
2016-09-18 | CVE-2016-0930 | Race Condition vulnerability in Pivotal Operations Manager Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.19 and 1.7.x before 1.7.10, when vCloud or vSphere is used, has a default password for compilation VMs, which allows remote attackers to obtain SSH access by connecting within an installation-time period during which these VMs exist. | 5.0 |
2016-09-18 | CVE-2016-0929 | Information Exposure vulnerability in Pivotal Software Rabbitmq The metrics-collection component in RabbitMQ for Pivotal Cloud Foundry (PCF) 1.6.x before 1.6.4 logs command lines of failed commands, which might allow context-dependent attackers to obtain sensitive information by reading the log data, as demonstrated by a syslog message that contains credentials from a command line. | 5.0 |
2016-09-18 | CVE-2016-0928 | Open Redirect vulnerability in Pivotal Cloud Foundry Elastic Runtime Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 5.8 |
2016-09-18 | CVE-2016-0927 | Cross-site Scripting vulnerability in Pivotal Software Cloud Foundry Elastic Runtime Cross-site scripting (XSS) vulnerability in Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |