Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-09-18 CVE-2016-4719 Information Exposure vulnerability in Apple Iphone OS and Watchos
The GeoServices component in Apple iOS before 10 and watchOS before 3 does not properly restrict access to PlaceData information, which allows attackers to discover physical locations via a crafted application.
network
apple CWE-200
4.3
2016-09-18 CVE-2016-4620 Information Exposure vulnerability in Apple Iphone OS
The Sandbox Profiles component in Apple iOS before 10 does not properly restrict access to directory metadata for SMS draft directories, which allows attackers to discover text-message recipients via a crafted app.
network
apple CWE-200
4.3
2016-09-18 CVE-2016-1433 Resource Management Errors vulnerability in Cisco IOS XR 6.0.0/6.0.1/6.0Base
Cisco IOS XR 6.0 and 6.0.1 on NCS 6000 devices allows remote attackers to cause a denial of service (OSPFv3 process reload) via crafted OSPFv3 packets, aka Bug ID CSCuz66289.
network
low complexity
cisco CWE-399
5.0
2016-09-18 CVE-2016-6643 Cross-site Scripting vulnerability in EMC Vipr SRM 3.6.0/3.6.4
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
emc CWE-79
4.3
2016-09-18 CVE-2016-6642 Cross-Site Request Forgery (CSRF) vulnerability in EMC Vipr SRM 3.6.0/3.6.4
Cross-site request forgery (CSRF) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to hijack the authentication of administrators for requests that upload files.
network
emc CWE-352
5.8
2016-09-18 CVE-2016-6639 7PK - Security Features vulnerability in multiple products
Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products, place the .profile file in the htdocs directory, which might allow remote attackers to obtain sensitive information via an HTTP GET request for this file.
network
low complexity
cloudfoundry pivotal CWE-254
5.0
2016-09-18 CVE-2016-0930 Race Condition vulnerability in Pivotal Operations Manager
Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.19 and 1.7.x before 1.7.10, when vCloud or vSphere is used, has a default password for compilation VMs, which allows remote attackers to obtain SSH access by connecting within an installation-time period during which these VMs exist.
network
low complexity
pivotal CWE-362
5.0
2016-09-18 CVE-2016-0929 Information Exposure vulnerability in Pivotal Software Rabbitmq
The metrics-collection component in RabbitMQ for Pivotal Cloud Foundry (PCF) 1.6.x before 1.6.4 logs command lines of failed commands, which might allow context-dependent attackers to obtain sensitive information by reading the log data, as demonstrated by a syslog message that contains credentials from a command line.
network
low complexity
pivotal-software CWE-200
5.0
2016-09-18 CVE-2016-0928 Open Redirect vulnerability in Pivotal Cloud Foundry Elastic Runtime
Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
network
pivotal CWE-601
5.8
2016-09-18 CVE-2016-0927 Cross-site Scripting vulnerability in Pivotal Software Cloud Foundry Elastic Runtime
Cross-site scripting (XSS) vulnerability in Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4.3