Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-09-18 CVE-2016-0926 Cross-site Scripting vulnerability in Pivotal Software Cloud Foundry Elastic Runtime
Cross-site scripting (XSS) vulnerability in Apps Manager in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.32 and 1.7.x before 1.7.8 allows remote attackers to inject arbitrary web script or HTML via unspecified input that improperly interacts with the AngularJS framework.
4.3
2016-09-18 CVE-2016-0923 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Dell Bsafe
The client in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.9 and 4.1.x before 4.1.5 places the weakest algorithms first in a signature-algorithm list transmitted to a server, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging server behavior in which the first algorithm is used.
network
low complexity
dell CWE-327
5.0
2016-09-18 CVE-2016-0922 Improper Authorization vulnerability in EMC Vipr SRM 3.6.0/3.6.4
EMC ViPR SRM before 3.7.2 does not restrict the number of password-authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force guessing attack.
network
low complexity
emc CWE-285
5.0
2016-09-18 CVE-2016-0883 Improper Authentication vulnerability in Pivotal Software Operations Manager
Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication by leveraging knowledge of this key from another installation.
network
low complexity
pivotal-software CWE-287
5.0
2016-09-17 CVE-2016-7418 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.
network
low complexity
php CWE-119
5.0
2016-09-17 CVE-2016-7416 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP
ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument.
network
low complexity
php CWE-119
5.0
2016-09-17 CVE-2016-7412 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP
ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.
network
php CWE-119
6.8
2016-09-17 CVE-2016-6644 Permissions, Privileges, and Access Controls vulnerability in EMC Documentum D2 4.5/4.6
EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value.
network
low complexity
emc CWE-264
5.0
2016-09-17 CVE-2016-6407 Resource Management Errors vulnerability in Cisco web Security Appliance
Cisco AsyncOS through 9.5.0-444 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (link saturation) by making many HTTP requests for overlapping byte ranges simultaneously, aka Bug ID CSCuz27219.
network
low complexity
cisco CWE-399
5.0
2016-09-17 CVE-2016-6401 Resource Management Errors vulnerability in Cisco Carrier Routing System 5.1.4/5.1Base
Cisco Carrier Routing System (CRS) 5.1 and 5.1.4, as used in CRS Carrier Grade Services for CRS-1 and CRS-3 devices, allows remote attackers to cause a denial of service (line-card reload) via crafted IPv6-over-MPLS packets, aka Bug ID CSCva32494.
5.7