Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-08-08 CVE-2016-5330 Untrusted Search Path vulnerability in VMWare products
Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation Player 12.1.x before 12.1.1, and VMware Fusion 8.1.x before 8.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
local
vmware CWE-426
4.4
2016-08-08 CVE-2016-2989 Improper Access Control vulnerability in IBM Connections Portlets 5.0
Open redirect vulnerability in the Connections Portlets component 5.x before 5.0.2 for IBM WebSphere Portal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
network
ibm CWE-284
5.8
2016-08-08 CVE-2016-2960 Improper Access Control vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x before 8.5.5.10, 8.5.0.x and 16.0.0.x Liberty before Liberty Fix Pack 16.0.0.3, and 9.0.0.x before 9.0.0.1 allows remote attackers to cause a denial of service via crafted SIP messages.
network
ibm CWE-284
4.3
2016-08-08 CVE-2016-2914 Unrestricted Upload of File with Dangerous Type vulnerability in IBM Rational Publishing Engine 2.0.1
Unrestricted file upload vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to execute arbitrary code by specifying an unexpected file extension.
network
low complexity
ibm CWE-434
5.5
2016-08-08 CVE-2016-0361 Information Disclosure vulnerability in IBM Spectrum Scale
IBM General Parallel File System (GPFS) 3.5 before 3.5.0.29 efix 6 and 4.1.1 before 4.1.1.4 efix 9, when the Spectrum Scale GUI is used with DB2 on Linux, UNIX and Windows, allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated by discovering ADMIN passwords.
network
low complexity
ibm
4.0
2016-08-08 CVE-2016-0281 Improper Input Validation vulnerability in IBM AIX and Vios
The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a denial of service (FC1763 or FC5899 adapter crash) via crafted packets.
network
ibm CWE-20
4.3
2016-08-08 CVE-2016-0266 7PK - Security Features vulnerability in IBM AIX and Vios
IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
network
ibm CWE-254
4.3
2016-08-08 CVE-2016-4374 Server-Side Request Forgery (SSRF) vulnerability in HP Release Control 9.13/9.20/9.21
HPE Release Control (RC) 9.13, 9.20, and 9.21 before 9.21.0005 p4 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and consequently obtain sensitive information or cause a denial of service, via unspecified vectors.
network
low complexity
hp CWE-918
4.0
2016-08-08 CVE-2016-1474 Improper Access Control vulnerability in Cisco Prime Infrastructure 2.2(2)
Cisco Prime Infrastructure 2.2(2) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuw65846, a different vulnerability than CVE-2015-6434.
network
cisco CWE-284
4.3
2016-08-08 CVE-2016-1468 OS Command Injection vulnerability in Cisco Telepresence Video Communication Server X8.5.2
The administrative web interface in Cisco TelePresence Video Communication Server Expressway X8.5.2 allows remote authenticated users to execute arbitrary commands via crafted fields, aka Bug ID CSCuv12531.
network
low complexity
cisco CWE-78
6.5