Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-08-08 | CVE-2016-5330 | Untrusted Search Path vulnerability in VMWare products Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation Player 12.1.x before 12.1.1, and VMware Fusion 8.1.x before 8.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | 4.4 |
2016-08-08 | CVE-2016-2989 | Improper Access Control vulnerability in IBM Connections Portlets 5.0 Open redirect vulnerability in the Connections Portlets component 5.x before 5.0.2 for IBM WebSphere Portal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 5.8 |
2016-08-08 | CVE-2016-2960 | Improper Access Control vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x before 8.5.5.10, 8.5.0.x and 16.0.0.x Liberty before Liberty Fix Pack 16.0.0.3, and 9.0.0.x before 9.0.0.1 allows remote attackers to cause a denial of service via crafted SIP messages. | 4.3 |
2016-08-08 | CVE-2016-2914 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Rational Publishing Engine 2.0.1 Unrestricted file upload vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to execute arbitrary code by specifying an unexpected file extension. | 5.5 |
2016-08-08 | CVE-2016-0361 | Information Disclosure vulnerability in IBM Spectrum Scale IBM General Parallel File System (GPFS) 3.5 before 3.5.0.29 efix 6 and 4.1.1 before 4.1.1.4 efix 9, when the Spectrum Scale GUI is used with DB2 on Linux, UNIX and Windows, allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated by discovering ADMIN passwords. | 4.0 |
2016-08-08 | CVE-2016-0281 | Improper Input Validation vulnerability in IBM AIX and Vios The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a denial of service (FC1763 or FC5899 adapter crash) via crafted packets. | 4.3 |
2016-08-08 | CVE-2016-0266 | 7PK - Security Features vulnerability in IBM AIX and Vios IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors. | 4.3 |
2016-08-08 | CVE-2016-4374 | Server-Side Request Forgery (SSRF) vulnerability in HP Release Control 9.13/9.20/9.21 HPE Release Control (RC) 9.13, 9.20, and 9.21 before 9.21.0005 p4 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and consequently obtain sensitive information or cause a denial of service, via unspecified vectors. | 4.0 |
2016-08-08 | CVE-2016-1474 | Improper Access Control vulnerability in Cisco Prime Infrastructure 2.2(2) Cisco Prime Infrastructure 2.2(2) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuw65846, a different vulnerability than CVE-2015-6434. | 4.3 |
2016-08-08 | CVE-2016-1468 | OS Command Injection vulnerability in Cisco Telepresence Video Communication Server X8.5.2 The administrative web interface in Cisco TelePresence Video Communication Server Expressway X8.5.2 allows remote authenticated users to execute arbitrary commands via crafted fields, aka Bug ID CSCuv12531. | 6.5 |