Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-08-01 | CVE-2016-1605 | Path Traversal vulnerability in Netiq Sentinel 7.4/7.4.1 Directory traversal vulnerability in the ReportViewServlet servlet in the server in NetIQ Sentinel 7.4.x before 7.4.2 allows remote attackers to read arbitrary files via a PREVIEW value for the fileType field. | 6.5 |
| 2016-08-01 | CVE-2016-1461 | Improper Input Validation vulnerability in Cisco Asyncos Cisco AsyncOS on Email Security Appliance (ESA) devices through 9.7.0-125 allows remote attackers to bypass malware detection via a crafted attachment in an e-mail message, aka Bug ID CSCuz14932. | 5.0 |
| 2016-07-28 | CVE-2016-5005 | Cross-site Scripting vulnerability in Apache Archiva Cross-site scripting (XSS) vulnerability in Apache Archiva 1.3.9 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via the connector.sourceRepoId parameter to admin/addProxyConnector_commit.action. | 4.8 |
| 2016-07-28 | CVE-2016-1467 | Resource Management Errors vulnerability in Cisco Videoscape Session Resource Manager Cisco Videoscape Session Resource Manager (VSRM) allows remote attackers to cause a denial of service (device restart) by sending a traffic flood to upstream devices, aka Bug ID CSCva01813. | 6.1 |
| 2016-07-28 | CVE-2016-1465 | Resource Management Errors vulnerability in Cisco Nx-Os Cisco Nexus 1000v Application Virtual Switch (AVS) devices before 5.2(1)SV3(1.5i) allow remote attackers to cause a denial of service (ESXi hypervisor crash and purple screen) via a crafted Cisco Discovery Protocol packet that triggers an out-of-bounds memory access, aka Bug ID CSCuw57985. | 6.1 |
| 2016-07-28 | CVE-2016-1463 | Improper Input Validation vulnerability in Cisco Firesight System Software Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0, and 6.0.1 allows remote attackers to bypass Snort rules via crafted parameters in the header of an HTTP packet, aka Bug ID CSCuz20737. | 5.0 |
| 2016-07-28 | CVE-2016-1462 | Cross-site Scripting vulnerability in Cisco Prime Service Catalog 11.0Base Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Prime Service Catalog (PSC) 11.0 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuz63795. | 4.3 |
| 2016-07-28 | CVE-2016-1460 | Resource Management Errors vulnerability in Cisco Wireless LAN Controller Software 7.4.121.0/8.0.0.30220.385 Cisco Wireless LAN Controller (WLC) devices 7.4(121.0) and 8.0(0.30220.385) allow remote attackers to cause a denial of service via crafted wireless management frames, aka Bug ID CSCun92979. | 6.1 |
| 2016-07-26 | CVE-2016-3992 | Improper Access Control vulnerability in multiple products cronic before 3 allows local users to write to arbitrary files via a symlink attack on a (1) cronic.out.$$, (2) cronic.err.$$, or (3) cronic.trace.$$ file in /tmp. | 4.9 |
| 2016-07-25 | CVE-2016-6292 | NULL Pointer Dereference vulnerability in PHP The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image. | 6.5 |