Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-23 | CVE-2016-1437 | SQL Injection vulnerability in Cisco Prime Collaboration Deployment SQL injection vulnerability in the SQL database in Cisco Prime Collaboration Deployment before 11.5.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy92549. | 4.0 |
| 2016-06-23 | CVE-2016-1436 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco ASR 5000 Software The General Packet Radio Switching Tunneling Protocol 1 (aka GTPv1) implementation on Cisco ASR 5000 Packet Data Network Gateway devices before 19.4 allows remote attackers to cause a denial of service (Session Manager process restart) via a crafted GTPv1 packet, aka Bug ID CSCuz46198. | 5.0 |
| 2016-06-23 | CVE-2016-1435 | Permissions, Privileges, and Access Controls vulnerability in Cisco IP Phone 8800 Series Firmware 11.0(1) Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014. | 6.2 |
| 2016-06-23 | CVE-2016-1434 | Improper Input Validation vulnerability in Cisco IP Phone 8800 Series Firmware 11.0(1) The license-certificate upload functionality on Cisco 8800 phones with software 11.0(1) allows remote authenticated users to delete arbitrary files via an invalid file, aka Bug ID CSCuz03010. | 4.0 |
| 2016-06-23 | CVE-2016-1428 | Denial of Service vulnerability in Cisco IOS XE 3.15.0S/3.16.0S/3.17.0S Double free vulnerability in Cisco IOS XE 3.15S, 3.16S, and 3.17S allows remote authenticated users to cause a denial of service (device restart) via a sequence of crafted SNMP read requests, aka Bug ID CSCux13174. | 6.8 |
| 2016-06-23 | CVE-2016-0914 | Improper Access Control vulnerability in EMC products EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Documentum TaskSpace 6.7 SP3 allow remote authenticated users to bypass intended access restrictions and execute arbitrary IAPI/IDQL commands via the IAPI/IDQL interface. | 6.5 |
| 2016-06-20 | CVE-2016-2364 | Unspecified vulnerability in Fonality and HUD web The Chrome HUDweb plugin before 2016-05-05 for Fonality (previously trixbox Pro) 12.6 through 14.1i uses the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation. | 5.0 |
| 2016-06-20 | CVE-2016-2178 | Information Exposure Through Discrepancy vulnerability in multiple products The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. | 5.5 |
| 2016-06-20 | CVE-2015-8289 | Information Exposure vulnerability in Netgear D3600 Firmware and D6000 Firmware The password-recovery feature on NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier allows remote attackers to discover the cleartext administrator password by reading the cgi-bin/passrec.asp HTML source code. | 4.3 |
| 2016-06-20 | CVE-2015-8288 | Unspecified vulnerability in Netgear D3600 Firmware and D6000 Firmware NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation. network netgear | 4.3 |