Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-19 | CVE-2016-0392 | Improper Access Control vulnerability in IBM products IBM General Parallel File System (GPFS) in GPFS Storage Server 2.0.0 through 2.0.7 and Elastic Storage Server 2.5.x through 2.5.5, 3.x before 3.5.5, and 4.x before 4.0.3, as distributed in Spectrum Scale RAID, allows local users to gain privileges via a crafted parameter to a setuid program. | 4.6 |
| 2016-06-19 | CVE-2015-7776 | Information Exposure vulnerability in Cybozu Garoon Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196. | 4.3 |
| 2016-06-19 | CVE-2016-1226 | Cross-site Scripting vulnerability in Trendmicro Internet Security 10.0/8.0 Cross-site scripting (XSS) vulnerability in Trend Micro Internet Security 8 and 10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2016-06-19 | CVE-2016-1225 | Information Exposure vulnerability in Trendmicro Internet Security 10.0/8.0 Trend Micro Internet Security 8 and 10 allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
| 2016-06-19 | CVE-2016-1197 | Cross-site Scripting vulnerability in Cybozu Garoon Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7775. | 4.3 |
| 2016-06-19 | CVE-2016-1195 | Open Redirection vulnerability in Cybozu Garoon Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. network cybozu | 5.8 |
| 2016-06-19 | CVE-2016-4821 | Denial of Service vulnerability in I-O DATA DEVICE ETX-R I-O DATA DEVICE ETX-R devices allow remote attackers to cause a denial of service (web-server crash) via unspecified vectors. | 5.0 |
| 2016-06-19 | CVE-2016-4820 | Cross-Site Request Forgery (CSRF) vulnerability in Iodata Etx-R Firmware Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ETX-R devices allows remote attackers to hijack the authentication of arbitrary users. | 6.8 |
| 2016-06-19 | CVE-2016-4817 | lib/http2/connection.c in H2O before 1.7.3 and 2.x before 2.0.0-beta5 mishandles HTTP/2 disconnection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted packet. network low complexity | 5.0 |
| 2016-06-19 | CVE-2016-4816 | Information Exposure vulnerability in Buffalo products BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices allow remote attackers to discover credentials and other sensitive information via unspecified vectors. | 4.3 |