Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-19 | CVE-2016-4815 | Path Traversal vulnerability in Buffalo products Directory traversal vulnerability on BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices with firmware 2.16 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
| 2016-06-19 | CVE-2016-4814 | Path Traversal vulnerability in GSI OLD GSI Maps Directory traversal vulnerability in kml2jsonp.php in Geospatial Information Authority of Japan (aka GSI) Old_GSI_Maps before January 2015 on Windows allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
| 2016-06-19 | CVE-2016-4371 | Cross-Site Request Forgery (CSRF) vulnerability in HP products HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery (SSRF) attacks via unspecified vectors, related to the Server, Web Client, Windows Client, and Service Request components. | 6.0 |
| 2016-06-19 | CVE-2016-1424 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS 15.2(1)T1.11/15.2(2)Tst Cisco IOS 15.2(1)T1.11 and 15.2(2)TST allows remote attackers to cause a denial of service (device crash) via a crafted LLDP packet, aka Bug ID CSCun63132. | 6.1 |
| 2016-06-19 | CVE-2016-1397 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote authenticated users to cause a denial of service (device reload) via crafted configuration commands in an HTTP request, aka Bug ID CSCux82523. | 6.8 |
| 2016-06-19 | CVE-2016-1396 | Cross-site Scripting vulnerability in Cisco products Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux82583. | 4.3 |
| 2016-06-19 | CVE-2016-1224 | Cross-site Scripting vulnerability in Trendmicro products CRLF injection vulnerability in Trend Micro Worry-Free Business Security Service 5.x and Worry-Free Business Security 9.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors. | 4.3 |
| 2016-06-19 | CVE-2016-1223 | Path Traversal vulnerability in Trendmicro products Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
| 2016-06-19 | CVE-2016-1183 | Permissions, Privileges, and Access Controls vulnerability in Nttdata Terasoluna Server Framework for Java web NTT Data TERASOLUNA Server Framework for Java(WEB) 2.0.0.1 through 2.0.6.1, as used in Fujitsu Interstage Business Application Server and other products, allows remote attackers to bypass a file-extension protection mechanism, and consequently read arbitrary files, via a crafted pathname. | 4.3 |
| 2016-06-18 | CVE-2016-1432 | Resource Management Errors vulnerability in Cisco IOS XE 3.15.0S/3.15.1S/3.16.0S Cisco IOS XE 3.15S and 3.16S on cBR-8 Converged Broadband Router devices allows remote authenticated users to cause a denial of service (NULL pointer dereference and card restart) via a crafted SNMP request, aka Bug ID CSCuu68862. | 6.8 |