Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-06-18 CVE-2016-1431 Cross-site Scripting vulnerability in Cisco Firepower Management Center
Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur25516.
network
cisco CWE-79
4.3
2016-06-18 CVE-2016-1427 Information Exposure vulnerability in Cisco Prime Network Registrar
The System Configuration Protocol (SCP) core messaging interface in Cisco Prime Network Registrar 8.2 before 8.2.3.1 and 8.3 before 8.3.2 allows remote attackers to obtain sensitive information via crafted SCP messages, aka Bug ID CSCuv35694.
network
low complexity
cisco CWE-200
5.0
2016-06-17 CVE-2016-5433 Improper Input Validation vulnerability in Citrix IOS Receiver
Citrix iOS Receiver before 7.0 allows attackers to cause TLS certificates to be incorrectly validated via unspecified vectors.
network
citrix CWE-20
5.8
2016-06-17 CVE-2016-5363 7PK - Security Features vulnerability in Openstack Neutron
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended MAC-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via (1) a crafted DHCP discovery message or (2) crafted non-IP traffic.
network
low complexity
openstack CWE-254
6.4
2016-06-17 CVE-2016-5362 7PK - Security Features vulnerability in Openstack Neutron
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message.
network
low complexity
openstack CWE-254
6.4
2016-06-17 CVE-2015-8914 7PK - Security Features vulnerability in Openstack Neutron
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address.
network
low complexity
openstack CWE-254
6.4
2016-06-16 CVE-2016-3687 Open Redirect vulnerability in Multiple F5 BIG-IP Products
Open redirect vulnerability in F5 BIG-IP APM 11.2.1, 11.4.x, 11.5.x, and 11.6.x before 11.6.0 HF6 and Edge Gateway 11.2.1, when using multi-domain single sign-on (SSO), allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in the SSO_ORIG_URI parameter.
network
high complexity
f5
4.0
2016-06-16 CVE-2016-2841 Improper Input Validation vulnerability in multiple products
The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control.
local
low complexity
qemu canonical CWE-20
6.0
2016-06-16 CVE-2016-2392 The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet.
local
low complexity
qemu canonical
6.5
2016-06-16 CVE-2016-2391 NULL Pointer Dereference vulnerability in multiple products
The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers.
local
low complexity
qemu canonical debian CWE-476
5.0