Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-10 | CVE-2016-1421 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IP Phone 8800 Series Firmware 11.0(1) A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. | 5.0 |
| 2016-06-10 | CVE-2016-1419 | Improper Input Validation vulnerability in Cisco Aironet Access Point Software 8.2(102.43) Cisco Access Point devices with software 8.2(102.43) allow remote attackers to cause a denial of service (device reload) via crafted ARP packets, aka Bug ID CSCuy55803. | 6.8 |
| 2016-06-10 | CVE-2016-0910 | Permissions, Privileges, and Access Controls vulnerability in EMC Data Domain OS EMC Data Domain OS 5.5 before 5.5.4.0, 5.6 before 5.6.1.004, and 5.7 before 5.7.2.0 stores session identifiers of GUI users in a world-readable file, which allows local users to hijack arbitrary accounts via unspecified vectors. | 4.3 |
| 2016-06-10 | CVE-2015-8268 | Information Exposure vulnerability in Idera Uptime Infrastructure Monitor 7.5/7.6 The up.time agent in Idera Uptime Infrastructure Monitor 7.5 and 7.6 on Linux allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
| 2016-06-09 | CVE-2016-4449 | Improper Input Validation vulnerability in multiple products XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. | 5.8 |
| 2016-06-09 | CVE-2016-4532 | Path Traversal vulnerability in Trihedral Vtscada Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname. | 6.4 |
| 2016-06-09 | CVE-2016-4510 | Improper Authentication vulnerability in Trihedral Vtscada The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to bypass authentication and read arbitrary files via unspecified vectors. | 6.4 |
| 2016-06-09 | CVE-2016-4370 | Remote Command Execution vulnerability in HP Project and Portfolio Management Center HPE Project and Portfolio Management Center (PPM) 9.2x and 9.3x before 9.32.0002 allows remote authenticated users to execute arbitrary commands or obtain sensitive information via unspecified vectors. | 6.5 |
| 2016-06-08 | CVE-2016-3703 | Improper Access Control vulnerability in Redhat Openshift 3.1/3.2 Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote attackers to access API credentials in the web browser localStorage via an access_token in the query parameter. | 5.3 |
| 2016-06-08 | CVE-2016-2149 | Information Exposure vulnerability in Redhat Openshift 3.2 Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another namespace by using the same name as a previously deleted namespace when creating a new namespace. | 6.5 |