Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-05-12 | CVE-2016-4498 | Improper Input Validation vulnerability in Panasonic Fpwin PRO Panasonic FPWIN Pro 5.x through 7.x before 7.130 accesses an uninitialized pointer, which allows local users to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 6.8 |
| 2016-05-12 | CVE-2016-4497 | Improper Input Validation vulnerability in Panasonic Fpwin PRO Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." | 6.8 |
| 2016-05-12 | CVE-2016-4496 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Panasonic Fpwin PRO Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by triggering a crafted index value, as demonstrated by an integer overflow. | 4.4 |
| 2016-05-12 | CVE-2016-1393 | SQL Injection vulnerability in Cisco Cloud Network Automation Provisioner 1.0/1.1 SQL injection vulnerability in Cisco Cloud Network Automation Provisioner (CNAP) 1.0 and 1.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy72175. | 6.5 |
| 2016-05-11 | CVE-2016-3712 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode. | 5.5 |
| 2016-05-11 | CVE-2016-1236 | Cross-site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in (1) revision.php, (2) log.php, (3) listing.php, and (4) comp.php in WebSVN allow context-dependent attackers to inject arbitrary web script or HTML via the name of a (a) file or (b) directory in a repository. | 4.3 |
| 2016-05-11 | CVE-2016-1092 | Information Exposure vulnerability in Adobe products Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to obtain sensitive information from process memory via unspecified vectors, a different vulnerability than CVE-2016-1079. | 5.0 |
| 2016-05-11 | CVE-2016-1079 | Information Exposure vulnerability in Adobe products Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to obtain sensitive information from process memory via unspecified vectors, a different vulnerability than CVE-2016-1092. | 5.0 |
| 2016-05-11 | CVE-2016-1115 | Improper Input Validation vulnerability in Adobe Coldfusion 10.0/11.0/2016 Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 mishandles wildcards in name fields of X.509 certificates, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate. | 4.3 |
| 2016-05-11 | CVE-2016-1113 | Cross-site Scripting vulnerability in Adobe Coldfusion 10.0/11.0/2016 Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |