Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-30 | CVE-2016-1200 | Improper Access Control vulnerability in Lockon Ec-Cube 3.0.7/3.0.8/3.0.9 The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2016-1199. | 6.5 |
| 2016-04-30 | CVE-2016-1199 | Information Exposure vulnerability in Lockon Ec-Cube The login page in the management screen in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to bypass intended IP address restrictions via unspecified vectors, a different vulnerability than CVE-2016-1200. | 5.0 |
| 2016-04-30 | CVE-2016-1111 | Double Free Remote Code Execution vulnerability in Adobe Acrobat and Reader Double free vulnerability in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via a crafted Graphics State dictionary. | 6.8 |
| 2016-04-28 | CVE-2016-1389 | Open Redirection vulnerability in Cisco Webex Meetings Server 2.6.0 Open redirect vulnerability in Cisco WebEx Meetings Server (CWMS) 2.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuy44695. network cisco | 4.3 |
| 2016-04-28 | CVE-2016-1386 | Permissions, Privileges, and Access Controls vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module 1.0.(1) The API in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0(1) allows remote attackers to spoof administrative notifications via crafted attribute-value pairs, aka Bug ID CSCux15521. | 5.0 |
| 2016-04-28 | CVE-2016-1205 | Cross-site Scripting vulnerability in Shiro8 products Cross-site scripting (XSS) vulnerability in the shiro8 (1) category_freearea_ addition_plugin plugin 1.0 and (2) itemdetail_freearea_ addition_plugin plugin 1.0 for EC-CUBE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2016-04-28 | CVE-2016-0211 | Improper Input Validation vulnerability in IBM DB2 and DB2 Connect IBM DB2 9.7 through FP11, 9.8, 10.1 through FP5, and 10.5 through FP7 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted DRDA message. | 4.0 |
| 2016-04-27 | CVE-2016-3156 | Resource Management Errors vulnerability in multiple products The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses. | 5.5 |
| 2016-04-27 | CVE-2016-3139 | The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. | 4.6 |
| 2016-04-27 | CVE-2016-2847 | Resource Management Errors vulnerability in multiple products fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes. | 6.2 |