Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-22 | CVE-2016-2303 | Unspecified vulnerability in Ecava Integraxor CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. | 5.0 |
| 2016-04-22 | CVE-2016-2302 | Information Exposure vulnerability in Ecava Integraxor Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages. | 5.0 |
| 2016-04-22 | CVE-2016-2301 | SQL Injection vulnerability in Ecava Integraxor SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
| 2016-04-22 | CVE-2016-2300 | Improper Authentication vulnerability in Ecava Integraxor Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors. | 6.4 |
| 2016-04-21 | CVE-2016-3977 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1.2 allows remote attackers to cause a denial of service (application crash) via the background color index in a GIF file. | 4.3 |
| 2016-04-21 | CVE-2016-3190 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a negative span length. | 5.0 |
| 2016-04-21 | CVE-2013-7449 | Cryptographic Issues vulnerability in multiple products The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 5.8 |
| 2016-04-21 | CVE-2016-3466 | Remote Security vulnerability in Oracle Field Service 12.1.1/12.1.2/12.1.3 Unspecified vulnerability in the Oracle Field Service component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Wireless. | 6.4 |
| 2016-04-21 | CVE-2016-3465 | Unspecified vulnerability in Oracle Solaris 11.3 Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to ZFS. | 4.9 |
| 2016-04-21 | CVE-2016-3464 | Remote Security vulnerability in Oracle Flexcube Direct Banking 12.0.3 Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 12.0.3 allows remote authenticated users to affect confidentiality via vectors related to Accounts. | 4.0 |