Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-13 | CVE-2016-3982 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow. | 6.8 |
| 2016-04-13 | CVE-2016-3686 | Information Exposure vulnerability in F5 Big-Ip Access Policy Manager and Big-Ip Edge Gateway The Single Sign-On (SSO) feature in F5 BIG-IP APM 11.x before 11.6.0 HF6 and BIG-IP Edge Gateway 11.0.0 through 11.3.0 might allow remote attackers to obtain sensitive SessionId information by leveraging access to the Location HTTP header in a redirect. | 4.3 |
| 2016-04-13 | CVE-2016-3069 | Improper Input Validation vulnerability in multiple products Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository. | 6.8 |
| 2016-04-13 | CVE-2016-3068 | Improper Input Validation vulnerability in multiple products Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository. | 6.8 |
| 2016-04-13 | CVE-2016-2533 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file. | 4.3 |
| 2016-04-13 | CVE-2016-2228 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_menubar.html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via the searchfield parameter, as demonstrated by a request to xplorer/gollem/manager.php. | 4.3 |
| 2016-04-13 | CVE-2016-2191 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image. | 4.3 |
| 2016-04-13 | CVE-2016-2084 | Information Exposure vulnerability in F5 products F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP AAM 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP DNS 12.0.0 before build 1.14.628; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, and 11.6.0 before build 6.204.442; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 build 685-HF10; BIG-IQ Cloud, Device, and Security 4.2.0 through 4.5.0; and BIG-IQ ADC 4.5.0 do not properly regenerate certificates and keys when deploying cloud images in Amazon Web Services (AWS), Azure or Verizon cloud services environments, which allows attackers to obtain sensitive information or cause a denial of service (disruption) by leveraging a target instance configuration. | 4.0 |
| 2016-04-13 | CVE-2016-2056 | Command Injection vulnerability in multiple products xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2) web/chpasswd.c. | 6.5 |
| 2016-04-13 | CVE-2016-2055 | Information Exposure vulnerability in multiple products xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command. | 5.0 |