Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-06 | CVE-2016-3118 | Unspecified vulnerability in Broadcom API Gateway CRLF injection vulnerability in CA API Gateway (formerly Layer7 API Gateway) 7.1 before 7.1.04, 8.0 through 8.3 before 8.3.01, and 8.4 before 8.4.01 allows remote attackers to have an unspecified impact via unknown vectors. | 6.4 |
| 2016-04-05 | CVE-2016-3125 | Cryptographic Issues vulnerability in multiple products The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors. | 5.0 |
| 2016-04-05 | CVE-2016-1177 | 7PK - Security Features vulnerability in Falconsc Wisepoint and Wisepoint Authenticator The management screen in Falcon WisePoint 4.3.1 and earlier and WisePoint Authenticator 4.1.19.22 and earlier allows remote attackers to conduct clickjacking attacks via unspecified vectors. | 4.3 |
| 2016-04-05 | CVE-2016-1789 | XML External Entity Information Disclosure vulnerability in Apple Ibooks Author 2.4.0 Apple iBooks Author before 2.4.1 allows remote attackers to read arbitrary files via an iBooks Author file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. network apple | 4.3 |
| 2016-04-05 | CVE-2016-1176 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sharp EVA Animator Buffer overflow in the ActiveX control in Sharp EVA Animeter allows remote attackers to execute arbitrary code via a crafted web page. | 6.8 |
| 2016-04-05 | CVE-2016-1175 | Cross-Site Request Forgery (CSRF) vulnerability in Sharp Aquos Hn-Pp150 Firmware 1.02.00.04/1.03.01.04 Cross-site request forgery (CSRF) vulnerability in AQUOS Photo Player HN-PP150 1.02.00.04 through 1.03.01.04 allows remote attackers to hijack the authentication of arbitrary users. | 5.8 |
| 2016-04-05 | CVE-2016-0289 | Improper Access Control vulnerability in IBM Maximo Asset Management shiprec.xml in the SHIPREC application in IBM Maximo Asset Management 7.1 and 7.5 before 7.5.0.10 and 7.6 before 7.6.0.4 allows remote authenticated users to bypass intended item-selection restrictions via unspecified vectors. | 4.0 |
| 2016-04-05 | CVE-2015-8523 | Improper Access Control vulnerability in IBM Tivoli Storage Manager Fastback The server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to cause a denial of service (service crash) via crafted packets to a TCP port. | 5.0 |
| 2016-04-01 | CVE-2016-2289 | Path Traversal vulnerability in Iconics Webhmi 9.0 Directory traversal vulnerability in ICONICS WebHMI 9 and earlier allows remote attackers to read configuration files, and consequently discover password hashes, via unspecified vectors. | 5.0 |
| 2016-04-01 | CVE-2016-0793 | Information Exposure vulnerability in Redhat Jboss Wildfly Application Server 10.0.0 Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBoss Application Server) before 10.0.0.Final on Windows allows remote attackers to read the sensitive files in the (1) WEB-INF or (2) META-INF directory via a request that contains (a) lowercase or (b) "meaningless" characters. | 5.0 |