Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-08-02 | CVE-2016-6232 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads. | 7.5 |
| 2016-08-02 | CVE-2016-6193 | Unspecified vulnerability in Huawei P8 Smartphone Firmware Gracl00C92B350 Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6192. | 7.8 |
| 2016-08-02 | CVE-2016-6192 | Permissions, Privileges, and Access Controls vulnerability in Huawei P8 Smartphone Firmware Gracl00C92B350 Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6193. | 7.3 |
| 2016-08-02 | CVE-2016-6178 | Improper Input Validation vulnerability in Huawei products Huawei NE40E and CX600 devices with software before V800R007SPH017; PTN 6900-2-M8 devices with software before V800R007SPH019; NE5000E devices with software before V800R006SPH018; and CloudEngine devices 12800 with software before V100R003SPH010 and V100R005 before V100R005SPH006 allow remote attackers with control plane access to cause a denial of service or execute arbitrary code via a crafted packet. | 9.8 |
| 2016-08-02 | CVE-2016-5403 | Resource Exhaustion vulnerability in multiple products The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion. | 5.5 |
| 2016-08-02 | CVE-2016-5229 | Improper Access Control vulnerability in Atlassian Bamboo Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to XStream Serialization. | 9.8 |
| 2016-08-02 | CVE-2016-2408 | Permissions, Privileges, and Access Controls vulnerability in Pulsesecure products Pulse Secure Desktop before 5.2R2 and Pulse Secure Installer Service before 8.2R2 and below for Windows allow restricted users to gain privileges via unspecified vectors. | 7.8 |
| 2016-08-02 | CVE-2016-1712 | Improper Input Validation vulnerability in Paloaltonetworks Pan-Os Palo Alto Networks PAN-OS before 5.0.19, 5.1.x before 5.1.12, 6.0.x before 6.0.14, 6.1.x before 6.1.12, and 7.0.x before 7.0.8 might allow local users to gain privileges by leveraging improper sanitization of the root_reboot local invocation. | 7.8 |
| 2016-08-02 | CVE-2016-6257 | Cryptographic Issues vulnerability in multiple products The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a "KeyJack injection attack." | 6.5 |
| 2016-08-02 | CVE-2016-6185 | The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory. | 7.8 |