Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-08-05 | CVE-2016-3196 | Cross-site Scripting vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section. | 5.4 |
| 2016-08-05 | CVE-2016-3097 | Cross-site Scripting vulnerability in Redhat Satellite 5.7 Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via a group name, related to viewing snapshot data. | 6.1 |
| 2016-08-05 | CVE-2016-3080 | Cross-site Scripting vulnerability in Redhat Satellite 5.7 Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via the (1) RHNMD User or (2) Filesystem parameters, related to display of monitoring probes. | 6.1 |
| 2016-08-05 | CVE-2016-1513 | Out-of-bounds Write vulnerability in Apache Openoffice The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read or write) or execute arbitrary code via crafted MetaActions in an (1) ODP or (2) OTP file. | 7.8 |
| 2016-08-05 | CVE-2016-5268 | 7PK - Security Features vulnerability in Mozilla Firefox Mozilla Firefox before 48.0 does not properly set the LINKABLE and URI_SAFE_FOR_UNTRUSTED_CONTENT flags of about: URLs that are used for error pages, which makes it easier for remote attackers to conduct spoofing attacks via a crafted URL, as demonstrated by misleading text after an about:neterror?d= substring. | 4.3 |
| 2016-08-05 | CVE-2016-5267 | Improper Input Validation vulnerability in Mozilla Firefox Mozilla Firefox before 48.0 on Android allows remote attackers to spoof the address bar via left-to-right characters in conjunction with a right-to-left character set. | 5.3 |
| 2016-08-05 | CVE-2016-5266 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTransfer) actions for file: URIs, which allows user-assisted remote attackers to access local files via a crafted web site. | 8.1 |
| 2016-08-05 | CVE-2016-5265 | Information Exposure vulnerability in multiple products Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS (UXSS) attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut file in the same local directory. | 5.5 |
| 2016-08-05 | CVE-2016-5264 | Use After Free vulnerability in multiple products Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG element that is mishandled during effect application. | 8.8 |
| 2016-08-05 | CVE-2016-5263 | Incorrect Type Conversion or Cast vulnerability in multiple products The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary code via a crafted web site that leverages "type confusion." | 8.8 |