Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-08-03 | CVE-2016-5668 | Unspecified vulnerability in Crestron Dm-Txrx-100-Str Firmware 1.2866.00026 Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication and change settings via a JSON API call. | 9.8 |
| 2016-08-03 | CVE-2016-5667 | Unspecified vulnerability in Crestron Dm-Txrx-100-Str Firmware 1.2866.00026 Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication via a direct request to a page other than index.html. | 9.8 |
| 2016-08-03 | CVE-2016-5666 | Unspecified vulnerability in Crestron Dm-Txrx-100-Str Firmware 1.2866.00026 Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 rely on the client to perform authentication, which allows remote attackers to obtain access by setting the value of objresp.authenabled to 1. | 9.8 |
| 2016-08-03 | CVE-2016-5640 | Command Injection vulnerability in Crestron Airmedia Am-100 Firmware 1.2.1 Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to execute arbitrary commands via a .. | 9.8 |
| 2016-08-03 | CVE-2016-5639 | Path Traversal vulnerability in Crestron Airmedia Am-100 Firmware 1.2.1/1.4.0.12 Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read arbitrary files via a .. | 7.5 |
| 2016-08-03 | CVE-2016-4833 | Cross-site Scripting vulnerability in Nofollow Links Project Nofollow Links Cross-site scripting (XSS) vulnerability in the Nofollow Links plugin before 1.0.11 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2016-08-02 | CVE-2016-6259 | Improper Input Validation vulnerability in multiple products Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check. | 6.2 |
| 2016-08-02 | CVE-2016-6258 | Improper Access Control vulnerability in multiple products The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries. | 8.8 |
| 2016-08-02 | CVE-2016-6232 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads. | 7.5 |
| 2016-08-02 | CVE-2016-6193 | Unspecified vulnerability in Huawei P8 Smartphone Firmware Gracl00C92B350 Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6192. | 7.8 |