Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-09-21 | CVE-2016-7143 | Improper Authorization vulnerability in multiple products The m_authenticate function in modules/m_sasl.c in Charybdis before 3.5.3 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter. | 8.1 |
| 2016-09-21 | CVE-2016-7093 | Permissions, Privileges, and Access Controls vulnerability in XEN 4.5.3/4.6.3/4.7.0 Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation. | 8.2 |
| 2016-09-21 | CVE-2016-7092 | Permissions, Privileges, and Access Controls vulnerability in XEN The get_page_from_l3e function in arch/x86/mm.c in Xen allows local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables. | 8.2 |
| 2016-09-21 | CVE-2016-6801 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery (CSRF) vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the authentication of unspecified victims for requests that create a resource via an HTTP POST request with a (1) missing or (2) crafted Content-Type header. | 8.8 |
| 2016-09-21 | CVE-2016-6250 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow. | 8.6 |
| 2016-09-21 | CVE-2016-6159 | Improper Authentication vulnerability in Huawei Ws331A Router Firmware Ws331A10V100R001C02B017Sp01 The management interface of Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allows remote attackers to bypass authentication and obtain administrative access by sending "special packages" to the LAN interface. | 7.5 |
| 2016-09-21 | CVE-2016-5427 | Resource Management Errors vulnerability in Powerdns Authoritative PowerDNS (aka pdns) Authoritative Server before 3.4.10 does not properly handle a . | 7.5 |
| 2016-09-21 | CVE-2016-5426 | Resource Management Errors vulnerability in Powerdns Authoritative PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service (backend CPU consumption) via a long qname. | 7.5 |
| 2016-09-21 | CVE-2016-5418 | Data Processing Errors vulnerability in multiple products The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file. | 7.5 |
| 2016-09-21 | CVE-2016-5017 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apache Zookeeper Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when using the "cmd:" batch mode syntax, allows attackers to have unspecified impact via a long command string. | 8.1 |