Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-30 | CVE-2016-5301 | Improper Input Validation vulnerability in multiple products The parse_chunk_header function in libtorrent before 1.1.1 allows remote attackers to cause a denial of service (crash) via a crafted (1) HTTP response or possibly a (2) UPnP broadcast. | 7.5 |
| 2016-06-30 | CVE-2016-5020 | Permissions, Privileges, and Access Controls vulnerability in F5 products F5 BIG-IP before 12.0.0 HF3 allows remote authenticated users to modify the account configuration of users with the Resource Administration role and gain privilege via a crafted external Extended Application Verification (EAV) monitor script. | 8.8 |
| 2016-06-30 | CVE-2016-4971 | GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. | 8.8 |
| 2016-06-30 | CVE-2016-4803 | Unspecified vulnerability in Dotcms CRLF injection vulnerability in the send email functionality in dotCMS before 3.3.2 allows remote attackers to inject arbitrary email headers via CRLF sequences in the subject. | 7.5 |
| 2016-06-30 | CVE-2016-4472 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. | 8.1 |
| 2016-06-30 | CVE-2016-4309 | Unspecified vulnerability in Getsymphony Symphony 2.6.7 Session fixation vulnerability in Symphony CMS 2.6.7, when session.use_only_cookies is disabled, allows remote attackers to hijack web sessions via the PHPSESSID parameter. | 7.5 |
| 2016-06-30 | CVE-2015-8899 | Improper Input Validation vulnerability in multiple products Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally. | 7.5 |
| 2016-06-30 | CVE-2016-5840 | Improper Input Validation vulnerability in Trend Micro Deep Discovery Inspector 3.7/3.81/3.82 hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header. | 7.2 |
| 2016-06-30 | CVE-2016-5729 | Permissions, Privileges, and Access Controls vulnerability in Lenovo Bios EFI Driver Lenovo BIOS EFI Driver allows local administrators to execute arbitrary code with System Management Mode (SMM) privileges via unspecified vectors. | 8.2 |
| 2016-06-30 | CVE-2016-5368 | Resource Management Errors vulnerability in Huawei Ar3200 Firmware V200R005C20/V200R005C32/V200R007C00 Memory leak in Huawei AR3200 before V200R007C00SPC900 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted Multiprotocol Label Switching (MPLS) packets. | 7.5 |