Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-05 | CVE-2016-1674 | The extensions subsystem in Google Chrome before 51.0.2704.63 allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | 8.8 |
| 2016-06-05 | CVE-2016-1673 | Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | 8.8 |
| 2016-06-05 | CVE-2016-1672 | Improper Access Control vulnerability in multiple products The ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via unspecified vectors. | 8.8 |
| 2016-06-04 | CVE-2016-4563 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. | 8.8 |
| 2016-06-04 | CVE-2016-4562 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. | 8.8 |
| 2016-06-04 | CVE-2016-1403 | Improper Input Validation vulnerability in Cisco IP Phone 8800 Series Firmware CISCO IP 8800 phones with software 11.0.1 and earlier allow local users to gain privileges for OS command execution via crafted CLI commands, aka Bug ID CSCuz03005. | 7.8 |
| 2016-06-04 | CVE-2016-1391 | Improper Input Validation vulnerability in Cisco products Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) allow remote authenticated users to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuy21889. | 8.8 |
| 2016-06-04 | CVE-2016-1390 | Improper Input Validation vulnerability in Cisco products Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow local users to obtain root access via crafted CLI input, aka Bug ID CSCuy21892. | 7.8 |
| 2016-06-03 | CVE-2016-3944 | Improper Input Validation vulnerability in Lenovo Accelerator Application UpdateAgent in Lenovo Accelerator Application allows man-in-the-middle attackers to execute arbitrary code by spoofing an update response from susapi.lenovomm.com. | 7.5 |
| 2016-06-03 | CVE-2016-3096 | Link Following vulnerability in multiple products The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory. | 7.8 |