Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2016-08-03 CVE-2016-5671 Cross-Site Request Forgery (CSRF) vulnerability in Crestron Dm-Txrx-100-Str Firmware 1.2866.00026
Multiple cross-site request forgery (CSRF) vulnerabilities on Crestron Electronics DM-TXRX-100-STR devices with firmware through 1.3039.00040 allow remote attackers to hijack the authentication of arbitrary users.
network
low complexity
crestron CWE-352
8.8
2016-08-03 CVE-2016-5639 Path Traversal vulnerability in Crestron Airmedia Am-100 Firmware 1.2.1/1.4.0.12
Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read arbitrary files via a ..
network
low complexity
crestron CWE-22
7.5
2016-08-02 CVE-2016-6258 Improper Access Control vulnerability in multiple products
The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.
local
low complexity
xen citrix CWE-284
8.8
2016-08-02 CVE-2016-6232 Path Traversal vulnerability in multiple products
Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads.
network
low complexity
canonical kde CWE-22
7.5
2016-08-02 CVE-2016-6193 Unspecified vulnerability in Huawei P8 Smartphone Firmware Gracl00C92B350
Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6192.
local
low complexity
huawei
7.8
2016-08-02 CVE-2016-6192 Permissions, Privileges, and Access Controls vulnerability in Huawei P8 Smartphone Firmware Gracl00C92B350
Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6193.
local
low complexity
huawei CWE-264
7.3
2016-08-02 CVE-2016-2408 Permissions, Privileges, and Access Controls vulnerability in Pulsesecure products
Pulse Secure Desktop before 5.2R2 and Pulse Secure Installer Service before 8.2R2 and below for Windows allow restricted users to gain privileges via unspecified vectors.
local
low complexity
pulsesecure CWE-264
7.8
2016-08-02 CVE-2016-1712 Improper Input Validation vulnerability in Paloaltonetworks Pan-Os
Palo Alto Networks PAN-OS before 5.0.19, 5.1.x before 5.1.12, 6.0.x before 6.0.14, 6.1.x before 6.1.12, and 7.0.x before 7.0.8 might allow local users to gain privileges by leveraging improper sanitization of the root_reboot local invocation.
local
low complexity
paloaltonetworks CWE-20
7.8
2016-08-02 CVE-2016-6185 The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.
local
low complexity
perl fedoraproject debian oracle canonical
7.8
2016-08-02 CVE-2016-1238 Permissions, Privileges, and Access Controls vulnerability in multiple products
(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove .
7.8