Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-09-21 CVE-2016-6158 Cross-Site Request Forgery (CSRF) vulnerability in Huawei Ws331A Router Firmware Ws331A10V100R001C02B017Sp01
Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allow remote attackers to hijack the authentication of administrators for requests that (1) restore factory settings or (2) reboot the device via unspecified vectors.
network
low complexity
huawei CWE-352
6.1
2016-09-21 CVE-2016-5844 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file.
network
low complexity
libarchive redhat oracle CWE-190
6.5
2016-09-21 CVE-2016-4969 Cross-site Scripting vulnerability in Fortinet Fortiwan
Cross-site scripting (XSS) vulnerability in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the IP parameter to script/statistics/getconn.php.
network
low complexity
fortinet CWE-79
6.1
2016-09-21 CVE-2016-4968 Information Exposure vulnerability in Fortinet Fortiwan
The linkreport/tmp/admin_global page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to discover administrator cookies via a GET request.
network
low complexity
fortinet CWE-200
6.5
2016-09-21 CVE-2016-4967 Information Exposure vulnerability in Fortinet Fortiwan
Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to obtain sensitive information from (1) a backup of the device configuration via script/cfg_show.php or (2) PCAP files via script/system/tcpdump.php.
network
low complexity
fortinet CWE-200
6.5
2016-09-21 CVE-2016-4966 Improper Authentication vulnerability in Fortinet Fortiwan
The diagnosis_control.php page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to download PCAP files via vectors related to the UserName GET parameter.
network
low complexity
fortinet CWE-287
6.5
2016-09-21 CVE-2016-0925 Cross-site Scripting vulnerability in EMC RSA Adaptive Authentication On-Premise 7.2
Cross-site scripting (XSS) vulnerability in the Case Management application in EMC RSA Adaptive Authentication (On-Premise) before 6.0.2.1.SP3.P4 HF210, 7.0.x and 7.1.x before 7.1.0.0.SP0.P6 HF50, and 7.2.x before 7.2.0.0.SP0.P0 HF20 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
emc CWE-79
5.4
2016-09-21 CVE-2016-0921 Permissions, Privileges, and Access Controls vulnerability in EMC Avamar Server
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use weak permissions for unspecified directories, which allows local users to obtain root access by replacing a script with a Trojan horse program.
local
low complexity
emc CWE-264
6.5
2016-09-21 CVE-2016-0905 Permissions, Privileges, and Access Controls vulnerability in EMC Avamar Server
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root privileges by leveraging admin access and entering a sudo command.
local
low complexity
emc CWE-264
6.7
2016-09-20 CVE-2015-8934 Out-of-bounds Read vulnerability in multiple products
The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file.
local
low complexity
suse canonical libarchive CWE-125
5.5