Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-18 | CVE-2016-5188 | Improper Input Validation vulnerability in Google Chrome Multiple issues in Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux allow a remote attacker to spoof various parts of browser UI via crafted HTML pages. | 4.3 |
| 2016-12-18 | CVE-2016-5187 | Improper Input Validation vulnerability in Google Chrome Google Chrome prior to 54.0.2840.85 for Android incorrectly handled rapid transition into and out of full screen mode, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages. | 6.5 |
| 2016-12-18 | CVE-2016-5186 | Out-of-bounds Read vulnerability in Google Chrome Devtools in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled objects after a tab crash, which allowed a remote attacker to perform an out of bounds memory read via crafted PDF files. | 5.3 |
| 2016-12-18 | CVE-2016-5181 | Cross-site Scripting vulnerability in Google Chrome Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted execution of v8 microtasks while the DOM was in an inconsistent state, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages. | 6.1 |
| 2016-12-17 | CVE-2016-9998 | Cross-site Scripting vulnerability in Spip SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL. | 6.1 |
| 2016-12-17 | CVE-2016-9997 | Cross-site Scripting vulnerability in Spip SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/puce_statut.php involving the `$id` parameter, as demonstrated by a /ecrire/?exec=puce_statut URL. | 6.1 |
| 2016-12-17 | CVE-2016-9951 | Improper Access Control vulnerability in Apport Project Apport An issue was discovered in Apport before 2.20.4. | 6.5 |
| 2016-12-17 | CVE-2016-9159 | Information Exposure vulnerability in Siemens products A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. | 5.9 |
| 2016-12-16 | CVE-2016-8827 | Path Traversal vulnerability in Nvidia Geforce Experience NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack. | 6.5 |
| 2016-12-16 | CVE-2016-8826 | Resource Management Errors vulnerability in Nvidia GPU Driver All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys for Windows or nvidia.ko for Linux) where a user can cause a GPU interrupt storm, leading to a denial of service. | 5.5 |