Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-09-21 | CVE-2016-3632 | Out-of-bounds Write vulnerability in multiple products The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image. | 6.8 |
| 2016-09-21 | CVE-2016-7166 | Resource Management Errors vulnerability in multiple products libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file. | 4.3 |
| 2016-09-21 | CVE-2016-7143 | Improper Authorization vulnerability in multiple products The m_authenticate function in modules/m_sasl.c in Charybdis before 3.5.3 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter. | 6.8 |
| 2016-09-21 | CVE-2016-7092 | Permissions, Privileges, and Access Controls vulnerability in XEN The get_page_from_l3e function in arch/x86/mm.c in Xen allows local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables. | 6.8 |
| 2016-09-21 | CVE-2016-6801 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery (CSRF) vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the authentication of unspecified victims for requests that create a resource via an HTTP POST request with a (1) missing or (2) crafted Content-Type header. | 6.8 |
| 2016-09-21 | CVE-2016-6159 | Improper Authentication vulnerability in Huawei Ws331A Router Firmware The management interface of Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allows remote attackers to bypass authentication and obtain administrative access by sending "special packages" to the LAN interface. | 6.8 |
| 2016-09-21 | CVE-2016-5844 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file. | 4.3 |
| 2016-09-21 | CVE-2016-5427 | Resource Management Errors vulnerability in Powerdns Authoritative PowerDNS (aka pdns) Authoritative Server before 3.4.10 does not properly handle a . | 5.0 |
| 2016-09-21 | CVE-2016-5426 | Resource Management Errors vulnerability in Powerdns Authoritative PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service (backend CPU consumption) via a long qname. | 5.0 |
| 2016-09-21 | CVE-2016-5418 | Improper Input Validation vulnerability in multiple products The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file. | 5.0 |