Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-08-05 | CVE-2016-2835 | Multiple Security vulnerability in Mozilla Firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. network mozilla | 6.8 |
| 2016-08-05 | CVE-2016-2830 | Information Exposure vulnerability in Mozilla Firefox Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple IP addresses. | 4.3 |
| 2016-08-03 | CVE-2016-5671 | Cross-Site Request Forgery (CSRF) vulnerability in Crestron Dm-Txrx-100-Str Firmware Multiple cross-site request forgery (CSRF) vulnerabilities on Crestron Electronics DM-TXRX-100-STR devices with firmware through 1.3039.00040 allow remote attackers to hijack the authentication of arbitrary users. | 6.8 |
| 2016-08-03 | CVE-2016-5669 | Multiple Security vulnerability in Crestron Dm-Txrx-100-Str Firmware 1.2866.00026 Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 use a hardcoded 0xb9eed4d955a59eb3 X.509 certificate from an OpenSSL Test Certification Authority, which makes it easier for remote attackers to conduct man-in-the-middle attacks against HTTPS sessions by leveraging the certificate's trust relationship. | 5.0 |
| 2016-08-03 | CVE-2016-5666 | Multiple Security vulnerability in Crestron Dm-Txrx-100-Str Firmware 1.2866.00026 Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 rely on the client to perform authentication, which allows remote attackers to obtain access by setting the value of objresp.authenabled to 1. | 5.0 |
| 2016-08-03 | CVE-2016-5639 | Path Traversal vulnerability in Crestron Airmedia Am-100 Firmware Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2016-08-03 | CVE-2016-4833 | Cross-site Scripting vulnerability in Nofollow Links Project Nofollow Links Cross-site scripting (XSS) vulnerability in the Nofollow Links plugin before 1.0.11 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2016-08-02 | CVE-2016-6259 | Improper Input Validation vulnerability in multiple products Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check. | 4.9 |
| 2016-08-02 | CVE-2016-6232 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads. | 5.0 |
| 2016-08-02 | CVE-2016-5403 | Resource Exhaustion vulnerability in multiple products The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion. | 4.9 |