Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-08-03 | CVE-2016-5666 | Multiple Security vulnerability in Crestron Dm-Txrx-100-Str Firmware 1.2866.00026 Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 rely on the client to perform authentication, which allows remote attackers to obtain access by setting the value of objresp.authenabled to 1. | 5.0 |
| 2016-08-03 | CVE-2016-5639 | Path Traversal vulnerability in Crestron Airmedia Am-100 Firmware Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2016-08-03 | CVE-2016-4833 | Cross-site Scripting vulnerability in Nofollow Links Project Nofollow Links Cross-site scripting (XSS) vulnerability in the Nofollow Links plugin before 1.0.11 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2016-08-02 | CVE-2016-6259 | Improper Input Validation vulnerability in multiple products Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check. | 4.9 |
| 2016-08-02 | CVE-2016-6232 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads. | 5.0 |
| 2016-08-02 | CVE-2016-5403 | Resource Exhaustion vulnerability in multiple products The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion. | 4.9 |
| 2016-08-01 | CVE-2016-5672 | Improper Input Validation vulnerability in Intel Crosswalk 19.49.514.4 Intel Crosswalk before 19.49.514.5, 20.x before 20.50.533.11, 21.x before 21.51.546.0, and 22.x before 22.51.549.0 interprets a user's acceptance of one invalid X.509 certificate to mean that all invalid X.509 certificates should be accepted without prompting, which makes it easier for man-in-the-middle attackers to spoof SSL servers and obtain sensitive information via a crafted certificate. | 5.8 |
| 2016-08-01 | CVE-2016-4834 | Permissions, Privileges, and Access Controls vulnerability in Vtiger CRM modules/Users/actions/Save.php in Vtiger CRM 6.4.0 and earlier does not properly restrict user-save actions, which allows remote authenticated users to create or modify user accounts via unspecified vectors. | 5.5 |
| 2016-08-01 | CVE-2016-3120 | NULL Pointer Dereference vulnerability in MIT Kerberos 5 The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request. | 6.5 |
| 2016-08-01 | CVE-2016-1609 | Cross-site Scripting vulnerability in Novell Filr 1.2/2.0 Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allow remote authenticated users to inject arbitrary web script or HTML via crafted input, as demonstrated by a crafted attribute of an IMG element in the phone field of a user profile. | 5.4 |