Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-04-19 CVE-2016-3186 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file.
network
low complexity
opensuse libtiff CWE-119
5.0
2016-04-19 CVE-2015-5479 Numeric Errors vulnerability in multiple products
The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions.
network
low complexity
ubuntu libav opensuse CWE-189
6.5
2016-04-18 CVE-2016-3972 Path Traversal vulnerability in Dotcms
Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a ..
network
low complexity
dotcms CWE-22
4.0
2016-04-18 CVE-2016-3941 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to "seek across EOF."
4.3
2016-04-18 CVE-2016-3950 Improper Input Validation vulnerability in Huawei Ar3200 Firmware V200R005C20/V200R005C30/V200R005C32
Huawei AR3200 routers with software before V200R006C10SPC300 allow remote authenticated users to cause a denial of service (restart) via crafted packets.
network
low complexity
huawei CWE-20
6.8
2016-04-18 CVE-2016-3071 Improper Input Validation vulnerability in multiple products
Libreswan 3.16 might allow remote attackers to cause a denial of service (daemon restart) via an IKEv2 aes_xcbc transform.
network
low complexity
libreswan fedoraproject CWE-20
5.0
2016-04-18 CVE-2016-1658 Improper Access Control vulnerability in multiple products
The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension.
network
low complexity
novell opensuse google debian CWE-284
4.3
2016-04-18 CVE-2016-1657 7PK - Security Features vulnerability in multiple products
The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which allows remote attackers to spoof the address bar via a crafted URL.
network
low complexity
debian novell opensuse google CWE-254
4.3
2016-04-18 CVE-2016-1654 Improper Input Validation vulnerability in multiple products
The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unknown vectors.
network
low complexity
debian suse opensuse google canonical CWE-20
6.5
2016-04-18 CVE-2016-1652 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."
network
low complexity
debian suse opensuse google CWE-79
6.1