CVE-2016-5639
Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter.
Source: CVE-2016-5639
[월:] 2016년 08월
CVE-2016-4833 (nofollow_links)
CVE-2016-4833 (nofollow_links)
Cross-site scripting (XSS) vulnerability in the Nofollow Links plugin before 1.0.11 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Source: CVE-2016-4833 (nofollow_links)
CVE-2016-4833
CVE-2016-4833
Cross-site scripting (XSS) vulnerability in the Nofollow Links plugin before 1.0.11 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Source: CVE-2016-4833
CVE-2016-6259 (xen, xenserver)
CVE-2016-6259 (xen, xenserver)
Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check.
Source: CVE-2016-6259 (xen, xenserver)
CVE-2016-6259
CVE-2016-6259
Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check.
Source: CVE-2016-6259
CVE-2016-6258 (xen, xenserver)
CVE-2016-6258 (xen, xenserver)
The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.
Source: CVE-2016-6258 (xen, xenserver)
CVE-2016-6258
CVE-2016-6258
The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.
Source: CVE-2016-6258
CVE-2016-6232 (karchives, ubuntu_linux)
CVE-2016-6232 (karchives, ubuntu_linux)
Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads.
CVE-2016-6232
CVE-2016-6232
Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads.
Source: CVE-2016-6232
CVE-2016-6193 (p8_smartphone_firmware)
CVE-2016-6193 (p8_smartphone_firmware)
Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6192.