Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2016-11-08 CVE-2016-7862 Use After Free vulnerability in multiple products
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability.
network
low complexity
adobe redhat CWE-416
8.8
8.8
2016-11-08 CVE-2016-7861 Incorrect Type Conversion or Cast vulnerability in multiple products
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability.
network
low complexity
adobe redhat CWE-704
8.8
8.8
2016-11-08 CVE-2016-7860 Incorrect Type Conversion or Cast vulnerability in multiple products
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability.
network
low complexity
adobe redhat CWE-704
8.8
8.8
2016-11-08 CVE-2016-7859 Use After Free vulnerability in multiple products
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability.
network
low complexity
adobe redhat CWE-416
8.8
8.8
2016-11-08 CVE-2016-7858 Use After Free vulnerability in multiple products
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability.
network
low complexity
adobe redhat CWE-416
8.8
8.8
2016-11-08 CVE-2016-7857 Use After Free vulnerability in multiple products
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability.
network
low complexity
adobe redhat CWE-416
8.8
8.8
2016-11-08 CVE-2016-7851 Cross-site Scripting vulnerability in Adobe Connect
Adobe Connect version 9.5.6 and earlier does not adequately validate input in the events registration module.
network
low complexity
adobe CWE-79
6.1
6.1
2016-11-07 CVE-2016-9242 SQL Injection vulnerability in Exponentcms Exponent CMS 2.4.0
Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) content_type or (2) subtype parameter.
network
low complexity
exponentcms CWE-89
8.8
8.8
2016-11-07 CVE-2016-9111 Improper Access Control vulnerability in Citrix Receiver Desktop 4.5
Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4.5 allow an attacker to bypass the authentication requirement by leveraging physical access to a VDI for temporary disconnection of a LAN cable.
low complexity
citrix CWE-284
6.8
6.8
2016-11-04 CVE-2016-8910 Infinite Loop vulnerability in multiple products
The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count.
local
low complexity
qemu debian opensuse redhat CWE-835
6.0
6.0