Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-11-08 | CVE-2016-7857 | Use After Free vulnerability in multiple products Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. | 8.8 |
| 2016-11-08 | CVE-2016-7851 | Cross-site Scripting vulnerability in Adobe Connect Adobe Connect version 9.5.6 and earlier does not adequately validate input in the events registration module. | 6.1 |
| 2016-11-07 | CVE-2016-9242 | SQL Injection vulnerability in Exponentcms Exponent CMS 2.4.0 Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) content_type or (2) subtype parameter. | 8.8 |
| 2016-11-07 | CVE-2016-9111 | Improper Access Control vulnerability in Citrix Receiver Desktop 4.5 Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4.5 allow an attacker to bypass the authentication requirement by leveraging physical access to a VDI for temporary disconnection of a LAN cable. | 6.8 |
| 2016-11-04 | CVE-2016-8910 | Infinite Loop vulnerability in multiple products The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count. | 6.0 |
| 2016-11-04 | CVE-2016-8909 | Infinite Loop vulnerability in multiple products The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position. | 6.0 |
| 2016-11-04 | CVE-2016-8870 | Improper Input Validation vulnerability in Joomla Joomla! The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting. | 8.1 |
| 2016-11-04 | CVE-2016-8869 | Improper Input Validation vulnerability in Joomla Joomla! The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site. | 9.8 |
| 2016-11-04 | CVE-2016-8669 | Divide By Zero vulnerability in multiple products The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base. | 6.0 |
| 2016-11-04 | CVE-2016-8668 | Classic Buffer Overflow vulnerability in multiple products The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging failure to limit DMA buffer size. | 6.0 |