Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-23 | CVE-2016-9907 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. | 6.5 |
| 2016-12-16 | CVE-2016-9964 | CRLF Injection vulnerability in multiple products redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call. | 6.5 |
| 2016-12-13 | CVE-2016-6313 | Information Exposure vulnerability in multiple products The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits. | 5.3 |
| 2016-12-13 | CVE-2016-7440 | The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences. | 5.5 |
| 2016-12-10 | CVE-2016-7421 | Excessive Iteration vulnerability in multiple products The pvscsi_ring_pop_req_descr function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit process IO loop to the ring size. | 4.4 |
| 2016-12-10 | CVE-2016-7170 | Improper Validation of Array Index vulnerability in multiple products The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[] array sizes when processing a DEFINE_CURSOR svga command. | 4.4 |
| 2016-12-10 | CVE-2016-7156 | Incorrect Type Conversion or Cast vulnerability in multiple products The pvscsi_convert_sglist function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging an incorrect cast. | 4.4 |
| 2016-12-10 | CVE-2016-7155 | hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds access or infinite loop, and QEMU process crash) via a crafted page count for descriptor rings. | 4.4 |
| 2016-12-10 | CVE-2016-7116 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to access host files outside the export path via a .. | 6.0 |
| 2016-12-10 | CVE-2016-6888 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the maximum fragmentation count, which triggers an unchecked multiplication and NULL pointer dereference. | 4.4 |