Vulnerabilities > Debian > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-29 | CVE-2016-1981 | Infinite Loop vulnerability in multiple products QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. | 5.5 |
| 2016-12-29 | CVE-2016-1922 | NULL Pointer Dereference vulnerability in multiple products QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit Windows guests support is vulnerable to a null pointer dereference flaw. | 5.5 |
| 2016-12-29 | CVE-2015-8745 | Reachable Assertion vulnerability in multiple products QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. | 5.5 |
| 2016-12-29 | CVE-2015-8744 | Improper Input Validation vulnerability in multiple products QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. | 5.5 |
| 2016-12-23 | CVE-2016-9921 | Divide By Zero vulnerability in multiple products Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. | 6.5 |
| 2016-12-23 | CVE-2016-9911 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. | 6.5 |
| 2016-12-23 | CVE-2016-9907 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. | 6.5 |
| 2016-12-16 | CVE-2016-9964 | CRLF Injection vulnerability in multiple products redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call. | 6.5 |
| 2016-12-13 | CVE-2016-6313 | Information Exposure vulnerability in multiple products The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits. | 5.3 |
| 2016-12-13 | CVE-2016-7440 | The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences. | 5.5 |