Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-12-28 CVE-2016-9756 Information Exposure vulnerability in Linux Kernel
arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
local
low complexity
linux CWE-200
5.5
2016-12-28 CVE-2016-9685 Resource Exhaustion vulnerability in Linux Kernel
Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel before 4.5.1 allow local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations.
local
low complexity
linux CWE-400
5.5
2016-12-28 CVE-2016-9588 7PK - Errors vulnerability in Linux Kernel
arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest.
local
low complexity
linux CWE-388
5.5
2016-12-28 CVE-2016-6213 Resource Exhaustion vulnerability in Linux Kernel
fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service (memory consumption and deadlock) via MS_BIND mount system calls, as demonstrated by a loop that triggers exponential growth in the number of mounts.
local
high complexity
linux CWE-400
4.7
2016-12-26 CVE-2016-9224 Improper Input Validation vulnerability in Cisco Jabber Guest
A vulnerability in the Cisco Jabber Guest Server could allow an unauthenticated, remote attacker to initiate connections to arbitrary hosts.
network
low complexity
cisco CWE-20
6.5
2016-12-25 CVE-2016-9681 Cross-site Scripting vulnerability in S9Y Serendipity
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity before 2.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a category or directory name.
network
low complexity
s9y CWE-79
5.4
2016-12-24 CVE-2016-10006 Cross-site Scripting vulnerability in Antisamy Project Antisamy
In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code.
network
low complexity
antisamy-project CWE-79
6.1
2016-12-23 CVE-2016-9923 Use After Free vulnerability in Qemu
Quick Emulator (Qemu) built with the 'chardev' backend support is vulnerable to a use after free issue.
local
low complexity
qemu CWE-416
5.5
2016-12-23 CVE-2016-9921 Divide By Zero vulnerability in multiple products
Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue.
local
low complexity
qemu debian redhat CWE-369
6.5
2016-12-23 CVE-2016-9912 Missing Release of Resource after Effective Lifetime vulnerability in Qemu
Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue.
local
low complexity
qemu CWE-772
6.5