Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-09 | CVE-2016-9101 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device. | 6.0 |
| 2016-12-09 | CVE-2016-6523 | Cross-site Scripting vulnerability in Dotclear Multiple cross-site scripting (XSS) vulnerabilities in the media manager in Dotclear before 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) q or (2) link_type parameter to admin/media.php. | 6.1 |
| 2016-12-09 | CVE-2015-8786 | Resource Management Errors vulnerability in multiple products The Management plugin in RabbitMQ before 3.6.1 allows remote authenticated users with certain privileges to cause a denial of service (resource consumption) via the (1) lengths_age or (2) lengths_incr parameter. | 6.5 |
| 2016-12-08 | CVE-2016-8104 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel Proset/Wireless Software and Drivers 19.20.0 Buffer overflow in Intel PROSet/Wireless Software and Drivers in versions before 19.20.3 allows a local user to crash iframewrk.exe causing a potential denial of service. | 5.5 |
| 2016-12-08 | CVE-2016-8103 | Permissions, Privileges, and Access Controls vulnerability in Intel products SMM call out in all Intel Branded NUC Kits allows a local privileged user to access the System Management Mode and take full control of the platform. | 6.7 |
| 2016-12-08 | CVE-2016-9888 | NULL Pointer Dereference vulnerability in Gnome Libgsf An error within the "tar_directory_for_file()" function (gsf-infile-tar.c) in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file. | 5.5 |
| 2016-12-06 | CVE-2016-5341 | Improper Access Control vulnerability in Google Android The GPS component in Android before 2016-12-05 allows man-in-the-middle attackers to cause a denial of service (GPS signal-acquisition delay) via an incorrect xtra.bin or xtra2.bin file on a spoofed Qualcomm gpsonextra.net or izatcloud.net host, aka internal bug 31470303 and external bug 211602 (and AndroidID-7225554). | 5.9 |
| 2016-12-05 | CVE-2016-9152 | Cross-site Scripting vulnerability in Spip 3.1.3 Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in SPIP 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the rac parameter. | 6.1 |
| 2016-12-05 | CVE-2016-7171 | Improper Certificate Validation vulnerability in Netapp Plug-In 2.0 NetApp Plug-in for Symantec NetBackup prior to version 2.0.1 makes use of a non-unique server certificate, making it vulnerable to impersonation. | 5.6 |
| 2016-12-03 | CVE-2016-9804 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Bluez 5.42 In BlueZ 5.42, a buffer overflow was observed in "commands_dump" function in "tools/parser/csr.c" source file. | 5.3 |