Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-01 | CVE-2016-10095 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libtiff 4.0.7 Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c in LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7 and 4.0.8 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file. | 5.5 |
| 2017-02-28 | CVE-2016-9261 | Cross-site Scripting vulnerability in Tenable LOG Correlation Engine 4.8.0 Cross-site scripting (XSS) vulnerability in Tenable Log Correlation Engine (aka LCE) before 4.8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2017-02-28 | CVE-2016-9259 | Cross-site Scripting vulnerability in Tenable Nessus Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2017-02-27 | CVE-2016-9818 | Improper Access Control vulnerability in XEN 4.7.0/4.7.1 Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at HYP. | 6.5 |
| 2017-02-27 | CVE-2016-9817 | Improper Access Control vulnerability in XEN 4.7.0/4.7.1 Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving a (1) data or (2) prefetch abort with the ESR_EL2.EA bit set. | 6.5 |
| 2017-02-27 | CVE-2016-9816 | Improper Access Control vulnerability in XEN 4.7.0/4.7.1 Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at EL2. | 6.5 |
| 2017-02-27 | CVE-2016-9815 | Improper Access Control vulnerability in XEN 4.7.0/4.7.1 Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host panic) by sending an asynchronous abort. | 6.5 |
| 2017-02-27 | CVE-2016-5240 | Improper Input Validation vulnerability in Graphicsmagick The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file. | 5.5 |
| 2017-02-27 | CVE-2016-10029 | Out-of-bounds Read vulnerability in Qemu The virtio_gpu_set_scanout function in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a scanout id in a VIRTIO_GPU_CMD_SET_SCANOUT command larger than num_scanouts. | 5.5 |
| 2017-02-27 | CVE-2016-10028 | Out-of-bounds Read vulnerability in Qemu The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a VIRTIO_GPU_CMD_GET_CAPSET command with a maximum capabilities size with a value of 0. | 5.5 |