Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-29 | CVE-2016-1981 | Infinite Loop vulnerability in multiple products QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. | 5.5 |
| 2016-12-29 | CVE-2016-1922 | NULL Pointer Dereference vulnerability in multiple products QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit Windows guests support is vulnerable to a null pointer dereference flaw. | 5.5 |
| 2016-12-29 | CVE-2015-8818 | Unspecified vulnerability in Qemu The cpu_physical_memory_write_rom_internal function in exec.c in QEMU (aka Quick Emulator) does not properly skip MMIO regions, which allows local privileged guest users to cause a denial of service (guest crash) via unspecified vectors. | 5.5 |
| 2016-12-29 | CVE-2015-8817 | Out-of-bounds Write vulnerability in Qemu QEMU (aka Quick Emulator) built to use 'address_space_translate' to map an address to a MemoryRegionSection is vulnerable to an OOB r/w access issue. | 5.5 |
| 2016-12-29 | CVE-2015-8745 | Reachable Assertion vulnerability in multiple products QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. | 5.5 |
| 2016-12-29 | CVE-2015-8744 | Improper Input Validation vulnerability in multiple products QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. | 5.5 |
| 2016-12-29 | CVE-2015-8701 | Off-by-one Error vulnerability in Qemu QEMU (aka Quick Emulator) built with the Rocker switch emulation support is vulnerable to an off-by-one error. | 6.5 |
| 2016-12-29 | CVE-2016-9891 | Cross-site Scripting vulnerability in Dotclear Cross-site scripting (XSS) vulnerability in admin/media.php and admin/media_item.php in Dotclear before 2.11 allows remote authenticated users to inject arbitrary web script or HTML via the upfiletitle or media_title parameter (aka the media title). | 5.4 |
| 2016-12-29 | CVE-2016-7463 | Cross-site Scripting vulnerability in VMWare Esxi 5.5/6.0 Cross-site scripting (XSS) vulnerability in the Host Client in VMware vSphere Hypervisor (aka ESXi) 5.5 and 6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted VM. | 5.4 |
| 2016-12-29 | CVE-2016-7458 | XXE vulnerability in VMWare Vsphere Client 5.5/6.0 VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 5.8 |