Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-08 | CVE-2016-9920 | Improper Access Control vulnerability in Roundcube Webmail steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote authenticated users to execute arbitrary code via a modified HTTP request that sends a crafted e-mail message. | 6.0 |
| 2016-12-08 | CVE-2016-8103 | Permissions, Privileges, and Access Controls vulnerability in Intel products SMM call out in all Intel Branded NUC Kits allows a local privileged user to access the System Management Mode and take full control of the platform. | 6.8 |
| 2016-12-08 | CVE-2016-9918 | Out-of-bounds Read vulnerability in Bluez Project Bluez 5.42 In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump" function in "monitor/packet.c" source file. | 5.0 |
| 2016-12-08 | CVE-2016-9917 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Bluez 5.42 In BlueZ 5.42, a buffer overflow was observed in "read_n" function in "tools/hcidump.c" source file. | 5.0 |
| 2016-12-08 | CVE-2016-9888 | NULL Pointer Dereference vulnerability in Gnome Libgsf An error within the "tar_directory_for_file()" function (gsf-infile-tar.c) in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file. | 4.3 |
| 2016-12-06 | CVE-2015-8870 | Improper Input Validation vulnerability in Libtiff Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file. | 5.8 |
| 2016-12-05 | CVE-2016-9152 | Cross-site Scripting vulnerability in Spip 3.1.3 Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in SPIP 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the rac parameter. | 4.3 |
| 2016-12-05 | CVE-2016-7171 | Improper Certificate Validation vulnerability in Netapp Plug-In NetApp Plug-in for Symantec NetBackup prior to version 2.0.1 makes use of a non-unique server certificate, making it vulnerable to impersonation. | 6.8 |
| 2016-12-03 | CVE-2016-9804 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Bluez 5.42 In BlueZ 5.42, a buffer overflow was observed in "commands_dump" function in "tools/parser/csr.c" source file. | 5.0 |
| 2016-12-03 | CVE-2016-9803 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Bluez 5.42 In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" function in "tools/parser/hci.c" source file. | 5.0 |