Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-11-30 | CVE-2016-2932 | XML Injection (aka Blind XPath Injection) vulnerability in IBM Bigfix Remote Control 9.1.2 IBM BigFix Remote Control before 9.1.3 allows remote attackers to conduct XML injection attacks via unspecified vectors. | 5.0 |
| 2016-11-30 | CVE-2016-2931 | Information Exposure vulnerability in IBM Bigfix Remote Control 9.1.2 IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive cleartext information by sniffing the network. | 5.0 |
| 2016-11-29 | CVE-2016-9480 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libdwarf Project Libdwarf 20161021 libdwarf 2016-10-21 allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the "malformed dwarf file" approach, related to a "Heap Buffer Over-read" issue affecting the dwarf_util.c component, aka DW201611-006. | 6.4 |
| 2016-11-29 | CVE-2016-8224 | Cryptographic Issues vulnerability in Lenovo products A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Management Engine (ME) protections. | 4.6 |
| 2016-11-29 | CVE-2016-1251 | Use After Free vulnerability in Dbd-Mysql Project Dbd-Mysql There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1. | 6.8 |
| 2016-11-29 | CVE-2016-5765 | Information Exposure vulnerability in Microfocus products Administrative Server in Micro Focus Host Access Management and Security Server (MSS) and Reflection for the Web (RWeb) and Reflection Security Gateway (RSG) and Reflection ZFE (ZFE) allows remote unauthenticated attackers to read arbitrary files via a specially crafted URL that allows limited directory traversal. | 6.5 |
| 2016-11-29 | CVE-2016-5393 | Improper Access Control vulnerability in Apache Hadoop In Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3, a remote user who can authenticate with the HDFS NameNode can possibly run arbitrary commands with the same privileges as the HDFS service. | 6.5 |
| 2016-11-28 | CVE-2016-9191 | Improper Input Validation vulnerability in Linux Kernel The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by trinity. | 4.9 |
| 2016-11-28 | CVE-2016-9084 | Integer Overflow or Wraparound vulnerability in Linux Kernel drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which allows local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file. | 4.6 |
| 2016-11-28 | CVE-2016-8650 | Resource Management Errors vulnerability in Linux Kernel The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent. | 5.5 |