Weekly Vulnerabilities Reports > December 26, 2016 to January 1, 2017

Overview

77 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 20 high severity vulnerabilities. This weekly summary report vulnerabilities in 36 products from 20 vendors including Vmware, Qemu, Linux, Debian, and Microsoft. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "NULL Pointer Dereference", and "Information Exposure".

  • 32 reported vulnerabilities are remotely exploitables.
  • 22 reported vulnerabilities have public exploit available.
  • 22 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 66 reported vulnerabilities are exploitable by an anonymous user.
  • Vmware has the most reported vulnerabilities, with 20 reported vulnerabilities.
  • Shutter Project has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

4 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-12-29 CVE-2016-7456 Vmware Credentials Management vulnerability in VMWare Vsphere Data Protection

VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session.

10.0
2016-12-26 CVE-2016-9223 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Cloudcenter Orchestrator

A vulnerability in the Docker Engine configuration of Cisco CloudCenter Orchestrator (CCO; formerly CliQr) could allow an unauthenticated, remote attacker to install Docker containers with high privileges on the affected system.

10.0
2016-12-29 CVE-2016-10081 Shutter Project Data Processing Errors vulnerability in Shutter-Project Shutter 0.93/0.93.1

/usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Run a plugin" action.

9.3
2016-12-29 CVE-2015-0854 Shutter Project Data Processing Errors vulnerability in Shutter-Project Shutter 0.93/0.93.1

App/HelperFunctions.pm in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Show in Folder" action.

9.3

20 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-12-29 CVE-2016-7457 Vmware Permissions, Privileges, and Access Controls vulnerability in VMWare Vrealize Operations

VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove virtual machines, via unspecified vectors.

8.0
2017-01-01 CVE-2016-10096 Genixcms SQL Injection vulnerability in Genixcms

SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the activation parameter.

7.5
2016-12-31 CVE-2016-9942 Libvncserver Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libvncserver Project Libvncserver 0.9.10

Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions.

7.5
2016-12-31 CVE-2016-9941 Libvncserver Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libvncserver Project Libvncserver

Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area.

7.5
2016-12-30 CVE-2016-10074 Swiftmailer Command Injection vulnerability in Swiftmailer

The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address in the (1) From, (2) ReturnPath, or (3) Sender header.

7.5
2016-12-30 CVE-2016-10045 Phpmailer Project Command Injection vulnerability in PHPmailer Project PHPmailer

The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP.

7.5
2016-12-30 CVE-2016-10034 Zend Command Injection vulnerability in Zend Zend-Mail and Zend Framework

The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address.

7.5
2016-12-30 CVE-2016-10033 Phpmailer Project Command Injection vulnerability in PHPmailer Project PHPmailer

The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.

7.5
2016-12-30 CVE-2016-10082 S9Y Improper Access Control vulnerability in S9Y Serendipity

include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() call in the bundled-libs/serendipity_generateFTPChecksums.php file.

7.5
2016-12-29 CVE-2016-9877 Pivotal Software Improper Access Control vulnerability in Pivotal Software Rabbitmq

An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7.

7.5
2016-12-29 CVE-2016-7462 Vmware Exposed Dangerous Method OR Function vulnerability in VMWare Vrealize Operations

The Suite REST API in VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a relay-request payload that is mishandled during deserialization.

7.5
2016-12-29 CVE-2016-7461 Vmware
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in VMWare products

The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors.

7.2
2016-12-29 CVE-2016-7086 Vmware
Microsoft
Permissions, Privileges, and Access Controls vulnerability in VMWare Workstation Player and Workstation PRO

The installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse setup64.exe file in the installation directory.

7.2
2016-12-29 CVE-2016-7085 Vmware
Microsoft
Untrusted Search Path vulnerability in VMWare Workstation Player and Workstation PRO

Untrusted search path vulnerability in the installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.

7.2
2016-12-29 CVE-2016-2246 HP Permissions, Privileges, and Access Controls vulnerability in HP Thinpro

HP ThinPro 4.4 through 6.1 mishandles the keyboard layout control panel and virtual keyboard application, which allows local users to bypass intended access restrictions and gain privileges via unspecified vectors.

7.2
2016-12-28 CVE-2016-9806 Linux Race Condition vulnerability in Linux Kernel

Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated.

7.2
2016-12-28 CVE-2016-9794 Linux USE After Free vulnerability in Linux Kernel

Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command.

7.2
2016-12-28 CVE-2016-9793 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option.

7.2
2016-12-28 CVE-2016-9576 Linux USE After Free vulnerability in Linux Kernel

The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device.

7.2
2016-12-28 CVE-2012-6704 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option.

7.2

33 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-12-30 CVE-2016-10088 Linux USE After Free vulnerability in Linux Kernel

The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c.

6.9
2016-12-29 CVE-2016-7084 Vmware
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in VMWare Workstation Player and Workstation PRO

tpview.dll in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via a JPEG 2000 image.

6.9
2016-12-29 CVE-2016-7081 Vmware
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in VMWare Workstation Player and Workstation PRO

Multiple heap-based buffer overflows in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS via unspecified vectors.

6.9
2016-12-28 CVE-2016-9777 Linux Out-Of-Bounds Read vulnerability in Linux Kernel

KVM in the Linux kernel before 4.8.12, when I/O APIC is enabled, does not properly restrict the VCPU index, which allows guest OS users to gain host OS privileges or cause a denial of service (out-of-bounds array access and host OS crash) via a crafted interrupt request, related to arch/x86/kvm/ioapic.c and arch/x86/kvm/ioapic.h.

6.9
2016-12-28 CVE-2016-6787 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 31095224.

6.9
2016-12-28 CVE-2016-6786 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 30955111.

6.9
2016-12-27 CVE-2016-10072 Wampserver Permissions, Privileges, and Access Controls vulnerability in Wampserver 3.0.6

** DISPUTED ** WampServer 3.0.6 has two files called 'wampmanager.exe' and 'unins000.exe' with a weak ACL for Modify.

6.9
2016-12-27 CVE-2016-10031 Wampserver Permissions, Privileges, and Access Controls vulnerability in Wampserver 3.0.6

** DISPUTED ** WampServer 3.0.6 installs two services called 'wampapache' and 'wampmysqld' with weak file permissions, running with SYSTEM privileges.

6.9
2016-12-30 CVE-2016-10085 Piwigo Improper Access Control vulnerability in Piwigo

admin/languages.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the tab parameter.

6.5
2016-12-30 CVE-2016-10084 Piwigo Improper Access Control vulnerability in Piwigo

admin/batch_manager.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the $page['tab'] variable (aka the mode parameter).

6.5
2016-12-26 CVE-2016-9217 Cisco Improper Authorization vulnerability in Cisco Intercloud Fabric 2.2.1Base/2.3.1Base/3.1.1Base

A vulnerability in Cisco Intercloud Fabric for Business and Cisco Intercloud Fabric for Providers could allow an unauthenticated, remote attacker to connect to the database used by these products.

6.5
2016-12-29 CVE-2016-7460 Vmware XXE vulnerability in VMWare Vrealize Automation

The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x before 6.2.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

6.4
2016-12-26 CVE-2016-9224 Cisco Improper Input Validation vulnerability in Cisco Jabber Guest

A vulnerability in the Cisco Jabber Guest Server could allow an unauthenticated, remote attacker to initiate connections to arbitrary hosts.

6.4
2016-12-29 CVE-2016-7083 Vmware
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in VMWare Workstation Player and Workstation PRO

VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via TrueType fonts embedded in EMFSPOOL.

5.9
2016-12-29 CVE-2016-7082 Vmware
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in VMWare Workstation Player and Workstation PRO

VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via an EMF file.

5.9
2016-12-29 CVE-2016-9878 Pivotal Software Path Traversal vulnerability in Pivotal Software Spring Framework

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5.

5.0
2016-12-29 CVE-2016-7458 Vmware XXE vulnerability in VMWare Vsphere Client 5.5/6.0

VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

5.0
2016-12-29 CVE-2016-7087 Vmware
Microsoft
Path Traversal vulnerability in VMWare Horizon View

Directory traversal vulnerability in the Connection Server in VMware Horizon View 5.x before 5.3.7, 6.x before 6.2.3, and 7.x before 7.0.1 allows remote attackers to obtain sensitive information via unspecified vectors.

5.0
2016-12-29 CVE-2016-5334 Vmware Improper Access Control vulnerability in VMWare Identity Manger and Vrealize Automation

VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors.

5.0
2016-12-29 CVE-2016-9916 Qemu
Debian
Memory Leak vulnerability in multiple products

Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the proxy backend.

4.9
2016-12-29 CVE-2016-9915 Qemu
Debian
Memory Leak vulnerability in multiple products

Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the handle backend.

4.9
2016-12-29 CVE-2016-9914 Qemu
Debian
Memory Leak vulnerability in multiple products

Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in FileOperations.

4.9
2016-12-29 CVE-2016-9913 Qemu Memory Leak vulnerability in Qemu

Memory leak in the v9fs_device_unrealize_common function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) via vectors involving the order of resource cleanup.

4.9
2016-12-29 CVE-2016-9846 Qemu Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qemu

QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue.

4.9
2016-12-28 CVE-2016-9685 Linux Resource Exhaustion vulnerability in Linux Kernel

Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel before 4.5.1 allow local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations.

4.9
2016-12-28 CVE-2016-6213 Linux Resource Exhaustion vulnerability in Linux Kernel

fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service (memory consumption and deadlock) via MS_BIND mount system calls, as demonstrated by a loop that triggers exponential growth in the number of mounts.

4.7
2016-12-29 CVE-2016-7080 Vmware
Apple
Null Pointer Dereference vulnerability in VMWare Tools

The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2016-7079.

4.6
2016-12-29 CVE-2016-7079 Vmware
Apple
Null Pointer Dereference vulnerability in VMWare Tools

The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2016-7080.

4.6
2016-12-28 CVE-2016-9755 Linux Out-Of-Bounds Write vulnerability in Linux Kernel

The netfilter subsystem in the Linux kernel before 4.9 mishandles IPv6 reassembly, which allows local users to cause a denial of service (integer overflow, out-of-bounds write, and GPF) or possibly have unspecified other impact via a crafted application that makes socket, connect, and writev system calls, related to net/ipv6/netfilter/nf_conntrack_reasm.c and net/ipv6/netfilter/nf_defrag_ipv6_hooks.c.

4.6
2016-12-31 CVE-2016-6856 SAP Cross-Site Scripting vulnerability in SAP Hybris

Cross-site scripting (XSS) vulnerability in the Inbox Search feature in Hybris Management Console (HMC) in SAP Hybris before 6.0 allows remote attackers to inject arbitrary web script or HTML via the itemsperpage parameter.

4.3
2016-12-30 CVE-2016-10083 Piwigo Cross-Site Scripting vulnerability in Piwigo

Cross-site scripting (XSS) vulnerability in admin/plugin.php in Piwigo through 2.8.3 allows remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in a certain error case.

4.3
2016-12-31 CVE-2016-6859 SAP Information Exposure vulnerability in SAP Hybris

Hybris Management Console (HMC) in SAP Hybris before 6.0 allows remote attackers to obtain sensitive information by triggering an error and then reading a Java stack trace.

4.0
2016-12-29 CVE-2016-7459 Vmware XXE vulnerability in VMWare Vcenter Server 5.0/5.5/6.0

VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

4.0

20 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-12-29 CVE-2015-8743 Qemu
Debian
Out-Of-Bounds Read vulnerability in multiple products

QEMU (aka Quick Emulator) built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue.

3.6
2016-12-31 CVE-2016-6858 SAP Cross-Site Scripting vulnerability in SAP Hybris

Cross-site scripting (XSS) vulnerability in the Create Employee feature in Hybris Management Console (HMC) in SAP Hybris before 5.0.4.11, 5.1.0.x before 5.1.0.11, 5.1.1.x before 5.1.1.12, 5.2.0.x and 5.3.0.x before 5.3.0.10, 5.4.x before 5.4.0.9, 5.5.0.x before 5.5.0.9, 5.5.1.x before 5.5.1.10, 5.6.x before 5.6.0.8, and 5.7.x before 5.7.0.9 allows remote authenticated users to inject arbitrary web script or HTML via the Name field.

3.5
2016-12-31 CVE-2016-6857 SAP Cross-Site Scripting vulnerability in SAP Hybris

Cross-site scripting (XSS) vulnerability in the Create Catalogue feature in Hybris Management Console (HMC) in SAP Hybris before 5.2.0.13, 5.3.x before 5.3.0.11, 5.4.x before 5.4.0.11, 5.5.0.x before 5.5.0.10, 5.5.1.x before 5.5.1.11, 5.6.x before 5.6.0.11, and 5.7.x before 5.7.0.15 allows remote authenticated users to inject arbitrary web script or HTML via the ID field.

3.5
2016-12-29 CVE-2016-9891 Dotclear Cross-Site Scripting vulnerability in Dotclear

Cross-site scripting (XSS) vulnerability in admin/media.php and admin/media_item.php in Dotclear before 2.11 allows remote authenticated users to inject arbitrary web script or HTML via the upfiletitle or media_title parameter (aka the media title).

3.5
2016-12-29 CVE-2016-7463 Vmware Cross-Site Scripting vulnerability in VMWare Esxi 5.5/6.0

Cross-site scripting (XSS) vulnerability in the Host Client in VMware vSphere Hypervisor (aka ESXi) 5.5 and 6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted VM.

3.5
2016-12-29 CVE-2016-9845 Qemu Information Exposure vulnerability in Qemu

QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue.

2.1
2016-12-29 CVE-2016-9776 Qemu
Debian
Infinite Loop vulnerability in multiple products

QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issue.

2.1
2016-12-29 CVE-2016-2198 Qemu
Debian
Null Pointer Dereference vulnerability in multiple products

QEMU (aka Quick Emulator) built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw.

2.1
2016-12-29 CVE-2016-2197 Qemu Null Pointer Dereference vulnerability in Qemu

QEMU (aka Quick Emulator) built with an IDE AHCI emulation support is vulnerable to a null pointer dereference flaw.

2.1
2016-12-29 CVE-2016-1981 Qemu
Debian
Infinite Loop vulnerability in multiple products

QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue.

2.1
2016-12-29 CVE-2016-1922 Qemu
Debian
Null Pointer Dereference vulnerability in multiple products

QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit Windows guests support is vulnerable to a null pointer dereference flaw.

2.1
2016-12-29 CVE-2015-8818 Qemu Unspecified vulnerability in Qemu

The cpu_physical_memory_write_rom_internal function in exec.c in QEMU (aka Quick Emulator) does not properly skip MMIO regions, which allows local privileged guest users to cause a denial of service (guest crash) via unspecified vectors.

2.1
2016-12-29 CVE-2015-8817 Qemu Out-Of-Bounds Read vulnerability in Qemu

QEMU (aka Quick Emulator) built to use 'address_space_translate' to map an address to a MemoryRegionSection is vulnerable to an OOB r/w access issue.

2.1
2016-12-29 CVE-2015-8745 Qemu
Debian
Reachable Assertion vulnerability in multiple products

QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue.

2.1
2016-12-29 CVE-2015-8744 Qemu
Debian
Improper Input Validation vulnerability in multiple products

QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue.

2.1
2016-12-29 CVE-2015-8701 Qemu Off-By-One Error vulnerability in Qemu

QEMU (aka Quick Emulator) built with the Rocker switch emulation support is vulnerable to an off-by-one error.

2.1
2016-12-29 CVE-2016-5329 Vmware
Apple
Information Exposure vulnerability in VMWare Fusion

VMware Fusion 8.x before 8.5 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecified vectors.

2.1
2016-12-29 CVE-2016-5328 Vmware
Apple
Information Exposure vulnerability in VMWare Tools

VMware Tools 9.x and 10.x before 10.1.0 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecified vectors.

2.1
2016-12-28 CVE-2016-9756 Linux Information Exposure vulnerability in Linux Kernel

arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.

2.1
2016-12-28 CVE-2016-9588 Linux 7PK - Errors vulnerability in Linux Kernel

arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest.

2.1