|
267451
|
6.5 |
MEDIUM
Local
|
qemu
debian
|
qemu
debian_linux
|
Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a …
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2016-9914
|
2024-11-21 12:02 |
2016-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267452
|
6.5 |
MEDIUM
Local
|
qemu
|
qemu
|
Memory leak in the v9fs_device_unrealize_common function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and …
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2016-9913
|
2024-11-21 12:02 |
2016-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267453
|
5.5 |
MEDIUM
Local
|
qemu
|
qemu
|
Quick Emulator (Qemu) built with the 'chardev' backend support is vulnerable to a use after free issue. It could occur while hotplug and unplugging the device in the guest. A guest user/process could…
|
CWE-416
Use After Free
|
CVE-2016-9923
|
2024-11-21 12:02 |
2016-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267454
|
6.5 |
MEDIUM
Local
|
qemu
debian
redhat
|
qemu
debian_linux
openstack
virtualization
|
Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. …
|
CWE-369
Divide By Zero
|
CVE-2016-9921
|
2024-11-21 12:02 |
2016-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267455
|
6.1 |
MEDIUM
Network
|
spip
|
spip
|
SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL.
|
CWE-79
Cross-site Scripting
|
CVE-2016-9998
|
2024-11-21 12:02 |
2016-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267456
|
6.1 |
MEDIUM
Network
|
spip
|
spip
|
SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/puce_statut.php involving the `$id` parameter, as demonstrated by a /ecrire/?exec=puce_statut URL.
|
CWE-79
Cross-site Scripting
|
CVE-2016-9997
|
2024-11-21 12:02 |
2016-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267457
|
6.5 |
MEDIUM
Network
|
apport_project
|
apport
|
An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user click…
|
CWE-284
Improper Access Control
|
CVE-2016-9951
|
2024-11-21 12:02 |
2016-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267458
|
7.8 |
HIGH
Local
|
apport_project
canonical
|
apport
ubuntu_linux
|
An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package sp…
|
CWE-22
Path Traversal
|
CVE-2016-9950
|
2024-11-21 12:02 |
2016-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267459
|
7.8 |
HIGH
Local
|
apport_project
canonical
|
apport
ubuntu_linux
|
An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers t…
|
CWE-94
Code Injection
|
CVE-2016-9949
|
2024-11-21 12:02 |
2016-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267460
|
9.8 |
CRITICAL
Network
|
samsung
|
samsung_mobile
|
Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily re…
|
CWE-388
7PK - Errors
|
CVE-2016-9967
|
2024-11-21 12:02 |
2016-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
