Skip to main content
CVE-2016-2312 MEDIUM This Month

Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kscreenlocker Plasma Workspace Fedora Leap
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2016-7968 MEDIUM This Month

KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Kmail
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2016-9911 MEDIUM PATCH This Month

Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Information Disclosure Qemu Debian Linux Openstack Virtualization
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2016-9907 MEDIUM PATCH This Month

Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Information Disclosure Qemu Debian Linux Openstack Virtualization
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2016-9912 MEDIUM PATCH This Month

Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Information Disclosure Qemu
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2016-9921 MEDIUM PATCH This Month

Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Qemu Debian Linux Openstack Virtualization
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2016-9889 MEDIUM This Month

Some forms with the parameter geo_zoomlevel_to_found_location in Tiki Wiki CMS 12.x before 12.10 LTS, 15.x before 15.3 LTS, and 16.x before 16.1 don't have the input sanitized, related to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Tikiwiki Cms Groupware
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-7562 MEDIUM This Month

The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Ffmpeg
NVD
CVSS 3.0
5.5
EPSS
0.6%
CVE-2016-7905 MEDIUM This Month

The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Ffmpeg
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2016-6881 MEDIUM This Month

The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1.3 allows remote attackers to cause an infinite loop denial of service via a crafted SWF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ffmpeg
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2016-7555 MEDIUM This Month

The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted "strh" structure. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ffmpeg
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2016-7785 MEDIUM This Month

The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ffmpeg
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2016-8595 MEDIUM This Month

The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ffmpeg
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-9561 MEDIUM This Month

The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ffmpeg
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-7122 MEDIUM This Month

The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to infinite loop when it decodes an AVI file that has a crafted 'nctg' structure. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ffmpeg
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-9923 MEDIUM PATCH This Month

Quick Emulator (Qemu) built with the 'chardev' backend support is vulnerable to a use after free issue. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Memory Corruption Denial Of Service Use After Free Qemu
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2016-6910 MEDIUM This Month

The non-existent notification listener vulnerability was introduced in the initial Android 5.0.2 builds for the Samsung Galaxy S6 Edge devices, but the vulnerability can persist on the device even. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Samsung Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-7787 MEDIUM PATCH This Month

A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Kde Cli Tools Leap Opensuse
NVD
CVSS 3.0
4.9
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy