CVE-2016-3492
- EPSS 1.06%
- Veröffentlicht 25.10.2016 14:29:10
- Zuletzt bearbeitet 12.04.2025 10:46:40
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
CVE-2016-7163
- EPSS 0.34%
- Veröffentlicht 21.09.2016 14:25:28
- Zuletzt bearbeitet 12.04.2025 10:46:40
Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.
CVE-2016-2775
- EPSS 33.5%
- Veröffentlicht 19.07.2016 22:59:00
- Zuletzt bearbeitet 12.04.2025 10:46:40
ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight reso...
CVE-2016-5387
- EPSS 77.27%
- Veröffentlicht 19.07.2016 02:00:19
- Zuletzt bearbeitet 12.04.2025 10:46:40
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an app...
CVE-2016-5126
- EPSS 0.26%
- Veröffentlicht 01.06.2016 22:59:08
- Zuletzt bearbeitet 12.04.2025 10:46:40
Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.
CVE-2016-4020
- EPSS 0.09%
- Veröffentlicht 25.05.2016 15:59:04
- Zuletzt bearbeitet 12.04.2025 10:46:40
The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).
CVE-2016-3627
- EPSS 0.16%
- Veröffentlicht 17.05.2016 14:08:02
- Zuletzt bearbeitet 04.12.2025 17:15:48
The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML doc...
CVE-2015-3152
- EPSS 51.67%
- Veröffentlicht 16.05.2016 10:59:01
- Zuletzt bearbeitet 12.04.2025 10:46:40
Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade at...
CVE-2016-3718
- EPSS 79.25%
- Veröffentlicht 05.05.2016 18:59:08
- Zuletzt bearbeitet 22.10.2025 00:15:52
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
CVE-2016-3715
- EPSS 79.8%
- Veröffentlicht 05.05.2016 18:59:04
- Zuletzt bearbeitet 22.10.2025 00:15:51
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.