CVE-2016-4020
- EPSS 0.37%
- Veröffentlicht 25.05.2016 15:59:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).
CVE-2016-3627
- EPSS 7.03%
- Veröffentlicht 17.05.2016 14:08:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML doc...
CVE-2015-3152
- EPSS 7.08%
- Veröffentlicht 16.05.2016 10:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade at...
CVE-2016-3718
- EPSS 76.9%
- Veröffentlicht 05.05.2016 18:59:08
- Zuletzt bearbeitet 22.04.2026 14:35:42
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
CVE-2016-3715
- EPSS 75.38%
- Veröffentlicht 05.05.2016 18:59:04
- Zuletzt bearbeitet 22.04.2026 14:35:10
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.
- EPSS 92.33%
- Veröffentlicht 21.04.2016 11:00:21
- Zuletzt bearbeitet 22.04.2026 13:41:41
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
CVE-2016-0651
- EPSS 1.23%
- Veröffentlicht 21.04.2016 10:59:19
- Zuletzt bearbeitet 06.05.2026 22:30:45
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer.
CVE-2016-0642
- EPSS 1.18%
- Veröffentlicht 21.04.2016 10:59:11
- Zuletzt bearbeitet 06.05.2026 22:30:45
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.
CVE-2016-2857
- EPSS 0.56%
- Veröffentlicht 12.04.2016 02:00:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.
CVE-2016-1646
- EPSS 48.11%
- Veröffentlicht 29.03.2016 10:59:00
- Zuletzt bearbeitet 21.04.2026 17:50:52
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or po...