CVE-2021-45105
- EPSS 65.66%
- Published 18.12.2021 12:15:07
- Last modified 21.11.2024 06:31:58
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service wh...
CVE-2016-2518
- EPSS 1.47%
- Published 30.01.2017 21:59:01
- Last modified 20.04.2025 01:37:25
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.
CVE-2016-5387
- EPSS 77.5%
- Published 19.07.2016 02:00:19
- Last modified 12.04.2025 10:46:40
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an app...
CVE-2016-5385
- EPSS 84.16%
- Published 19.07.2016 02:00:17
- Last modified 12.04.2025 10:46:40
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attacker...
- EPSS 85.45%
- Published 28.01.2015 19:59:00
- Last modified 12.04.2025 10:46:40
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 fu...
CVE-2014-2532
- EPSS 0.36%
- Published 18.03.2014 05:18:19
- Last modified 12.04.2025 10:46:40
sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.