CVE-2016-0505
- EPSS 0.92%
- Published 21.01.2016 03:00:53
- Last modified 12.04.2025 10:46:40
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors relat...
CVE-2016-0495
- EPSS 1%
- Published 21.01.2016 03:00:43
- Last modified 12.04.2025 10:46:40
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.36 and 5.0.14 allows remote attackers to affect availability via unknown vectors related to Core.
CVE-2015-6831
- EPSS 1.16%
- Published 19.01.2016 05:59:02
- Last modified 12.04.2025 10:46:40
Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedLis...
CVE-2015-8605
- EPSS 49.97%
- Published 14.01.2016 22:59:00
- Last modified 12.04.2025 10:46:40
ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.
CVE-2015-8607
- EPSS 5.66%
- Published 13.01.2016 15:59:01
- Last modified 12.04.2025 10:46:40
The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted st...
CVE-2016-1232
- EPSS 0.71%
- Published 12.01.2016 20:59:10
- Last modified 12.04.2025 10:46:40
The mod_dialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack.
CVE-2016-1231
- EPSS 0.74%
- Published 12.01.2016 20:59:09
- Last modified 12.04.2025 10:46:40
Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) in an unspecified path.
CVE-2015-1779
- EPSS 5.08%
- Published 12.01.2016 19:59:00
- Last modified 12.04.2025 10:46:40
The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.
- EPSS 14.19%
- Published 08.01.2016 21:59:02
- Last modified 12.04.2025 10:46:40
Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.
CVE-2015-8467
- EPSS 1.75%
- Published 29.12.2015 22:59:07
- Last modified 12.04.2025 10:46:40
The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, wh...