CVE-2016-6354
- EPSS 8.77%
- Veröffentlicht 21.09.2016 14:25:20
- Zuletzt bearbeitet 06.05.2026 22:30:45
Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read.
CVE-2015-8871
- EPSS 2.96%
- Veröffentlicht 21.09.2016 14:25:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors.
- EPSS 67.73%
- Veröffentlicht 20.09.2016 18:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow loc...
CVE-2015-8931
- EPSS 2.12%
- Veröffentlicht 20.09.2016 14:15:18
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefin...
CVE-2015-8932
- EPSS 2.21%
- Veröffentlicht 20.09.2016 14:15:18
- Zuletzt bearbeitet 06.05.2026 22:30:45
The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift.
CVE-2015-8917
- EPSS 4.3%
- Veröffentlicht 20.09.2016 14:15:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file.
CVE-2015-8916
- EPSS 3.23%
- Veröffentlicht 20.09.2016 14:15:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a "split file in multivolume RAR," which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted rar...
CVE-2016-6211
- EPSS 2.53%
- Veröffentlicht 09.09.2016 14:05:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.
CVE-2016-7180
- EPSS 2.09%
- Veröffentlicht 09.09.2016 10:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark 2.x before 2.0.6 does not properly consider whether a string is constant, which allows remote attackers to cause a denial of service (use-after-free and application crash) v...
CVE-2016-7179
- EPSS 2.65%
- Veröffentlicht 09.09.2016 10:59:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted packet.