CVE-2016-5300
- EPSS 6.54%
- Veröffentlicht 16.06.2016 18:59:10
- Zuletzt bearbeitet 06.05.2026 22:30:45
The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists beca...
CVE-2016-3062
- EPSS 4.05%
- Veröffentlicht 16.06.2016 18:59:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.
- EPSS 0.4%
- Veröffentlicht 16.06.2016 18:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers.
CVE-2012-6702
- EPSS 2.37%
- Veröffentlicht 16.06.2016 18:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.
CVE-2016-5338
- EPSS 0.5%
- Veröffentlicht 14.06.2016 14:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information tran...
CVE-2016-5337
- EPSS 0.43%
- Veröffentlicht 14.06.2016 14:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information.
CVE-2016-5238
- EPSS 0.42%
- Veröffentlicht 14.06.2016 14:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode.
CVE-2016-4478
- EPSS 2.27%
- Veröffentlicht 13.06.2016 19:59:09
- Zuletzt bearbeitet 06.05.2026 22:30:45
Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC response encoding.
CVE-2016-3698
- EPSS 3.81%
- Veröffentlicht 13.06.2016 19:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote attackers to conduct man-in-the-middle attacks or cause a denial of service (network connectivity d...
CVE-2016-2831
- EPSS 1.35%
- Veröffentlicht 13.06.2016 10:59:12
- Zuletzt bearbeitet 06.05.2026 22:30:45
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing att...