- EPSS 83.52%
- Veröffentlicht 10.11.2016 21:59:00
- Zuletzt bearbeitet 21.04.2026 17:43:46
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in Oc...
CVE-2016-7425
- EPSS 0.43%
- Veröffentlicht 16.10.2016 21:59:12
- Zuletzt bearbeitet 06.05.2026 22:30:45
The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow)...
CVE-2016-7795
- EPSS 0.63%
- Veröffentlicht 13.10.2016 14:59:13
- Zuletzt bearbeitet 06.05.2026 22:30:45
The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket.
- EPSS 24.3%
- Veröffentlicht 10.10.2016 11:00:13
- Zuletzt bearbeitet 06.05.2026 22:30:45
Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.
CVE-2016-7401
- EPSS 6.13%
- Veröffentlicht 03.10.2016 18:59:13
- Zuletzt bearbeitet 06.05.2026 22:30:45
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.
CVE-2016-6352
- EPSS 3.86%
- Veröffentlicht 03.10.2016 18:59:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file.
CVE-2016-1372
- EPSS 1.61%
- Veröffentlicht 03.10.2016 18:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted 7z file.
CVE-2016-1371
- EPSS 1.64%
- Veröffentlicht 03.10.2016 18:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable.
CVE-2016-5180
- EPSS 8.58%
- Veröffentlicht 03.10.2016 15:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.
CVE-2016-7045
- EPSS 4.71%
- Veröffentlicht 27.09.2016 15:59:11
- Zuletzt bearbeitet 06.05.2026 22:30:45
The format_send_to_gui function in the format parsing code in Irssi before 0.8.20 allows remote attackers to cause a denial of service (heap corruption and crash) via vectors involving the length of a string.