CVE-2016-4574
- EPSS 2.76%
- Veröffentlicht 13.06.2016 19:59:09
- Zuletzt bearbeitet 06.05.2026 22:30:45
Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. NOTE: this vulnerability exists because of a...
CVE-2016-4356
- EPSS 2.93%
- Veröffentlicht 13.06.2016 19:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
The append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.3 allows remote attackers to cause a denial of service (out-of-bounds read) by clearing the high bit of the byte after invalid utf-8 encoded data.
CVE-2016-4355
- EPSS 1.87%
- Veröffentlicht 13.06.2016 19:59:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 allow remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow.
CVE-2016-4354
- EPSS 1.87%
- Veröffentlicht 13.06.2016 19:59:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow.
CVE-2016-4353
- EPSS 2.15%
- Veröffentlicht 13.06.2016 19:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service (abort) via crafted BER data.
CVE-2016-3698
- EPSS 3.81%
- Veröffentlicht 13.06.2016 19:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote attackers to conduct man-in-the-middle attacks or cause a denial of service (network connectivity d...
CVE-2016-5104
- EPSS 2.99%
- Veröffentlicht 13.06.2016 14:59:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket.
CVE-2016-2834
- EPSS 3.38%
- Veröffentlicht 13.06.2016 10:59:15
- Zuletzt bearbeitet 06.05.2026 22:30:45
Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
CVE-2016-2833
- EPSS 1.37%
- Veröffentlicht 13.06.2016 10:59:14
- Zuletzt bearbeitet 06.05.2026 22:30:45
Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted applet.
CVE-2016-2832
- EPSS 1.49%
- Veröffentlicht 13.06.2016 10:59:13
- Zuletzt bearbeitet 06.05.2026 22:30:45
Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets (CSS) pseudo-classes.