CVE-2016-4429
- EPSS 3.92%
- Veröffentlicht 10.06.2016 15:59:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UD...
CVE-2016-4449
- EPSS 1.66%
- Veröffentlicht 09.06.2016 16:59:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource con...
CVE-2016-4447
- EPSS 13.98%
- Veröffentlicht 09.06.2016 16:59:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
CVE-2016-1582
- EPSS 0.35%
- Veröffentlicht 09.06.2016 16:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container directory via unspecified vectors.
CVE-2016-1581
- EPSS 0.3%
- Veröffentlicht 09.06.2016 16:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors.
CVE-2016-4450
- EPSS 16.38%
- Veröffentlicht 07.06.2016 14:06:14
- Zuletzt bearbeitet 06.05.2026 22:30:45
os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary...
CVE-2015-5261
- EPSS 0.49%
- Veröffentlicht 07.06.2016 14:06:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.
CVE-2015-5260
- EPSS 0.58%
- Veröffentlicht 07.06.2016 14:06:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter...
CVE-2016-1703
- EPSS 1.15%
- Veröffentlicht 05.06.2016 23:59:33
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2016-1702
- EPSS 1.23%
- Veröffentlicht 05.06.2016 23:59:32
- Zuletzt bearbeitet 06.05.2026 22:30:45
The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted serial...