CVE-2016-3705
- EPSS 5.1%
- Veröffentlicht 17.05.2016 14:08:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and applic...
CVE-2016-3627
- EPSS 7.03%
- Veröffentlicht 17.05.2016 14:08:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML doc...
CVE-2016-1669
- EPSS 4.23%
- Veröffentlicht 14.05.2016 21:59:09
- Zuletzt bearbeitet 06.05.2026 22:30:45
The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer ...
CVE-2016-1578
- EPSS 3.05%
- Veröffentlicht 13.05.2016 14:59:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
Use-after-free vulnerability in Oxide allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to responding synchronously to permission requests.
CVE-2016-3712
- EPSS 0.51%
- Veröffentlicht 11.05.2016 21:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.
CVE-2016-3710
- EPSS 0.92%
- Veröffentlicht 11.05.2016 21:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Port...
CVE-2016-4556
- EPSS 23.11%
- Veröffentlicht 10.05.2016 19:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response.
CVE-2016-4555
- EPSS 53.92%
- Veröffentlicht 10.05.2016 19:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses.
CVE-2016-4554
- EPSS 38.89%
- Veröffentlicht 10.05.2016 19:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue.
CVE-2016-4553
- EPSS 79.97%
- Veröffentlicht 10.05.2016 19:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.