CVE-2016-1762
- EPSS 6.47%
- Veröffentlicht 24.03.2016 01:59:30
- Zuletzt bearbeitet 06.05.2026 22:30:45
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVE-2016-2856
- EPSS 1.08%
- Veröffentlicht 14.03.2016 01:59:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie; the elibc package before 2.15-0ubuntu10.14 on Ubuntu 12.04 LTS and before 2.19-0ubuntu6.8 on Ubuntu 14.04 LTS; and the glibc package before 2.21-0ubuntu4.2 on Ubuntu 15.10 and befo...
CVE-2015-7560
- EPSS 12.94%
- Veröffentlicht 13.03.2016 22:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then u...
CVE-2016-1286
- EPSS 62.1%
- Veröffentlicht 09.03.2016 23:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.
CVE-2016-1285
- EPSS 59.14%
- Veröffentlicht 09.03.2016 23:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed...
CVE-2016-2774
- EPSS 73.62%
- Veröffentlicht 09.03.2016 15:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establis...
CVE-2016-0797
- EPSS 27.02%
- Veröffentlicht 03.03.2016 20:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit stri...
CVE-2016-0702
- EPSS 1.91%
- Veröffentlicht 03.03.2016 20:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discov...
- EPSS 26.34%
- Veröffentlicht 03.03.2016 20:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other imp...
CVE-2016-0763
- EPSS 11.3%
- Veröffentlicht 25.02.2016 01:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, wh...