CVE-2016-9108
- EPSS 2.8%
- Veröffentlicht 03.02.2017 15:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc. MuJS before commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e allows attackers to cause a denial of service (application crash) via a crafted regular expression.
CVE-2015-7977
- EPSS 6.35%
- Veröffentlicht 30.01.2017 21:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.
CVE-2016-9446
- EPSS 3.57%
- Veröffentlicht 23.01.2017 21:59:03
- Zuletzt bearbeitet 13.05.2026 00:24:29
The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.
CVE-2015-8854
- EPSS 4.33%
- Veröffentlicht 23.01.2017 21:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service (CPU consumption) via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline rule," aka a "regular expression denial of service (...
CVE-2016-7543
- EPSS 0.58%
- Veröffentlicht 19.01.2017 20:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.
CVE-2016-7545
- EPSS 0.38%
- Veröffentlicht 19.01.2017 20:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.
CVE-2016-9811
- EPSS 2.36%
- Veröffentlicht 13.01.2017 16:59:01
- Zuletzt bearbeitet 13.05.2026 00:24:29
The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file.
CVE-2016-2090
- EPSS 3.22%
- Veröffentlicht 13.01.2017 16:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow.
CVE-2016-10027
- EPSS 1.52%
- Veröffentlicht 12.01.2017 23:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "s...
CVE-2016-9299
- EPSS 96.94%
- Veröffentlicht 12.01.2017 23:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server.