CVE-2016-1286
- EPSS 62.1%
- Veröffentlicht 09.03.2016 23:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.
CVE-2016-1285
- EPSS 59.14%
- Veröffentlicht 09.03.2016 23:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed...
CVE-2016-2316
- EPSS 4.97%
- Veröffentlicht 22.02.2016 15:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245,...
CVE-2016-0725
- EPSS 1.57%
- Veröffentlicht 22.02.2016 05:59:22
- Zuletzt bearbeitet 06.05.2026 22:30:45
Cross-site scripting (XSS) vulnerability in the search_pagination function in course/classes/management_renderer.php in Moodle 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 allows remote attackers to inject arbitrary web script or H...
CVE-2016-0724
- EPSS 1.94%
- Veröffentlicht 22.02.2016 05:59:21
- Zuletzt bearbeitet 06.05.2026 22:30:45
The (1) core_enrol_get_course_enrolment_methods and (2) enrol_self_get_instance_info web services in Moodle through 2.6.11, 2.7.x before 2.7.12, 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 do not consider the moodle/course:viewhid...
CVE-2016-2045
- EPSS 1.53%
- Veröffentlicht 20.02.2016 01:59:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response.
CVE-2016-2044
- EPSS 2.03%
- Veröffentlicht 20.02.2016 01:59:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.
CVE-2016-2043
- EPSS 1.27%
- Veröffentlicht 20.02.2016 01:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the ...
CVE-2016-2042
- EPSS 2.38%
- Veröffentlicht 20.02.2016 01:59:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path ...
CVE-2016-2041
- EPSS 2.65%
- Veröffentlicht 20.02.2016 01:59:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restri...