The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0.
Max CVSS
4.9
EPSS Score
0.06%
Published
2016-10-05
Updated
2020-11-10
The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags.
Max CVSS
4.4
EPSS Score
0.06%
Published
2016-10-05
Updated
2023-02-12
The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav 11.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted MP3 file.
Max CVSS
5.5
EPSS Score
1.05%
Published
2016-10-07
Updated
2016-10-11
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.
Max CVSS
7.5
EPSS Score
0.77%
Published
2016-10-03
Updated
2018-01-05
Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet.
Max CVSS
10.0
EPSS Score
1.16%
Published
2016-10-05
Updated
2020-11-16
Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.
Max CVSS
10.0
EPSS Score
3.81%
Published
2016-10-10
Updated
2023-01-19
Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.
Max CVSS
4.4
EPSS Score
0.15%
Published
2016-10-25
Updated
2022-10-27
Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.
Max CVSS
9.8
EPSS Score
4.52%
Published
2016-10-03
Updated
2023-09-15
Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message.
Max CVSS
7.5
EPSS Score
1.87%
Published
2016-10-05
Updated
2017-11-13
The extractTree function in unADF allows remote attackers to execute arbitrary code via shell metacharacters in a directory name in an adf file.
Max CVSS
9.3
EPSS Score
3.06%
Published
2016-10-03
Updated
2024-03-15
Stack-based buffer overflow in the extractTree function in unADF allows remote attackers to execute arbitrary code via a long pathname.
Max CVSS
9.8
EPSS Score
6.63%
Published
2016-10-03
Updated
2024-03-15
11 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!