Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2016-05-11	CVE-2016-3712	Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode. local low complexity oracle qemu canonical debian redhat citrix CWE-190	5.5
2016-05-10	CVE-2016-4556	Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response. network low complexity squid-cache oracle canonical	5.0
2016-05-10	CVE-2016-4555	Improper Input Validation vulnerability in multiple products client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses. network low complexity squid-cache canonical oracle CWE-20	5.0
2016-05-10	CVE-2016-4554	Insufficient Verification of Data Authenticity vulnerability in multiple products mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue. network low complexity oracle squid-cache canonical CWE-345	5.0
2016-05-10	CVE-2016-4553	Insufficient Verification of Data Authenticity vulnerability in multiple products client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request. network low complexity canonical squid-cache oracle CWE-345	5.0
2016-05-09	CVE-2016-4476	Improper Input Validation vulnerability in multiple products hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation. network low complexity w1-fi canonical CWE-20	5.0
2016-05-05	CVE-2016-4008	Resource Management Errors vulnerability in multiple products The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate. network high complexity canonical opensuse gnu fedoraproject CWE-399	5.9
2016-05-05	CVE-2016-3718	Server-Side Request Forgery (SSRF) vulnerability in multiple products The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. local low complexity redhat imagemagick canonical oracle suse opensuse CWE-918	5.5
2016-05-05	CVE-2016-3717	Information Exposure vulnerability in multiple products The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image. local low complexity canonical redhat imagemagick CWE-200	5.5
2016-05-05	CVE-2016-3715	The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. local low complexity redhat imagemagick canonical oracle suse opensuse	5.5