High

DATE	CVE	VULNERABILITY TITLE	RISK
2016-04-12	CVE-2016-2857	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet. local low complexity qemu canonical debian redhat CWE-119	8.4
2016-04-12	CVE-2016-1568	Use After Free vulnerability in multiple products Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command. local low complexity qemu redhat debian CWE-416	8.8
2016-04-11	CVE-2016-1235	Permissions, Privileges, and Access Controls vulnerability in multiple products The oarsh script in OAR before 2.5.7 allows remote authenticated users of a cluster to obtain sensitive information and possibly gain privileges via vectors related to OpenSSH options. network low complexity oar-project debian CWE-264	8.8
2016-04-11	CVE-2012-6700	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The decode_search function in dhcp.c in dhcpcd 3.x does not properly free allocated memory, which allows remote DHCP servers to cause a denial of service via a crafted response. network low complexity debian dhcpcd-project CWE-119	7.5
2016-04-11	CVE-2012-6699	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds read) via a crafted response. network low complexity debian dhcpcd-project CWE-119	7.5
2016-04-11	CVE-2012-6698	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds write) via a crafted response. network low complexity debian dhcpcd-project CWE-119	7.5
2016-04-08	CVE-2016-2381	Improper Input Validation vulnerability in multiple products Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp. network low complexity perl debian oracle opensuse canonical CWE-20	7.5
2016-04-07	CVE-2016-2098	Improper Input Validation vulnerability in multiple products Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method. network low complexity debian rubyonrails CWE-20	7.3
2016-04-07	CVE-2016-2510	Data Processing Errors vulnerability in multiple products BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler. network high complexity beanshell debian canonical CWE-19	8.1
2016-03-30	CVE-2015-8837	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Stack-based buffer overflow in the isofs_real_readdir function in isofs.c in FuseISO 20070708 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long pathname in an ISO file. local low complexity fuseiso-project debian fedoraproject CWE-119	7.3