2.0.0

DATE	CVE	VULNERABILITY TITLE	RISK
2016-05-11	CVE-2016-3710	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue. local low complexity debian hp canonical qemu oracle citrix redhat CWE-119	7.2
2016-05-05	CVE-2016-2107	Information Exposure vulnerability in multiple products The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. network high complexity redhat opensuse openssl google hp nodejs debian canonical CWE-200	5.9
2016-02-18	CVE-2015-7547	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. network high complexity debian canonical hp sophos suse opensuse oracle f5 redhat gnu CWE-119	8.1