High

DATE	CVE	VULNERABILITY TITLE	RISK
2016-04-25	CVE-2016-4051	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data. network low complexity canonical oracle squid-cache CWE-119	8.8
2016-04-07	CVE-2016-1714	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access and process crash) or possibly execute arbitrary code via an invalid current entry value in a firmware configuration. local high complexity redhat oracle qemu CWE-119	8.1
2016-03-13	CVE-2016-2802	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. network low complexity mozilla suse opensuse sil oracle CWE-119	8.8
2016-03-13	CVE-2016-2801	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797. network low complexity suse opensuse sil oracle mozilla CWE-119	8.8
2016-03-13	CVE-2016-2800	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2792. network low complexity mozilla suse opensuse oracle sil CWE-119	8.8
2016-03-13	CVE-2016-2799	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font. network low complexity oracle suse opensuse mozilla sil CWE-119	8.8
2016-03-13	CVE-2016-2798	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. network low complexity mozilla sil oracle suse opensuse CWE-119	8.8
2016-03-13	CVE-2016-2797	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2801. network low complexity oracle mozilla suse opensuse sil CWE-119	8.8
2016-03-13	CVE-2016-2796	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font. network low complexity sil suse opensuse oracle mozilla CWE-119	8.8
2016-03-13	CVE-2016-2795	Data Processing Errors vulnerability in multiple products The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font. network low complexity suse opensuse oracle mozilla sil CWE-19	8.8