Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2016-05-05	CVE-2016-3718	Server-Side Request Forgery (SSRF) vulnerability in multiple products The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. local low complexity redhat imagemagick canonical oracle suse opensuse CWE-918	5.5
2016-05-05	CVE-2016-3715	The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. local low complexity redhat imagemagick canonical oracle suse opensuse	5.5
2016-04-27	CVE-2016-2782	NULL Pointer Dereference vulnerability in multiple products The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint. local low complexity linux suse CWE-476	4.9
2016-04-21	CVE-2016-0642	Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated. network oracle suse opensuse redhat mariadb debian canonical	4.3
2016-04-19	CVE-2015-8776	Numeric Errors vulnerability in multiple products The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value. network low complexity suse opensuse canonical debian fedoraproject gnu CWE-189	6.4
2016-04-13	CVE-2016-3069	Improper Input Validation vulnerability in multiple products Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository. network mercurial debian suse opensuse fedoraproject redhat CWE-20	6.8
2016-04-13	CVE-2016-3068	Improper Input Validation vulnerability in multiple products Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository. network debian mercurial fedoraproject redhat suse opensuse CWE-20	6.8
2016-03-09	CVE-2016-1285	named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c. network high complexity isc suse opensuse fedoraproject canonical debian juniper	6.8
2009-07-22	CVE-2009-2472	Cross-Site Scripting vulnerability in multiple products Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, related to a "cross origin wrapper bypass." network mozilla fedoraproject suse opensuse CWE-79	4.3