+
+
+ | CVE-2015-5600 |
+ High |
+ openssh:1:6.7p1-5 |
+ The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-5277 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2016-2856 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-7182 |
+ High |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-7181 |
+ High |
+ nss:2:3.17.2-1.1+deb8u2 |
+ The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-8391 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-8395 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-8386 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-2328 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-8380 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-8390 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-8381 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-8394 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-8387 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-8392 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2016-3191 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-8389 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-8383 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-8385 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-2327 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-8384 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-8388 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2016-1283 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2014-9769 |
+ High |
+ pcre3:2:8.35-3.3 |
+ pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2016-0799 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2016-0798 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2016-0705 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2016-2842 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-8607 |
+ High |
+ perl:5.20.2-3+deb8u1 |
+ The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2016-0494 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-4844 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2016-0728 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2013-7445 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-2059 |
+ High |
+ libidn:1.29-1 |
+ The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-8805 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-8804 |
+ High |
+ nettle:2.7.1-5 |
+ x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-8803 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-5600 |
+ High |
+ openssh:1:6.7p1-5 |
+ The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-5277 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2016-2856 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-8805 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-8804 |
+ High |
+ nettle:2.7.1-5 |
+ x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-8803 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2016-0494 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-4844 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-8391 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-8395 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-8386 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-2328 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-8380 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-8390 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-8381 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-8394 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-8387 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-8392 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2016-3191 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-8389 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-8383 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-8385 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-2327 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-8384 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-8388 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2016-1283 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2014-9769 |
+ High |
+ pcre3:2:8.35-3.3 |
+ pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-8607 |
+ High |
+ perl:5.20.2-3+deb8u1 |
+ The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-7182 |
+ High |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-7181 |
+ High |
+ nss:2:3.17.2-1.1+deb8u2 |
+ The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2016-0728 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2013-7445 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-2059 |
+ High |
+ libidn:1.29-1 |
+ The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2016-0799 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2016-0798 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2016-0705 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2016-2842 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2016-0494 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-4844 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-5600 |
+ High |
+ openssh:1:6.7p1-5 |
+ The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-8805 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-8804 |
+ High |
+ nettle:2.7.1-5 |
+ x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-8803 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2016-0728 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2013-7445 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-5277 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2016-2856 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-2059 |
+ High |
+ libidn:1.29-1 |
+ The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-7182 |
+ High |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-7181 |
+ High |
+ nss:2:3.17.2-1.1+deb8u2 |
+ The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2016-0799 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2016-0798 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2016-0705 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2016-2842 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-8607 |
+ High |
+ perl:5.20.2-3+deb8u1 |
+ The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-8391 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-8395 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-8386 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-2328 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-8380 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-8390 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-8381 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-8394 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-8387 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-8392 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2016-3191 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-8389 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-8383 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-8385 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-2327 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-8384 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-8388 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2016-1283 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2014-9769 |
+ High |
+ pcre3:2:8.35-3.3 |
+ pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-7182 |
+ High |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-7181 |
+ High |
+ nss:2:3.17.2-1.1+deb8u2 |
+ The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-5277 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2016-2856 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-8391 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-8395 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-8386 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-2328 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-8380 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-8390 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-8381 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-8394 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-8387 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-8392 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2016-3191 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-8389 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-8383 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-8385 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-2327 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-8384 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-8388 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2016-1283 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2014-9769 |
+ High |
+ pcre3:2:8.35-3.3 |
+ pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2016-0799 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2016-0798 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2016-0705 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2016-2842 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-8607 |
+ High |
+ perl:5.20.2-3+deb8u1 |
+ The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-8805 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-8804 |
+ High |
+ nettle:2.7.1-5 |
+ x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-8803 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-5600 |
+ High |
+ openssh:1:6.7p1-5 |
+ The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-2059 |
+ High |
+ libidn:1.29-1 |
+ The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2016-0494 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-4844 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2016-0728 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2013-7445 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-5600 |
+ High |
+ openssh:1:6.7p1-5 |
+ The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2016-0799 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2016-0798 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2016-0705 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2016-2842 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-8391 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-8395 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-8386 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-2328 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-8380 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-8390 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-8381 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-8394 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-8387 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-8392 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2016-3191 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-8389 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-8383 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-8385 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-2327 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-8384 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-8388 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2016-1283 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2014-9769 |
+ High |
+ pcre3:2:8.35-3.3 |
+ pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-5277 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2016-2856 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-2059 |
+ High |
+ libidn:1.29-1 |
+ The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-7182 |
+ High |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-7181 |
+ High |
+ nss:2:3.17.2-1.1+deb8u2 |
+ The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-8607 |
+ High |
+ perl:5.20.2-3+deb8u1 |
+ The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-8805 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-8804 |
+ High |
+ nettle:2.7.1-5 |
+ x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-8803 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2016-0728 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2013-7445 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2016-0494 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-4844 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-8805 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-8804 |
+ High |
+ nettle:2.7.1-5 |
+ x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-8803 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-2059 |
+ High |
+ libidn:1.29-1 |
+ The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2016-0799 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2016-0798 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2016-0705 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2016-2842 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-8391 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-8395 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-8386 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-2328 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-8380 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-8390 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-8381 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-8394 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-8387 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-8392 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2016-3191 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-8389 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-8383 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-8385 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-2327 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-8384 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-8388 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2016-1283 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2014-9769 |
+ High |
+ pcre3:2:8.35-3.3 |
+ pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-5600 |
+ High |
+ openssh:1:6.7p1-5 |
+ The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-7182 |
+ High |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-7181 |
+ High |
+ nss:2:3.17.2-1.1+deb8u2 |
+ The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-8607 |
+ High |
+ perl:5.20.2-3+deb8u1 |
+ The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2016-0494 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-4844 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2016-0728 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2013-7445 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-5277 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2016-2856 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2016-0728 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2013-7445 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-8805 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-8804 |
+ High |
+ nettle:2.7.1-5 |
+ x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-8803 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2016-0799 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2016-0798 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2016-0705 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2016-2842 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-2059 |
+ High |
+ libidn:1.29-1 |
+ The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-5277 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2016-2856 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-8607 |
+ High |
+ perl:5.20.2-3+deb8u1 |
+ The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2016-0494 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-4844 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-8391 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-8395 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-8386 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-2328 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-8380 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-8390 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-8381 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-8394 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-8387 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-8392 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2016-3191 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-8389 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-8383 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-8385 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-2327 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-8384 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-8388 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2016-1283 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2014-9769 |
+ High |
+ pcre3:2:8.35-3.3 |
+ pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-5600 |
+ High |
+ openssh:1:6.7p1-5 |
+ The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-7182 |
+ High |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-7181 |
+ High |
+ nss:2:3.17.2-1.1+deb8u2 |
+ The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2016-0494 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-4844 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-8805 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-8804 |
+ High |
+ nettle:2.7.1-5 |
+ x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-8803 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-5600 |
+ High |
+ openssh:1:6.7p1-5 |
+ The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2016-0799 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2016-0798 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2016-0705 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2016-2842 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-8607 |
+ High |
+ perl:5.20.2-3+deb8u1 |
+ The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-5277 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2016-2856 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2016-0728 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2013-7445 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-7182 |
+ High |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-7181 |
+ High |
+ nss:2:3.17.2-1.1+deb8u2 |
+ The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-8391 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-8395 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-8386 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-2328 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-8380 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-8390 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-8381 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-8394 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-8387 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-8392 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2016-3191 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-8389 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-8383 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-8385 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-2327 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-8384 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-8388 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2016-1283 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2014-9769 |
+ High |
+ pcre3:2:8.35-3.3 |
+ pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-2059 |
+ High |
+ libidn:1.29-1 |
+ The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2016-0728 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2013-7445 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-5600 |
+ High |
+ openssh:1:6.7p1-5 |
+ The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2016-0494 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-4844 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-8805 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-8804 |
+ High |
+ nettle:2.7.1-5 |
+ x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-8803 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-7182 |
+ High |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-7181 |
+ High |
+ nss:2:3.17.2-1.1+deb8u2 |
+ The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-5277 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2016-2856 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-2059 |
+ High |
+ libidn:1.29-1 |
+ The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-8607 |
+ High |
+ perl:5.20.2-3+deb8u1 |
+ The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-8391 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-8395 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-8386 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-2328 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-8380 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-8390 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-8381 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-8394 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-8387 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-8392 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2016-3191 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-8389 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-8383 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-8385 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-2327 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-8384 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-8388 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2016-1283 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2014-9769 |
+ High |
+ pcre3:2:8.35-3.3 |
+ pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2016-0799 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2016-0798 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2016-0705 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2016-2842 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2016-0494 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-4844 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-7182 |
+ High |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-7181 |
+ High |
+ nss:2:3.17.2-1.1+deb8u2 |
+ The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-8391 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-8395 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-8386 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-2328 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-8380 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-8390 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-8381 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-8394 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-8387 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-8392 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2016-3191 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-8389 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-8383 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-8385 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-2327 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-8384 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-8388 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2016-1283 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2014-9769 |
+ High |
+ pcre3:2:8.35-3.3 |
+ pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-8805 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-8804 |
+ High |
+ nettle:2.7.1-5 |
+ x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-8803 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2016-0728 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2013-7445 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-8607 |
+ High |
+ perl:5.20.2-3+deb8u1 |
+ The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-2059 |
+ High |
+ libidn:1.29-1 |
+ The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-5277 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2016-2856 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-5600 |
+ High |
+ openssh:1:6.7p1-5 |
+ The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2016-0799 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2016-0798 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2016-0705 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2016-2842 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-7182 |
+ High |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-7181 |
+ High |
+ nss:2:3.17.2-1.1+deb8u2 |
+ The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-5277 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2016-2856 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-2059 |
+ High |
+ libidn:1.29-1 |
+ The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2016-0799 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2016-0798 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2016-0705 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2016-2842 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-8607 |
+ High |
+ perl:5.20.2-3+deb8u1 |
+ The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-8805 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-8804 |
+ High |
+ nettle:2.7.1-5 |
+ x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-8803 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-5600 |
+ High |
+ openssh:1:6.7p1-5 |
+ The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-8391 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-8395 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-8386 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-2328 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-8380 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-8390 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-8381 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-8394 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-8387 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-8392 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2016-3191 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-8389 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-8383 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-8385 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-2327 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-8384 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-8388 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2016-1283 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2014-9769 |
+ High |
+ pcre3:2:8.35-3.3 |
+ pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2016-0494 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-4844 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2016-0728 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2013-7445 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-5277 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2016-2856 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2015-5600 |
+ High |
+ openssh:1:6.7p1-5 |
+ The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2016-0494 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2015-4844 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2016-0728 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2013-7445 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2016-0799 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2016-0798 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2016-0705 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2016-2842 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2015-8805 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2015-8804 |
+ High |
+ nettle:2.7.1-5 |
+ x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2015-8803 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2015-2059 |
+ High |
+ libidn:1.29-1 |
+ The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2015-8607 |
+ High |
+ perl:5.20.2-3+deb8u1 |
+ The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2015-8391 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2015-8395 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2015-8386 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2015-2328 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2015-8380 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2015-8390 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2015-8381 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2015-8394 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2015-8387 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2015-8392 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2016-3191 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2015-8389 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2015-8383 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2015-8385 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2015-2327 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2015-8384 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2015-8388 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2016-1283 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2014-9769 |
+ High |
+ pcre3:2:8.35-3.3 |
+ pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2015-8391 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2015-8395 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2015-8386 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2015-2328 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2015-8380 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2015-8390 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2015-8381 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2015-8394 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2015-8387 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2015-8392 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2016-3191 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2015-8389 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2015-8383 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2015-8385 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2015-2327 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2015-8384 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2015-8388 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2016-1283 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2014-9769 |
+ High |
+ pcre3:2:8.35-3.3 |
+ pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2015-5600 |
+ High |
+ openssh:1:6.7p1-5 |
+ The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2016-0728 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2013-7445 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2015-2059 |
+ High |
+ libidn:1.29-1 |
+ The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2015-5277 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2016-2856 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2015-8805 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2015-8804 |
+ High |
+ nettle:2.7.1-5 |
+ x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2015-8803 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2016-0799 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2016-0798 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2016-0705 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2016-2842 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2015-8607 |
+ High |
+ perl:5.20.2-3+deb8u1 |
+ The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2016-0494 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2015-4844 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2016-0494 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-4844 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-2059 |
+ High |
+ libidn:1.29-1 |
+ The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-5600 |
+ High |
+ openssh:1:6.7p1-5 |
+ The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-8607 |
+ High |
+ perl:5.20.2-3+deb8u1 |
+ The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-5277 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2016-2856 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2016-0728 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2013-7445 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2016-0799 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2016-0798 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2016-0705 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2016-2842 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-8805 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-8804 |
+ High |
+ nettle:2.7.1-5 |
+ x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-8803 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-8391 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-8395 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-8386 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-2328 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-8380 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-8390 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-8381 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-8394 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-8387 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-8392 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2016-3191 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-8389 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-8383 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-8385 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-2327 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-8384 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-8388 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2016-1283 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2014-9769 |
+ High |
+ pcre3:2:8.35-3.3 |
+ pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-8391 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2015-8395 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2015-8386 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2015-2328 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2015-8380 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2015-8390 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2015-8381 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2015-8394 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2015-8387 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2015-8392 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2016-3191 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2015-8389 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2015-8383 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2015-8385 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2015-2327 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2015-8384 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2015-8388 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2016-1283 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2014-9769 |
+ High |
+ pcre3:2:8.35-3.3 |
+ pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2015-5600 |
+ High |
+ openssh:1:6.7p1-5 |
+ The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2015-2059 |
+ High |
+ libidn:1.29-1 |
+ The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2015-8607 |
+ High |
+ perl:5.20.2-3+deb8u1 |
+ The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2016-0728 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2013-7445 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2015-8805 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2015-8804 |
+ High |
+ nettle:2.7.1-5 |
+ x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2015-8803 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2015-5277 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2016-2856 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2016-0494 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2015-4844 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2016-0799 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2016-0798 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2016-0705 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2016-2842 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2015-5600 |
+ High |
+ openssh:1:6.7p1-5 |
+ The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2016-0494 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2015-4844 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2016-0799 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2016-0798 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2016-0705 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2016-2842 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2015-5277 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2016-2856 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2015-2059 |
+ High |
+ libidn:1.29-1 |
+ The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2016-0728 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2013-7445 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2015-8607 |
+ High |
+ perl:5.20.2-3+deb8u1 |
+ The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2015-8391 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2015-8395 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2015-8386 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2015-2328 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2015-8380 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2015-8390 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2015-8381 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2015-8394 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2015-8387 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2015-8392 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2016-3191 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2015-8389 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2015-8383 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2015-8385 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2015-2327 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2015-8384 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2015-8388 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2016-1283 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2014-9769 |
+ High |
+ pcre3:2:8.35-3.3 |
+ pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2015-8805 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2015-8804 |
+ High |
+ nettle:2.7.1-5 |
+ x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2015-8803 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2016-0494 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2015-4844 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2015-8805 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2015-8804 |
+ High |
+ nettle:2.7.1-5 |
+ x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2015-8803 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2015-2059 |
+ High |
+ libidn:1.29-1 |
+ The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2016-0728 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2013-7445 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2015-8607 |
+ High |
+ perl:5.20.2-3+deb8u1 |
+ The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2015-5277 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2016-2856 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2016-0799 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2016-0798 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2016-0705 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2016-2842 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2015-8391 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2015-8395 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2015-8386 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2015-2328 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2015-8380 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2015-8390 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2015-8381 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2015-8394 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2015-8387 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2015-8392 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2016-3191 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2015-8389 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2015-8383 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2015-8385 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2015-2327 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2015-8384 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2015-8388 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2016-1283 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2014-9769 |
+ High |
+ pcre3:2:8.35-3.3 |
+ pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2015-5600 |
+ High |
+ openssh:1:6.7p1-5 |
+ The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2016-0494 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2015-4844 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2015-8805 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2015-8804 |
+ High |
+ nettle:2.7.1-5 |
+ x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2015-8803 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2015-5600 |
+ High |
+ openssh:1:6.7p1-5 |
+ The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2016-0728 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2013-7445 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2015-8391 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2015-8395 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2015-8386 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2015-2328 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2015-8380 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2015-8390 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2015-8381 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2015-8394 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2015-8387 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2015-8392 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2016-3191 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2015-8389 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2015-8383 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2015-8385 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2015-2327 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2015-8384 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2015-8388 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2016-1283 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2014-9769 |
+ High |
+ pcre3:2:8.35-3.3 |
+ pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2016-0799 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2016-0798 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2016-0705 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2016-2842 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2015-5277 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2016-2856 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2015-2059 |
+ High |
+ libidn:1.29-1 |
+ The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2015-8607 |
+ High |
+ perl:5.20.2-3+deb8u1 |
+ The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2015-5600 |
+ High |
+ openssh:1:6.7p1-5 |
+ The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2015-5277 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2016-2856 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2015-8607 |
+ High |
+ perl:5.20.2-3+deb8u1 |
+ The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2016-0728 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2013-7445 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2015-8805 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2015-8804 |
+ High |
+ nettle:2.7.1-5 |
+ x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2015-8803 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2016-0494 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2015-4844 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2015-2059 |
+ High |
+ libidn:1.29-1 |
+ The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2015-8391 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2015-8395 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2015-8386 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2015-2328 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2015-8380 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2015-8390 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2015-8381 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2015-8394 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2015-8387 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2015-8392 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2016-3191 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2015-8389 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2015-8383 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2015-8385 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2015-2327 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2015-8384 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2015-8388 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2016-1283 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2014-9769 |
+ High |
+ pcre3:2:8.35-3.3 |
+ pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2016-0799 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2016-0798 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2016-0705 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2016-2842 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2016-0494 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2015-4844 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2015-8805 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2015-8804 |
+ High |
+ nettle:2.7.1-5 |
+ x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2015-8803 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2015-5600 |
+ High |
+ openssh:1:6.7p1-5 |
+ The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2015-8391 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2015-8395 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2015-8386 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2015-2328 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2015-8380 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2015-8390 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2015-8381 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2015-8394 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2015-8387 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2015-8392 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2016-3191 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2015-8389 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2015-8383 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2015-8385 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2015-2327 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2015-8384 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2015-8388 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2016-1283 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2014-9769 |
+ High |
+ pcre3:2:8.35-3.3 |
+ pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2015-2059 |
+ High |
+ libidn:1.29-1 |
+ The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2016-0728 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2013-7445 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2015-5277 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2016-2856 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2015-8607 |
+ High |
+ perl:5.20.2-3+deb8u1 |
+ The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2016-0799 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2016-0798 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2016-0705 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2016-2842 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2016-0799 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2016-0798 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2016-0705 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2016-2842 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-2059 |
+ High |
+ libidn:1.29-1 |
+ The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-8391 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-8395 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-8386 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-2328 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-8380 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-8390 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-8381 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-8394 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-8387 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-8392 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2016-3191 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-8389 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-8383 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-8385 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-2327 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-8384 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-8388 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2016-1283 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2014-9769 |
+ High |
+ pcre3:2:8.35-3.3 |
+ pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2016-0494 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-4844 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-5600 |
+ High |
+ openssh:1:6.7p1-5 |
+ The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-5277 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2016-2856 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-8607 |
+ High |
+ perl:5.20.2-3+deb8u1 |
+ The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-8805 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-8804 |
+ High |
+ nettle:2.7.1-5 |
+ x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-8803 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2016-0728 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2013-7445 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-2059 |
+ High |
+ libidn:1.29-1 |
+ The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2015-8391 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2015-8395 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2015-8386 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2015-2328 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2015-8380 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2015-8390 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2015-8381 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2015-8394 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2015-8387 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2015-8392 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2016-3191 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2015-8389 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2015-8383 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2015-8385 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2015-2327 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2015-8384 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2015-8388 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2016-1283 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2014-9769 |
+ High |
+ pcre3:2:8.35-3.3 |
+ pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2015-5277 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2016-2856 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2015-8607 |
+ High |
+ perl:5.20.2-3+deb8u1 |
+ The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2015-5600 |
+ High |
+ openssh:1:6.7p1-5 |
+ The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2016-0728 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2013-7445 |
+ High |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2016-0494 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2015-4844 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2016-0799 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2016-0798 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2016-0705 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2016-2842 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2015-8805 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2015-8804 |
+ High |
+ nettle:2.7.1-5 |
+ x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2015-8803 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2015-2059 |
+ High |
+ libidn:1.29-1 |
+ The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2015-8391 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2015-8395 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2015-8386 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2015-2328 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2015-8380 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2015-8390 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2015-8381 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2015-8394 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2015-8387 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2015-8392 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2016-3191 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2015-8389 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2015-8383 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2015-8385 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2015-2327 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2015-8384 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2015-8388 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2016-1283 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2014-9769 |
+ High |
+ pcre3:2:8.35-3.3 |
+ pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2016-0799 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2016-0798 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2016-0705 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2016-2842 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2015-5277 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2016-2856 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2016-0494 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2015-4844 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2015-8805 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2015-8804 |
+ High |
+ nettle:2.7.1-5 |
+ x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2015-8803 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2015-5600 |
+ High |
+ openssh:1:6.7p1-5 |
+ The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2015-8607 |
+ High |
+ perl:5.20.2-3+deb8u1 |
+ The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2016-0494 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2015-4844 |
+ High |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2015-8391 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2015-8395 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2015-8386 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2015-2328 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2015-8380 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2015-8390 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2015-8381 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2015-8394 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2015-8387 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2015-8392 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2016-3191 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2015-8389 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2015-8383 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2015-8385 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2015-2327 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2015-8384 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2015-8388 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2016-1283 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2014-9769 |
+ High |
+ pcre3:2:8.35-3.3 |
+ pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2015-8607 |
+ High |
+ perl:5.20.2-3+deb8u1 |
+ The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2015-2059 |
+ High |
+ libidn:1.29-1 |
+ The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2016-0799 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2016-0798 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2016-0705 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2016-2842 |
+ High |
+ openssl:1.0.1k-3+deb8u2 |
+ The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2015-5277 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2016-2856 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2015-8805 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2015-8804 |
+ High |
+ nettle:2.7.1-5 |
+ x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2015-8803 |
+ High |
+ nettle:2.7.1-5 |
+ The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2015-8391 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280 |
+
+
+
+ | CVE-2015-8395 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392. |
+ sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280 |
+
+
+
+ | CVE-2015-8386 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280 |
+
+
+
+ | CVE-2015-2328 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280 |
+
+
+
+ | CVE-2015-8380 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280 |
+
+
+
+ | CVE-2015-8390 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280 |
+
+
+
+ | CVE-2015-8381 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280 |
+
+
+
+ | CVE-2015-8394 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280 |
+
+
+
+ | CVE-2015-8387 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280 |
+
+
+
+ | CVE-2015-8392 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395. |
+ sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280 |
+
+
+
+ | CVE-2016-3191 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. |
+ sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280 |
+
+
+
+ | CVE-2015-8389 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280 |
+
+
+
+ | CVE-2015-8383 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280 |
+
+
+
+ | CVE-2015-8385 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280 |
+
+
+
+ | CVE-2015-2327 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280 |
+
+
+
+ | CVE-2015-8384 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395. |
+ sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280 |
+
+
+
+ | CVE-2015-8388 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280 |
+
+
+
+ | CVE-2016-1283 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280 |
+
+
+
+ | CVE-2014-9769 |
+ High |
+ pcre3:2:8.35-3.3 |
+ pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset. |
+ sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280 |
+
+
+
+ | CVE-2015-5277 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database. |
+ sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280 |
+
+
+
+ | CVE-2016-2856 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option. |
+ sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280 |
+
+
+
+ | CVE-2015-8607 |
+ High |
+ perl:5.20.2-3+deb8u1 |
+ The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. |
+ sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280 |
+
+
+
+ | CVE-2015-8607 |
+ High |
+ perl:5.20.2-3+deb8u1 |
+ The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. |
+ sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e |
+
+
+
+ | CVE-2015-5277 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database. |
+ sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e |
+
+
+
+ | CVE-2016-2856 |
+ High |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option. |
+ sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e |
+
+
+
+ | CVE-2015-8391 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e |
+
+
+
+ | CVE-2015-8395 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392. |
+ sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e |
+
+
+
+ | CVE-2015-8386 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e |
+
+
+
+ | CVE-2015-2328 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e |
+
+
+
+ | CVE-2015-8380 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e |
+
+
+
+ | CVE-2015-8390 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e |
+
+
+
+ | CVE-2015-8381 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e |
+
+
+
+ | CVE-2015-8394 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e |
+
+
+
+ | CVE-2015-8387 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e |
+
+
+
+ | CVE-2015-8392 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395. |
+ sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e |
+
+
+
+ | CVE-2016-3191 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. |
+ sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e |
+
+
+
+ | CVE-2015-8389 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e |
+
+
+
+ | CVE-2015-8383 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e |
+
+
+
+ | CVE-2015-8385 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e |
+
+
+
+ | CVE-2015-2327 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e |
+
+
+
+ | CVE-2015-8384 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395. |
+ sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e |
+
+
+
+ | CVE-2015-8388 |
+ High |
+ pcre3:2:8.35-3.3 |
+ PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e |
+
+
+
+ | CVE-2016-1283 |
+ High |
+ pcre3:2:8.35-3.3 |
+ The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. |
+ sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e |
+
+
+
+ | CVE-2014-9769 |
+ High |
+ pcre3:2:8.35-3.3 |
+ pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset. |
+ sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e |
+
+
+
+ | CVE-2016-0777 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2016-0778 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2016-3115 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-5352 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-6564 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2014-8121 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-7547 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2011-3389 |
+ Medium |
+ gnutls28:3.3.8-6+deb8u3 |
+ The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2016-1978 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2016-1979 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-4000 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-7575 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2016-1950 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2016-1938 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-8382 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-8393 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2016-0797 |
+ Medium |
+ openssl:1.0.1k-3+deb8u2 |
+ Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-2632 |
+ Medium |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2016-0755 |
+ Medium |
+ curl:7.38.0-4+deb8u2 |
+ The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-5276 |
+ Medium |
+ gcc-4.9:4.9.2-10 |
+ The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-8767 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-7566 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2013-4312 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-8785 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2016-0723 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2016-0821 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-8631 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-2694 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-8630 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-3238 |
+ Medium |
+ pam:1.1.8-3.1 |
+ The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-3238 |
+ Medium |
+ pam:1.1.8-3.1 |
+ The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-5276 |
+ Medium |
+ gcc-4.9:4.9.2-10 |
+ The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2016-0777 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2016-0778 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2016-3115 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-5352 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-6564 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2011-3389 |
+ Medium |
+ gnutls28:3.3.8-6+deb8u3 |
+ The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2014-8121 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-7547 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-2632 |
+ Medium |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-8382 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-8393 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2016-0755 |
+ Medium |
+ curl:7.38.0-4+deb8u2 |
+ The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2016-1978 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2016-1979 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-4000 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-7575 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2016-1950 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2016-1938 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-8767 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-7566 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2013-4312 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-8785 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2016-0723 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2016-0821 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-8631 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-2694 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-8630 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2016-0797 |
+ Medium |
+ openssl:1.0.1k-3+deb8u2 |
+ Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-5276 |
+ Medium |
+ gcc-4.9:4.9.2-10 |
+ The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-2632 |
+ Medium |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2016-0777 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2016-0778 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2016-3115 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-5352 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-6564 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-8631 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-2694 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-8630 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-8767 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-7566 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2013-4312 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-8785 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2016-0723 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2016-0821 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2014-8121 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-7547 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2016-0755 |
+ Medium |
+ curl:7.38.0-4+deb8u2 |
+ The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2016-1978 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2016-1979 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-4000 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-7575 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2016-1950 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2016-1938 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-3238 |
+ Medium |
+ pam:1.1.8-3.1 |
+ The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2016-0797 |
+ Medium |
+ openssl:1.0.1k-3+deb8u2 |
+ Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-8382 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-8393 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2011-3389 |
+ Medium |
+ gnutls28:3.3.8-6+deb8u3 |
+ The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-3238 |
+ Medium |
+ pam:1.1.8-3.1 |
+ The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2016-1978 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2016-1979 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-4000 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-7575 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2016-1950 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2016-1938 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2011-3389 |
+ Medium |
+ gnutls28:3.3.8-6+deb8u3 |
+ The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-5276 |
+ Medium |
+ gcc-4.9:4.9.2-10 |
+ The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2014-8121 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-7547 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-8631 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-2694 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-8630 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-8382 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-8393 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2016-0797 |
+ Medium |
+ openssl:1.0.1k-3+deb8u2 |
+ Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2016-0777 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2016-0778 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2016-3115 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-5352 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-6564 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2016-0755 |
+ Medium |
+ curl:7.38.0-4+deb8u2 |
+ The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-2632 |
+ Medium |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-8767 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-7566 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2013-4312 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-8785 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2016-0723 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2016-0821 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-3238 |
+ Medium |
+ pam:1.1.8-3.1 |
+ The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-5276 |
+ Medium |
+ gcc-4.9:4.9.2-10 |
+ The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-8631 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-2694 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-8630 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2011-3389 |
+ Medium |
+ gnutls28:3.3.8-6+deb8u3 |
+ The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2016-0755 |
+ Medium |
+ curl:7.38.0-4+deb8u2 |
+ The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2016-0777 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2016-0778 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2016-3115 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-5352 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-6564 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2016-0797 |
+ Medium |
+ openssl:1.0.1k-3+deb8u2 |
+ Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-8382 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-8393 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2014-8121 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-7547 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2016-1978 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2016-1979 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-4000 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-7575 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2016-1950 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2016-1938 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-8767 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-7566 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2013-4312 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-8785 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2016-0723 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2016-0821 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-2632 |
+ Medium |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-3238 |
+ Medium |
+ pam:1.1.8-3.1 |
+ The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2011-3389 |
+ Medium |
+ gnutls28:3.3.8-6+deb8u3 |
+ The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2016-0797 |
+ Medium |
+ openssl:1.0.1k-3+deb8u2 |
+ Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-5276 |
+ Medium |
+ gcc-4.9:4.9.2-10 |
+ The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-8382 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-8393 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2016-0777 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2016-0778 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2016-3115 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-5352 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-6564 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2016-1978 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2016-1979 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-4000 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-7575 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2016-1950 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2016-1938 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-2632 |
+ Medium |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-8631 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-2694 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-8630 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-8767 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-7566 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2013-4312 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-8785 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2016-0723 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2016-0821 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2014-8121 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-7547 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2016-0755 |
+ Medium |
+ curl:7.38.0-4+deb8u2 |
+ The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-3238 |
+ Medium |
+ pam:1.1.8-3.1 |
+ The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-8767 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-7566 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2013-4312 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-8785 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2016-0723 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2016-0821 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-5276 |
+ Medium |
+ gcc-4.9:4.9.2-10 |
+ The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2016-0797 |
+ Medium |
+ openssl:1.0.1k-3+deb8u2 |
+ Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2014-8121 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-7547 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-2632 |
+ Medium |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-8382 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-8393 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2016-0777 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2016-0778 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2016-3115 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-5352 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-6564 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-8631 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-2694 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-8630 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2011-3389 |
+ Medium |
+ gnutls28:3.3.8-6+deb8u3 |
+ The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2016-1978 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2016-1979 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-4000 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-7575 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2016-1950 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2016-1938 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2016-0755 |
+ Medium |
+ curl:7.38.0-4+deb8u2 |
+ The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-2632 |
+ Medium |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2016-0777 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2016-0778 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2016-3115 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-5352 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-6564 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-3238 |
+ Medium |
+ pam:1.1.8-3.1 |
+ The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2016-0797 |
+ Medium |
+ openssl:1.0.1k-3+deb8u2 |
+ Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2014-8121 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-7547 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2016-0755 |
+ Medium |
+ curl:7.38.0-4+deb8u2 |
+ The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-8767 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-7566 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2013-4312 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-8785 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2016-0723 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2016-0821 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-5276 |
+ Medium |
+ gcc-4.9:4.9.2-10 |
+ The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2016-1978 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2016-1979 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-4000 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-7575 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2016-1950 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2016-1938 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-8382 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-8393 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-8631 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-2694 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-8630 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2011-3389 |
+ Medium |
+ gnutls28:3.3.8-6+deb8u3 |
+ The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-8767 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-7566 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2013-4312 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-8785 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2016-0723 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2016-0821 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-3238 |
+ Medium |
+ pam:1.1.8-3.1 |
+ The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2016-0777 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2016-0778 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2016-3115 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-5352 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-6564 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-2632 |
+ Medium |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2016-1978 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2016-1979 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-4000 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-7575 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2016-1950 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2016-1938 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2014-8121 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-7547 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2011-3389 |
+ Medium |
+ gnutls28:3.3.8-6+deb8u3 |
+ The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2016-0755 |
+ Medium |
+ curl:7.38.0-4+deb8u2 |
+ The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-8382 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-8393 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-5276 |
+ Medium |
+ gcc-4.9:4.9.2-10 |
+ The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-8631 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-2694 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-8630 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2016-0797 |
+ Medium |
+ openssl:1.0.1k-3+deb8u2 |
+ Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-2632 |
+ Medium |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2011-3389 |
+ Medium |
+ gnutls28:3.3.8-6+deb8u3 |
+ The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2016-1978 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2016-1979 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-4000 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-7575 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2016-1950 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2016-1938 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-8382 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-8393 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-8767 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-7566 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2013-4312 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-8785 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2016-0723 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2016-0821 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-3238 |
+ Medium |
+ pam:1.1.8-3.1 |
+ The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-5276 |
+ Medium |
+ gcc-4.9:4.9.2-10 |
+ The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2016-0755 |
+ Medium |
+ curl:7.38.0-4+deb8u2 |
+ The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-8631 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-2694 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-8630 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2014-8121 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-7547 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2016-0777 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2016-0778 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2016-3115 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-5352 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-6564 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2016-0797 |
+ Medium |
+ openssl:1.0.1k-3+deb8u2 |
+ Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2016-1978 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2016-1979 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-4000 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-7575 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2016-1950 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2016-1938 |
+ Medium |
+ nss:2:3.17.2-1.1+deb8u2 |
+ The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2014-8121 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-7547 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2016-0797 |
+ Medium |
+ openssl:1.0.1k-3+deb8u2 |
+ Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-8631 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-2694 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-8630 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2016-0777 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2016-0778 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2016-3115 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-5352 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-6564 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-5276 |
+ Medium |
+ gcc-4.9:4.9.2-10 |
+ The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-8382 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-8393 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-2632 |
+ Medium |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2011-3389 |
+ Medium |
+ gnutls28:3.3.8-6+deb8u3 |
+ The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-8767 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-7566 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2013-4312 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-8785 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2016-0723 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2016-0821 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-3238 |
+ Medium |
+ pam:1.1.8-3.1 |
+ The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2016-0755 |
+ Medium |
+ curl:7.38.0-4+deb8u2 |
+ The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2014-8121 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2015-7547 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2011-3389 |
+ Medium |
+ gnutls28:3.3.8-6+deb8u3 |
+ The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2016-0777 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2016-0778 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2016-3115 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2015-5352 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2015-6564 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2015-2632 |
+ Medium |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2015-8767 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2015-7566 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2013-4312 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2015-8785 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2016-0723 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2016-0821 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2016-0797 |
+ Medium |
+ openssl:1.0.1k-3+deb8u2 |
+ Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2015-3238 |
+ Medium |
+ pam:1.1.8-3.1 |
+ The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2015-5276 |
+ Medium |
+ gcc-4.9:4.9.2-10 |
+ The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2015-8631 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2015-2694 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2015-8630 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2016-0755 |
+ Medium |
+ curl:7.38.0-4+deb8u2 |
+ The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2015-8382 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2015-8393 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2015-8382 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2015-8393 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2011-3389 |
+ Medium |
+ gnutls28:3.3.8-6+deb8u3 |
+ The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2016-0777 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2016-0778 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2016-3115 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2015-5352 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2015-6564 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2015-8767 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2015-7566 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2013-4312 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2015-8785 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2016-0723 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2016-0821 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2014-8121 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2015-7547 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2015-8631 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2015-2694 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2015-8630 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2015-5276 |
+ Medium |
+ gcc-4.9:4.9.2-10 |
+ The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2015-3238 |
+ Medium |
+ pam:1.1.8-3.1 |
+ The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2016-0797 |
+ Medium |
+ openssl:1.0.1k-3+deb8u2 |
+ Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2016-0755 |
+ Medium |
+ curl:7.38.0-4+deb8u2 |
+ The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2015-2632 |
+ Medium |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2016-0755 |
+ Medium |
+ curl:7.38.0-4+deb8u2 |
+ The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-5276 |
+ Medium |
+ gcc-4.9:4.9.2-10 |
+ The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-2632 |
+ Medium |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2011-3389 |
+ Medium |
+ gnutls28:3.3.8-6+deb8u3 |
+ The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2016-0777 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2016-0778 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2016-3115 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-5352 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-6564 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2014-8121 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-7547 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-8767 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-7566 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2013-4312 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-8785 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2016-0723 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2016-0821 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2016-0797 |
+ Medium |
+ openssl:1.0.1k-3+deb8u2 |
+ Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-3238 |
+ Medium |
+ pam:1.1.8-3.1 |
+ The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-8631 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-2694 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-8630 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-8382 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-8393 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-3238 |
+ Medium |
+ pam:1.1.8-3.1 |
+ The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2015-8382 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2015-8393 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2016-0777 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2016-0778 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2016-3115 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2015-5352 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2015-6564 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2016-0755 |
+ Medium |
+ curl:7.38.0-4+deb8u2 |
+ The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2015-8631 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2015-2694 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2015-8630 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2011-3389 |
+ Medium |
+ gnutls28:3.3.8-6+deb8u3 |
+ The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2015-8767 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2015-7566 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2013-4312 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2015-8785 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2016-0723 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2016-0821 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2014-8121 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2015-7547 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2015-2632 |
+ Medium |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2016-0797 |
+ Medium |
+ openssl:1.0.1k-3+deb8u2 |
+ Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2015-5276 |
+ Medium |
+ gcc-4.9:4.9.2-10 |
+ The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2011-3389 |
+ Medium |
+ gnutls28:3.3.8-6+deb8u3 |
+ The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2016-0777 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2016-0778 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2016-3115 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2015-5352 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2015-6564 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2015-8631 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2015-2694 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2015-8630 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2015-2632 |
+ Medium |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2016-0797 |
+ Medium |
+ openssl:1.0.1k-3+deb8u2 |
+ Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2014-8121 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2015-7547 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2015-8767 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2015-7566 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2013-4312 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2015-8785 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2016-0723 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2016-0821 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2015-8382 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2015-8393 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2015-5276 |
+ Medium |
+ gcc-4.9:4.9.2-10 |
+ The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2015-3238 |
+ Medium |
+ pam:1.1.8-3.1 |
+ The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2016-0755 |
+ Medium |
+ curl:7.38.0-4+deb8u2 |
+ The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2015-5276 |
+ Medium |
+ gcc-4.9:4.9.2-10 |
+ The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2015-2632 |
+ Medium |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2015-3238 |
+ Medium |
+ pam:1.1.8-3.1 |
+ The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2015-8767 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2015-7566 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2013-4312 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2015-8785 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2016-0723 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2016-0821 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2015-8631 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2015-2694 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2015-8630 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2011-3389 |
+ Medium |
+ gnutls28:3.3.8-6+deb8u3 |
+ The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2014-8121 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2015-7547 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2016-0797 |
+ Medium |
+ openssl:1.0.1k-3+deb8u2 |
+ Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2015-8382 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2015-8393 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2016-0755 |
+ Medium |
+ curl:7.38.0-4+deb8u2 |
+ The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2016-0777 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2016-0778 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2016-3115 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2015-5352 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2015-6564 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2015-2632 |
+ Medium |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2011-3389 |
+ Medium |
+ gnutls28:3.3.8-6+deb8u3 |
+ The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2016-0755 |
+ Medium |
+ curl:7.38.0-4+deb8u2 |
+ The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2015-8631 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2015-2694 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2015-8630 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2015-5276 |
+ Medium |
+ gcc-4.9:4.9.2-10 |
+ The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2016-0777 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2016-0778 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2016-3115 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2015-5352 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2015-6564 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2015-8767 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2015-7566 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2013-4312 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2015-8785 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2016-0723 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2016-0821 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2015-8382 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2015-8393 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2016-0797 |
+ Medium |
+ openssl:1.0.1k-3+deb8u2 |
+ Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2014-8121 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2015-7547 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2015-3238 |
+ Medium |
+ pam:1.1.8-3.1 |
+ The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2015-8631 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2015-2694 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2015-8630 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2016-0777 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2016-0778 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2016-3115 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2015-5352 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2015-6564 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2014-8121 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2015-7547 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2015-5276 |
+ Medium |
+ gcc-4.9:4.9.2-10 |
+ The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2016-0755 |
+ Medium |
+ curl:7.38.0-4+deb8u2 |
+ The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2015-8767 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2015-7566 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2013-4312 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2015-8785 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2016-0723 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2016-0821 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2011-3389 |
+ Medium |
+ gnutls28:3.3.8-6+deb8u3 |
+ The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2015-3238 |
+ Medium |
+ pam:1.1.8-3.1 |
+ The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2015-2632 |
+ Medium |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2015-8382 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2015-8393 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2016-0797 |
+ Medium |
+ openssl:1.0.1k-3+deb8u2 |
+ Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2015-2632 |
+ Medium |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2011-3389 |
+ Medium |
+ gnutls28:3.3.8-6+deb8u3 |
+ The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2015-3238 |
+ Medium |
+ pam:1.1.8-3.1 |
+ The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2016-0777 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2016-0778 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2016-3115 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2015-5352 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2015-6564 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2015-8382 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2015-8393 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2015-8767 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2015-7566 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2013-4312 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2015-8785 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2016-0723 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2016-0821 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2015-8631 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2015-2694 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2015-8630 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2014-8121 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2015-7547 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2015-5276 |
+ Medium |
+ gcc-4.9:4.9.2-10 |
+ The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2016-0755 |
+ Medium |
+ curl:7.38.0-4+deb8u2 |
+ The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2016-0797 |
+ Medium |
+ openssl:1.0.1k-3+deb8u2 |
+ Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2016-0797 |
+ Medium |
+ openssl:1.0.1k-3+deb8u2 |
+ Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2016-0755 |
+ Medium |
+ curl:7.38.0-4+deb8u2 |
+ The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-3238 |
+ Medium |
+ pam:1.1.8-3.1 |
+ The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-8631 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-2694 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-8630 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-8382 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-8393 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-2632 |
+ Medium |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-5276 |
+ Medium |
+ gcc-4.9:4.9.2-10 |
+ The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2016-0777 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2016-0778 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2016-3115 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-5352 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-6564 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2014-8121 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-7547 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2011-3389 |
+ Medium |
+ gnutls28:3.3.8-6+deb8u3 |
+ The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-8767 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-7566 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2013-4312 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-8785 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2016-0723 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2016-0821 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-5276 |
+ Medium |
+ gcc-4.9:4.9.2-10 |
+ The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2015-8382 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2015-8393 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2014-8121 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2015-7547 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2011-3389 |
+ Medium |
+ gnutls28:3.3.8-6+deb8u3 |
+ The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2015-3238 |
+ Medium |
+ pam:1.1.8-3.1 |
+ The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2015-8631 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2015-2694 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2015-8630 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2016-0755 |
+ Medium |
+ curl:7.38.0-4+deb8u2 |
+ The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2016-0777 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2016-0778 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2016-3115 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2015-5352 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2015-6564 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2015-8767 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2015-7566 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2013-4312 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2015-8785 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2016-0723 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2016-0821 |
+ Medium |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2015-2632 |
+ Medium |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2016-0797 |
+ Medium |
+ openssl:1.0.1k-3+deb8u2 |
+ Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2016-0755 |
+ Medium |
+ curl:7.38.0-4+deb8u2 |
+ The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2015-3238 |
+ Medium |
+ pam:1.1.8-3.1 |
+ The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2015-8382 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2015-8393 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2011-3389 |
+ Medium |
+ gnutls28:3.3.8-6+deb8u3 |
+ The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2016-0797 |
+ Medium |
+ openssl:1.0.1k-3+deb8u2 |
+ Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2014-8121 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2015-7547 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2015-2632 |
+ Medium |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2015-5276 |
+ Medium |
+ gcc-4.9:4.9.2-10 |
+ The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2016-0777 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2016-0778 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2016-3115 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2015-5352 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2015-6564 |
+ Medium |
+ openssh:1:6.7p1-5 |
+ Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2015-8631 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2015-2694 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2015-8630 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2015-5276 |
+ Medium |
+ gcc-4.9:4.9.2-10 |
+ The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2011-3389 |
+ Medium |
+ gnutls28:3.3.8-6+deb8u3 |
+ The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2015-2632 |
+ Medium |
+ icu:52.1-8+deb8u3 |
+ Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2016-0755 |
+ Medium |
+ curl:7.38.0-4+deb8u2 |
+ The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2015-8382 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2015-8393 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2015-8631 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2015-2694 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2015-8630 |
+ Medium |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2015-3238 |
+ Medium |
+ pam:1.1.8-3.1 |
+ The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2016-0797 |
+ Medium |
+ openssl:1.0.1k-3+deb8u2 |
+ Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2014-8121 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2015-7547 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2015-3238 |
+ Medium |
+ pam:1.1.8-3.1 |
+ The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. |
+ sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280 |
+
+
+
+ | CVE-2015-5276 |
+ Medium |
+ gcc-4.9:4.9.2-10 |
+ The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. |
+ sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280 |
+
+
+
+ | CVE-2015-8382 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547. |
+ sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280 |
+
+
+
+ | CVE-2015-8393 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client. |
+ sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280 |
+
+
+
+ | CVE-2014-8121 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset. |
+ sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280 |
+
+
+
+ | CVE-2015-7547 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. |
+ sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280 |
+
+
+
+ | CVE-2014-8121 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset. |
+ sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e |
+
+
+
+ | CVE-2015-7547 |
+ Medium |
+ glibc:2.19-18+deb8u1 |
+ Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. |
+ sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e |
+
+
+
+ | CVE-2015-5276 |
+ Medium |
+ gcc-4.9:4.9.2-10 |
+ The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. |
+ sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e |
+
+
+
+ | CVE-2015-8382 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547. |
+ sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e |
+
+
+
+ | CVE-2015-8393 |
+ Medium |
+ pcre3:2:8.35-3.3 |
+ pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client. |
+ sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e |
+
+
+
+ | CVE-2015-3238 |
+ Medium |
+ pam:1.1.8-3.1 |
+ The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. |
+ sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e |
+
+
+
+ | CVE-2015-6563 |
+ Low |
+ openssh:1:6.7p1-5 |
+ The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-5180 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2013-2207 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-8777 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2016-0702 |
+ Low |
+ openssl:1.0.1k-3+deb8u2 |
+ The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2014-9717 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2016-3136 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2016-3140 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2016-3139 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2016-2185 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2016-0823 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2016-2186 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2016-3138 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2016-3137 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2016-2184 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-8629 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2016-3119 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. |
+ sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190 |
+
+
+
+ | CVE-2015-6563 |
+ Low |
+ openssh:1:6.7p1-5 |
+ The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-5180 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2013-2207 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-8777 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2014-9717 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2016-3136 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2016-3140 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2016-3139 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2016-2185 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2016-0823 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2016-2186 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2016-3138 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2016-3137 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2016-2184 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-8629 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2016-3119 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2016-0702 |
+ Low |
+ openssl:1.0.1k-3+deb8u2 |
+ The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack. |
+ sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56 |
+
+
+
+ | CVE-2015-6563 |
+ Low |
+ openssh:1:6.7p1-5 |
+ The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-8629 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2016-3119 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2014-9717 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2016-3136 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2016-3140 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2016-3139 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2016-2185 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2016-0823 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2016-2186 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2016-3138 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2016-3137 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2016-2184 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-5180 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2013-2207 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-8777 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2016-0702 |
+ Low |
+ openssl:1.0.1k-3+deb8u2 |
+ The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack. |
+ sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d |
+
+
+
+ | CVE-2015-5180 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2013-2207 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-8777 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-8629 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2016-3119 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2016-0702 |
+ Low |
+ openssl:1.0.1k-3+deb8u2 |
+ The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-6563 |
+ Low |
+ openssh:1:6.7p1-5 |
+ The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2014-9717 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2016-3136 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2016-3140 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2016-3139 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2016-2185 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2016-0823 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721. |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2016-2186 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2016-3138 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2016-3137 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2016-2184 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31 |
+
+
+
+ | CVE-2015-8629 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2016-3119 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-6563 |
+ Low |
+ openssh:1:6.7p1-5 |
+ The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2016-0702 |
+ Low |
+ openssl:1.0.1k-3+deb8u2 |
+ The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-5180 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2013-2207 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2015-8777 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2014-9717 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2016-3136 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2016-3140 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2016-3139 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2016-2185 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2016-0823 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721. |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2016-2186 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2016-3138 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2016-3137 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2016-2184 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e |
+
+
+
+ | CVE-2016-0702 |
+ Low |
+ openssl:1.0.1k-3+deb8u2 |
+ The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-6563 |
+ Low |
+ openssh:1:6.7p1-5 |
+ The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-8629 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2016-3119 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2014-9717 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2016-3136 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2016-3140 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2016-3139 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2016-2185 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2016-0823 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2016-2186 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2016-3138 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2016-3137 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2016-2184 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-5180 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2013-2207 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2015-8777 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. |
+ sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57 |
+
+
+
+ | CVE-2014-9717 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2016-3136 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2016-3140 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2016-3139 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2016-2185 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2016-0823 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2016-2186 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2016-3138 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2016-3137 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2016-2184 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2016-0702 |
+ Low |
+ openssl:1.0.1k-3+deb8u2 |
+ The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-5180 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2013-2207 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-8777 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-6563 |
+ Low |
+ openssh:1:6.7p1-5 |
+ The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-8629 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2016-3119 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. |
+ sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599 |
+
+
+
+ | CVE-2015-6563 |
+ Low |
+ openssh:1:6.7p1-5 |
+ The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2016-0702 |
+ Low |
+ openssl:1.0.1k-3+deb8u2 |
+ The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-5180 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2013-2207 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-8777 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2014-9717 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2016-3136 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2016-3140 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2016-3139 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2016-2185 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2016-0823 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2016-2186 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2016-3138 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2016-3137 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2016-2184 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2015-8629 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2016-3119 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. |
+ sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6 |
+
+
+
+ | CVE-2014-9717 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2016-3136 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2016-3140 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2016-3139 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2016-2185 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2016-0823 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2016-2186 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2016-3138 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2016-3137 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2016-2184 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-6563 |
+ Low |
+ openssh:1:6.7p1-5 |
+ The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-5180 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2013-2207 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-8777 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2015-8629 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2016-3119 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2016-0702 |
+ Low |
+ openssl:1.0.1k-3+deb8u2 |
+ The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack. |
+ sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1 |
+
+
+
+ | CVE-2014-9717 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2016-3136 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2016-3140 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2016-3139 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2016-2185 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2016-0823 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2016-2186 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2016-3138 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2016-3137 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2016-2184 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-8629 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2016-3119 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-5180 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2013-2207 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-8777 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-6563 |
+ Low |
+ openssh:1:6.7p1-5 |
+ The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2016-0702 |
+ Low |
+ openssl:1.0.1k-3+deb8u2 |
+ The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack. |
+ sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e |
+
+
+
+ | CVE-2015-5180 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2013-2207 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-8777 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2016-0702 |
+ Low |
+ openssl:1.0.1k-3+deb8u2 |
+ The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-8629 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2016-3119 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-6563 |
+ Low |
+ openssh:1:6.7p1-5 |
+ The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2014-9717 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2016-3136 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2016-3140 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2016-3139 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2016-2185 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2016-0823 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721. |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2016-2186 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2016-3138 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2016-3137 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2016-2184 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35 |
+
+
+
+ | CVE-2015-5180 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2013-2207 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2015-8777 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2015-6563 |
+ Low |
+ openssh:1:6.7p1-5 |
+ The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2014-9717 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2016-3136 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2016-3140 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2016-3139 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2016-2185 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2016-0823 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2016-2186 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2016-3138 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2016-3137 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2016-2184 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2016-0702 |
+ Low |
+ openssl:1.0.1k-3+deb8u2 |
+ The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2015-8629 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2016-3119 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. |
+ sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499 |
+
+
+
+ | CVE-2015-6563 |
+ Low |
+ openssh:1:6.7p1-5 |
+ The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2014-9717 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2016-3136 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2016-3140 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2016-3139 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2016-2185 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2016-0823 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2016-2186 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2016-3138 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2016-3137 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2016-2184 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2015-5180 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2013-2207 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2015-8777 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2015-8629 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2016-3119 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2016-0702 |
+ Low |
+ openssl:1.0.1k-3+deb8u2 |
+ The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack. |
+ sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565 |
+
+
+
+ | CVE-2015-6563 |
+ Low |
+ openssh:1:6.7p1-5 |
+ The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-5180 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2013-2207 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-8777 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2014-9717 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2016-3136 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2016-3140 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2016-3139 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2016-2185 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2016-0823 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2016-2186 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2016-3138 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2016-3137 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2016-2184 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2016-0702 |
+ Low |
+ openssl:1.0.1k-3+deb8u2 |
+ The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-8629 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2016-3119 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. |
+ sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015 |
+
+
+
+ | CVE-2015-6563 |
+ Low |
+ openssh:1:6.7p1-5 |
+ The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2015-8629 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2016-3119 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2014-9717 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2016-3136 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2016-3140 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2016-3139 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2016-2185 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2016-0823 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2016-2186 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2016-3138 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2016-3137 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2016-2184 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2015-5180 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2013-2207 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2015-8777 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2016-0702 |
+ Low |
+ openssl:1.0.1k-3+deb8u2 |
+ The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack. |
+ sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba |
+
+
+
+ | CVE-2015-6563 |
+ Low |
+ openssh:1:6.7p1-5 |
+ The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2015-8629 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2016-3119 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2016-0702 |
+ Low |
+ openssl:1.0.1k-3+deb8u2 |
+ The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2015-5180 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2013-2207 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2015-8777 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2014-9717 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2016-3136 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2016-3140 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2016-3139 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2016-2185 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2016-0823 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721. |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2016-2186 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2016-3138 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2016-3137 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2016-2184 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1 |
+
+
+
+ | CVE-2014-9717 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2016-3136 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2016-3140 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2016-3139 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2016-2185 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2016-0823 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2016-2186 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2016-3138 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2016-3137 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2016-2184 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2015-8629 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2016-3119 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2015-5180 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2013-2207 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2015-8777 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2016-0702 |
+ Low |
+ openssl:1.0.1k-3+deb8u2 |
+ The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2015-6563 |
+ Low |
+ openssh:1:6.7p1-5 |
+ The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. |
+ sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b |
+
+
+
+ | CVE-2015-8629 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2016-3119 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2015-6563 |
+ Low |
+ openssh:1:6.7p1-5 |
+ The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2014-9717 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2016-3136 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2016-3140 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2016-3139 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2016-2185 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2016-0823 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2016-2186 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2016-3138 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2016-3137 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2016-2184 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2016-0702 |
+ Low |
+ openssl:1.0.1k-3+deb8u2 |
+ The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2015-5180 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2013-2207 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2015-8777 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. |
+ sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841 |
+
+
+
+ | CVE-2015-8629 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2016-3119 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2015-6563 |
+ Low |
+ openssh:1:6.7p1-5 |
+ The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2015-5180 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2013-2207 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2015-8777 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2014-9717 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2016-3136 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2016-3140 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2016-3139 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2016-2185 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2016-0823 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2016-2186 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2016-3138 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2016-3137 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2016-2184 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2016-0702 |
+ Low |
+ openssl:1.0.1k-3+deb8u2 |
+ The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack. |
+ sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b |
+
+
+
+ | CVE-2015-6563 |
+ Low |
+ openssh:1:6.7p1-5 |
+ The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2014-9717 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2016-3136 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2016-3140 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2016-3139 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2016-2185 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2016-0823 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2016-2186 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2016-3138 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2016-3137 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2016-2184 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2015-8629 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2016-3119 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2015-5180 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2013-2207 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2015-8777 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2016-0702 |
+ Low |
+ openssl:1.0.1k-3+deb8u2 |
+ The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack. |
+ sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc |
+
+
+
+ | CVE-2016-0702 |
+ Low |
+ openssl:1.0.1k-3+deb8u2 |
+ The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-8629 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2016-3119 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-6563 |
+ Low |
+ openssh:1:6.7p1-5 |
+ The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-5180 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2013-2207 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-8777 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2014-9717 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2016-3136 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2016-3140 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2016-3139 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2016-2185 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2016-0823 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721. |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2016-2186 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2016-3138 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2016-3137 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2016-2184 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5 |
+
+
+
+ | CVE-2015-5180 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2013-2207 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2015-8777 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2015-8629 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2016-3119 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2015-6563 |
+ Low |
+ openssh:1:6.7p1-5 |
+ The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2014-9717 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2016-3136 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2016-3140 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2016-3139 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2016-2185 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2016-0823 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2016-2186 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2016-3138 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2016-3137 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2016-2184 |
+ Low |
+ linux:3.16.7-ckt20-1+deb8u2 |
+ |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2016-0702 |
+ Low |
+ openssl:1.0.1k-3+deb8u2 |
+ The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack. |
+ sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d |
+
+
+
+ | CVE-2016-0702 |
+ Low |
+ openssl:1.0.1k-3+deb8u2 |
+ The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2015-5180 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2013-2207 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2015-8777 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2015-6563 |
+ Low |
+ openssh:1:6.7p1-5 |
+ The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2015-8629 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2016-3119 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. |
+ sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4 |
+
+
+
+ | CVE-2015-8629 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2016-3119 |
+ Low |
+ krb5:1.12.1+dfsg-19+deb8u1 |
+ The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2016-0702 |
+ Low |
+ openssl:1.0.1k-3+deb8u2 |
+ The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2015-5180 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2013-2207 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2015-8777 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. |
+ sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62 |
+
+
+
+ | CVE-2015-5180 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ |
+ sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280 |
+
+
+
+ | CVE-2013-2207 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. |
+ sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280 |
+
+
+
+ | CVE-2015-8777 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. |
+ sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280 |
+
+
+
+ | CVE-2015-5180 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ |
+ sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e |
+
+
+
+ | CVE-2013-2207 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. |
+ sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e |
+
+
+
+ | CVE-2015-8777 |
+ Low |
+ glibc:2.19-18+deb8u1 |
+ The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. |
+ sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e |
+
+
+
+