From 3083a891e03d73a79e8bc3e51fbfabf96ddb64a8 Mon Sep 17 00:00:00 2001 From: jgsqware Date: Mon, 2 May 2016 18:23:38 +0200 Subject: [PATCH] copy hyperclair to clairctl and rename package --- .gitignore | 1 + cmd/clairctl/.travis.yml | 19 + cmd/clairctl/LICENSE | 21 + cmd/clairctl/README.md | 85 + cmd/clairctl/VERSION | 1 + cmd/clairctl/clair/analyse.go | 39 + cmd/clairctl/clair/clair.go | 289 + cmd/clairctl/clair/clair_test.go | 129 + cmd/clairctl/clair/errors.go | 13 + cmd/clairctl/clair/go-bindata | 0 cmd/clairctl/clair/health.go | 26 + cmd/clairctl/clair/push.go | 52 + cmd/clairctl/clair/report.go | 32 + cmd/clairctl/clair/report_test.go | 31 + cmd/clairctl/clair/samples/clair_report.json | 1580 + cmd/clairctl/clair/templates.go | 260 + .../clair/templates/analysis-template.1.html | 100 + .../clair/templates/analysis-template.html | 420 + cmd/clairctl/clair/versions.go | 32 + cmd/clairctl/cmd/analyse.go | 82 + cmd/clairctl/cmd/health.go | 39 + cmd/clairctl/cmd/login.go | 124 + cmd/clairctl/cmd/login_test.go | 59 + cmd/clairctl/cmd/logout.go | 55 + cmd/clairctl/cmd/pull.go | 63 + cmd/clairctl/cmd/push.go | 87 + cmd/clairctl/cmd/report.go | 88 + cmd/clairctl/cmd/root.go | 56 + cmd/clairctl/cmd/version.go | 37 + cmd/clairctl/config/config.go | 216 + cmd/clairctl/config/config_test.go | 123 + cmd/clairctl/contrib/.hyperclair.yml | 8 + cmd/clairctl/contrib/Dockerfile | 5 + cmd/clairctl/contrib/README.md | 17 + .../auth_server/config/auth_config.yml | 29 + .../contrib/auth_server/ssl/old/server.key | 28 + .../contrib/auth_server/ssl/old/server.pem | 21 + .../contrib/auth_server/ssl/server.key | 28 + .../contrib/auth_server/ssl/server.pem | 21 + cmd/clairctl/contrib/config/clair.yml | 73 + cmd/clairctl/contrib/docker-compose.yml | 89 + cmd/clairctl/database/database.go | 28 + cmd/clairctl/database/database_test.go | 28 + cmd/clairctl/docker/analyse.go | 32 + cmd/clairctl/docker/auth.go | 89 + cmd/clairctl/docker/httpclient/httpclient.go | 24 + cmd/clairctl/docker/image.go | 108 + cmd/clairctl/docker/image_test.go | 78 + cmd/clairctl/docker/local.go | 171 + cmd/clairctl/docker/login.go | 47 + cmd/clairctl/docker/pull.go | 88 + cmd/clairctl/docker/push.go | 68 + cmd/clairctl/hyperclair.yml.default | 8 + cmd/clairctl/main.go | 21 + .../html/analysis-jgsqware-clair-latest.html | 102919 +++++++++++++++ cmd/clairctl/reports/html/report-sample.html | 2925 + .../analysis-jgsqware-ubuntu-git-latest.json | 1580 + .../server/reverseProxy/reverseProxy.go | 245 + cmd/clairctl/server/server.go | 69 + cmd/clairctl/test/test.go | 36 + cmd/clairctl/xerrors/xerrors.go | 11 + cmd/clairctl/xstrings/xstrings.go | 29 + cmd/clairctl/xstrings/xstrings_test.go | 27 + 63 files changed, 113109 insertions(+) create mode 100644 .gitignore create mode 100644 cmd/clairctl/.travis.yml create mode 100644 cmd/clairctl/LICENSE create mode 100644 cmd/clairctl/README.md create mode 100644 cmd/clairctl/VERSION create mode 100644 cmd/clairctl/clair/analyse.go create mode 100644 cmd/clairctl/clair/clair.go create mode 100644 cmd/clairctl/clair/clair_test.go create mode 100644 cmd/clairctl/clair/errors.go create mode 100644 cmd/clairctl/clair/go-bindata create mode 100644 cmd/clairctl/clair/health.go create mode 100644 cmd/clairctl/clair/push.go create mode 100644 cmd/clairctl/clair/report.go create mode 100644 cmd/clairctl/clair/report_test.go create mode 100644 cmd/clairctl/clair/samples/clair_report.json create mode 100644 cmd/clairctl/clair/templates.go create mode 100644 cmd/clairctl/clair/templates/analysis-template.1.html create mode 100644 cmd/clairctl/clair/templates/analysis-template.html create mode 100644 cmd/clairctl/clair/versions.go create mode 100644 cmd/clairctl/cmd/analyse.go create mode 100644 cmd/clairctl/cmd/health.go create mode 100644 cmd/clairctl/cmd/login.go create mode 100644 cmd/clairctl/cmd/login_test.go create mode 100644 cmd/clairctl/cmd/logout.go create mode 100644 cmd/clairctl/cmd/pull.go create mode 100644 cmd/clairctl/cmd/push.go create mode 100644 cmd/clairctl/cmd/report.go create mode 100644 cmd/clairctl/cmd/root.go create mode 100644 cmd/clairctl/cmd/version.go create mode 100644 cmd/clairctl/config/config.go create mode 100644 cmd/clairctl/config/config_test.go create mode 100644 cmd/clairctl/contrib/.hyperclair.yml create mode 100644 cmd/clairctl/contrib/Dockerfile create mode 100644 cmd/clairctl/contrib/README.md create mode 100644 cmd/clairctl/contrib/auth_server/config/auth_config.yml create mode 100644 cmd/clairctl/contrib/auth_server/ssl/old/server.key create mode 100644 cmd/clairctl/contrib/auth_server/ssl/old/server.pem create mode 100644 cmd/clairctl/contrib/auth_server/ssl/server.key create mode 100644 cmd/clairctl/contrib/auth_server/ssl/server.pem create mode 100644 cmd/clairctl/contrib/config/clair.yml create mode 100644 cmd/clairctl/contrib/docker-compose.yml create mode 100644 cmd/clairctl/database/database.go create mode 100644 cmd/clairctl/database/database_test.go create mode 100644 cmd/clairctl/docker/analyse.go create mode 100644 cmd/clairctl/docker/auth.go create mode 100644 cmd/clairctl/docker/httpclient/httpclient.go create mode 100644 cmd/clairctl/docker/image.go create mode 100644 cmd/clairctl/docker/image_test.go create mode 100644 cmd/clairctl/docker/local.go create mode 100644 cmd/clairctl/docker/login.go create mode 100644 cmd/clairctl/docker/pull.go create mode 100644 cmd/clairctl/docker/push.go create mode 100644 cmd/clairctl/hyperclair.yml.default create mode 100644 cmd/clairctl/main.go create mode 100644 cmd/clairctl/reports/html/analysis-jgsqware-clair-latest.html create mode 100644 cmd/clairctl/reports/html/report-sample.html create mode 100644 cmd/clairctl/reports/json/analysis-jgsqware-ubuntu-git-latest.json create mode 100644 cmd/clairctl/server/reverseProxy/reverseProxy.go create mode 100644 cmd/clairctl/server/server.go create mode 100644 cmd/clairctl/test/test.go create mode 100644 cmd/clairctl/xerrors/xerrors.go create mode 100644 cmd/clairctl/xstrings/xstrings.go create mode 100644 cmd/clairctl/xstrings/xstrings_test.go diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..6537faba --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +**/.vscode \ No newline at end of file diff --git a/cmd/clairctl/.travis.yml b/cmd/clairctl/.travis.yml new file mode 100644 index 00000000..07f85b38 --- /dev/null +++ b/cmd/clairctl/.travis.yml @@ -0,0 +1,19 @@ +language: go +go: +- 1.5 +install: +- go get -d -v ./... +- go build -ldflags "-X github.com/coreos/clair/cmd/clairctl/cmd.version=$(cat VERSION)" -v +deploy: + provider: releases + api_key: + secure: SPeZzw212p/0iYPLVWUkLq226j19oWHBogHIlbKzkp8zNk7tdJEHMthAhka1zxS5afr+JWu3BBdduPHbnvvpXtv2axsrCXVsW7jPEcxXgfM3m/YSxQwjsGojMG318nX/E5ApY8eDhiZuHoTAP67DJZEoLteV5GKvNk7np74bMNexBxCPDIbXepBbjrEqxrUG/uVDFrmFf0LlCKVGxALK42uriaDM1tPGDy0+7zX7a3RqG9J4ROmZCQNzd9+rcur4DndrxYPCvJK3awUwXL5XzdRed24m5S8IG6Q/gMMUhUVECMNZ6/Z+KZ4CKqcQ9e9NvOtHYvO0OtPNrd4/HajZpUpfO008imSj6/g9NxdC6hJYvyK/HuRv5DsLgZukyvwroVSM5rC77FJeOmoLXfEBHo7E16I5XKGcp31NoCv5kdQuaHLxkBZk43CcnT/rraQ8cjCQAERQEh6u0fidyOvZ4vkTW30/c6H25zDejCzDcx1oHL4O8QwJwMfRSifSA8vk81saOurmQeviZK1UkpeWLxMYLpFZ8vN9kK/2Nn24ud9DN7N8bqGob13I8lJ69j9xcXuq/86vITziESZCHaYs2Hw1vSHD8vpkQxu8aSYqPXgwAKDwV9JkGV1/kcUdwpOlD/xkKunluu8Mf5K2JSm9G8xWr6foOibKsuHDn0nH+jY= + file: hyperclair + skip_cleanup: true + on: + repo: wemanity-belgium/hyperclair + tags: true + branch: master +env: + global: + secure: QpHC0r/d3sUNZ4Tisu7IjRnE+exzUUdTRlWUvvepWA2/wdsvsh9IFKmPgHvmt/V46RtByc52HVwE/uE6gF8eVhRs4L4DP/gSi0TxmfNi2m+6EdL1MmFvdIVGfPZDDbFnNNXpWcNJGv5/UDJ8eke003Mtm7/qQfJqH3UzxoWnTrvsA7IHbhxomgsHOFqHU+e6fmaQ3q7neUJEci2HSPLehl11yBwMcsYyFjeW+33GVQeI0m2j1TrcldG3KN63tszIx7tHXTUrIK369nrndLjYWnc7Hi+k6Uc8vPh111/hLBG4UtxffP+/DTkhEtzxDNn3hn4zSKTMIyeKA/UhnySYchzDYOdVZoM0oVxAkbTcdTPWCxS75W1u3AW3QAGxScNEqmy5enrW+kGyRpd1zIRJ1qS2tHAVmos8N6bl5Rp9UJF5UITr9/DyQS93O9DOSY5Z6UVGI5J+MlG89Nr4XJ5NW4ak5yC5fc+9IwM58VMk8ULS3I0g/YBWsWRWHGZrHurnvcGbiXHk5S+anQsiYUV8n3OUa67ai7Duil3qiPklEhHeFZzmXrJMvLdeVxywfvIfKzSEGqDrUYw3hO9pkMzLxDQfvaNzAHWZGJ970N7apX2pnAUgPDsNb8cOnbDSjX36FICAiUZlrkpsz6O6h3Fm/2t/HDCyYH7gf6eJXypUOYc= diff --git a/cmd/clairctl/LICENSE b/cmd/clairctl/LICENSE new file mode 100644 index 00000000..e181acdd --- /dev/null +++ b/cmd/clairctl/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2016 wemanity-belgium + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/cmd/clairctl/README.md b/cmd/clairctl/README.md new file mode 100644 index 00000000..f1215aa6 --- /dev/null +++ b/cmd/clairctl/README.md @@ -0,0 +1,85 @@ + + +# hyperclair + +[![Build Status](https://travis-ci.org/wemanity-belgium/hyperclair.svg?branch=develop)](https://travis-ci.org/wemanity-belgium/hyperclair) [![Join the chat at https://gitter.im/wemanity-belgium/hyperclair](https://badges.gitter.im/wemanity-belgium/hyperclair.svg)](https://gitter.im/wemanity-belgium/hyperclair?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) + +> Tracking container vulnerabilities, that's should be *Hyperclair* + +Tracking vulnerabilities in your container images, it's easy with CoreOS Clair. +Integrate it inside your CI/CD pipeline is easier with Hyperclair. + +Hyperclair is a lightweight command-line tool doing the bridge between Registries as Docker Hub, Docker Registry or Quay.io, and the CoreOS vulnerability tracker, Clair. +It's easily integrated in your CI/CD pipeline and Hyperclair will play as reverse proxy for authentication. + + +> The Registry is a stateless, highly scalable server side application that stores and lets you distribute Docker images. The Registry is open-source, under the permissive Apache license. +> +>*From https://docs.docker.com/registry/* + +> Clair is a container vulnerability analysis service. It provides a list of vulnerabilities that threaten a container, and can notify users when new vulnerabilities that affect existing containers become known. +> +>*From https://github.com/coreos/clair* + +hyperclair is tool to make the link between the Docker Registry and the CoreOS Clair tool. + +![hyperclair](https://cloud.githubusercontent.com/assets/3304363/14174675/348bc190-f746-11e5-9edd-9e736ec38b0e.png) + +# Usage + +[![asciicast](https://asciinema.org/a/41461.png)](https://asciinema.org/a/41461) + +# Notification +2. On-Demand: the CLI tool is used to pull image from Registry then push it to Clair + +# Reporting + +**hyperclair** get vulnerabilities report from Clair and generate HTML report + +hyperclair can be used for Docker Hub and self-hosted Registry + +# Command + +``` +Analyse your docker image with Clair, directly from your registry. + +Usage: + hyperclair [command] + +Available Commands: + analyse Analyse Docker image + health Get Health of Hyperclair and underlying services + login Log in to a Docker registry + logout Log out from a Docker registry + pull Pull Docker image information + push Push Docker image to Clair + report Generate Docker Image vulnerabilities report + version Get Versions of Hyperclair and underlying services + +Flags: + --config string config file (default is ./.hyperclair.yml) + --log-level string log level [Panic,Fatal,Error,Warn,Info,Debug] + +Use "hyperclair [command] --help" for more information about a command. +``` + +# Optional Configuration + +```yaml +clair: + port: 6060 + healthPort: 6061 + uri: http://clair + priority: Low + report: + path: ./reports + format: html +``` + +# Remarks + +1. Analyzing Official Docker image is disallowed. You cannot pull layers from image you don't own. + +# Contribution and Test + +Go to /contrib folder diff --git a/cmd/clairctl/VERSION b/cmd/clairctl/VERSION new file mode 100644 index 00000000..1d0ba9ea --- /dev/null +++ b/cmd/clairctl/VERSION @@ -0,0 +1 @@ +0.4.0 diff --git a/cmd/clairctl/clair/analyse.go b/cmd/clairctl/clair/analyse.go new file mode 100644 index 00000000..058d9cc5 --- /dev/null +++ b/cmd/clairctl/clair/analyse.go @@ -0,0 +1,39 @@ +package clair + +import ( + "encoding/json" + "fmt" + "io/ioutil" + "net/http" + + "github.com/coreos/clair/api/v1" +) + +//Analyse get Analysis os specified layer +func Analyse(id string) (v1.LayerEnvelope, error) { + + lURI := fmt.Sprintf("%v/layers/%v?vulnerabilities", uri, id) + // lURI := fmt.Sprintf("%v/layers/%v/vulnerabilities?minimumPriority=%v", uri, id, priority) + response, err := http.Get(lURI) + if err != nil { + return v1.LayerEnvelope{}, fmt.Errorf("analysing layer %v: %v", id, err) + } + defer response.Body.Close() + + body, err := ioutil.ReadAll(response.Body) + + if err != nil { + return v1.LayerEnvelope{}, fmt.Errorf("reading layer analysis: %v", err) + } + if response.StatusCode != 200 { + return v1.LayerEnvelope{}, fmt.Errorf("%d - %s", response.StatusCode, string(body)) + } + + var analysis v1.LayerEnvelope + + err = json.Unmarshal(body, &analysis) + if err != nil { + return v1.LayerEnvelope{}, fmt.Errorf("unmarshalling layer analysis: %v", err) + } + return analysis, nil +} diff --git a/cmd/clairctl/clair/clair.go b/cmd/clairctl/clair/clair.go new file mode 100644 index 00000000..6ea0c732 --- /dev/null +++ b/cmd/clairctl/clair/clair.go @@ -0,0 +1,289 @@ +package clair + +import ( + "strconv" + "strings" + "math" + "sort" + + "github.com/coreos/clair/api/v1" + "github.com/spf13/viper" + "github.com/coreos/clair/cmd/clairctl/xstrings" +) + +var uri string +var priority string +var healthPort int + +//Report Reporting Config value +var Report ReportConfig + +//VulnerabiliesCounts Total count of vulnerabilities +type VulnerabiliesCounts struct { + Total int + High int + Medium int + Low int + Negligible int +} + +//RelativeCount get the percentage of vulnerabilities of a severity +func (vulnerabilityCount VulnerabiliesCounts) RelativeCount(severity string) float64 { + var count int + + switch severity { + case "High": + count = vulnerabilityCount.High + case "Medium": + count = vulnerabilityCount.Medium + case "Low": + count = vulnerabilityCount.Low + } + + return math.Ceil(float64(count) / float64(vulnerabilityCount.Total) * 100 * 100) / 100 +} + +//ImageAnalysis Full image analysis +type ImageAnalysis struct { + Registry string + ImageName string + Tag string + Layers []v1.LayerEnvelope +} + +func (imageAnalysis ImageAnalysis) String() string { + return imageAnalysis.Registry + "/" + imageAnalysis.ImageName + ":" + imageAnalysis.Tag +} + +func (imageAnalysis ImageAnalysis) ShortName(l v1.Layer) string { + return xstrings.Substr(l.Name, 0, 12) +} + +// CountVulnerabilities counts all image vulnerability +func (imageAnalysis ImageAnalysis) CountVulnerabilities(l v1.Layer) int { + count := 0 + for _, f := range l.Features { + count += len(f.Vulnerabilities) + } + return count +} + +// CountAllVulnerabilities Total count of vulnerabilities +func (imageAnalysis ImageAnalysis) CountAllVulnerabilities() VulnerabiliesCounts { + var result VulnerabiliesCounts; + result.Total = 0 + result.High = 0 + result.Medium = 0 + result.Low = 0 + result.Negligible = 0 + + for _, l := range imageAnalysis.Layers { + for _, f := range l.Layer.Features { + result.Total += len(f.Vulnerabilities) + for _, v := range f.Vulnerabilities { + switch v.Severity { + case "High": + result.High++ + case "Medium": + result.Medium++ + case "Low": + result.Low++ + case "Negligible": + result.Negligible++ + } + } + } + } + + return result; +} + +// Vulnerability : A vulnerability inteface +type Vulnerability struct { + Name, Severity, IntroduceBy, Description, Link, Layer string +} + +// Weight get the weight of the vulnerability according to its Severity +func (v Vulnerability) Weight() int { + weight := 0 + + switch v.Severity { + case "High": + weight = 4 + case "Medium": + weight = 3 + case "Low": + weight = 2 + case "Negligible": + weight = 1 + } + + return weight +} + +// Layer : A layer inteface +type Layer struct { + Name string + Path string + Namespace string + Features []Feature +} + +// Feature : A feature inteface +type Feature struct { + Name string + Version string + Vulnerabilities []Vulnerability +} + +// Status give the healthy / unhealthy statut of a feature +func (feature Feature) Status() bool { + return len(feature.Vulnerabilities) == 0; +} + +// Weight git the weight of a featrure according to its vulnerabilities +func (feature Feature) Weight() int { + weight := 0 + + for _, v := range feature.Vulnerabilities { + weight += v.Weight() + } + + return weight +} + +// VulnerabilitiesBySeverity sorting vulnerabilities by severity +type VulnerabilitiesBySeverity []Vulnerability + +func (a VulnerabilitiesBySeverity) Len() int { return len(a) } +func (a VulnerabilitiesBySeverity) Swap(i, j int) { a[i], a[j] = a[j], a[i] } +func (a VulnerabilitiesBySeverity) Less(i, j int) bool { + return a[i].Weight() > a[j].Weight() +} + +// LayerByVulnerabilities sorting of layers by global vulnerability +type LayerByVulnerabilities []Layer + +func (a LayerByVulnerabilities) Len() int { return len(a) } +func (a LayerByVulnerabilities) Swap(i, j int) { a[i], a[j] = a[j], a[i] } +func (a LayerByVulnerabilities) Less(i, j int) bool { + firstVulnerabilities := 0 + secondVulnerabilities := 0 + + for _, l := range a[i].Features { + firstVulnerabilities = firstVulnerabilities + l.Weight() + } + + for _ , l := range a[j].Features { + secondVulnerabilities = secondVulnerabilities + l.Weight() + } + + return firstVulnerabilities > secondVulnerabilities +} + +// FeatureByVulnerabilities sorting off features by vulnerabilities +type FeatureByVulnerabilities []Feature + +func (a FeatureByVulnerabilities) Len() int { return len(a) } +func (a FeatureByVulnerabilities) Swap(i, j int) { a[i], a[j] = a[j], a[i] } + +func (a FeatureByVulnerabilities) Less(i, j int) bool { + return a[i].Weight() > a[j].Weight() +} + +// SortLayers give layers ordered by vulnerability algorithm +func (imageAnalysis ImageAnalysis) SortLayers() []Layer { + layers := []Layer{} + + for _, l := range imageAnalysis.Layers { + features := []Feature{} + + for _, f := range l.Layer.Features { + vulnerabilities := []Vulnerability{} + + for _, v := range f.Vulnerabilities { + nv := Vulnerability{ + Name: v.Name, + Severity: v.Severity, + IntroduceBy: f.Name + ":" + f.Version, + Description: v.Description, + Layer: l.Layer.Name, + Link: v.Link, + } + + vulnerabilities = append(vulnerabilities, nv); + } + + sort.Sort(VulnerabilitiesBySeverity(vulnerabilities)) + + nf := Feature{ + Name: f.Name, + Version: f.Version, + Vulnerabilities: vulnerabilities, + } + + features = append(features, nf); + } + + sort.Sort(FeatureByVulnerabilities(features)) + + nl := Layer{ + Name: l.Layer.Name, + Path: l.Layer.Path, + Features: features, + } + layers = append(layers, nl); + } + + sort.Sort(LayerByVulnerabilities(layers)); + + return layers; +} + +// SortVulnerabilities get all vulnerabilities sorted by Severity +func (imageAnalysis ImageAnalysis) SortVulnerabilities() []Vulnerability { + vulnerabilities := []Vulnerability{} + + // there should be a better method, but I don't know how to easlily concert []v1.Vulnerability to [Vulnerability] + for _, l := range imageAnalysis.Layers { + for _, f := range l.Layer.Features { + for _, v := range f.Vulnerabilities { + nv := Vulnerability{ + Name: v.Name, + Severity: v.Severity, + IntroduceBy: f.Name + ":" + f.Version, + Description: v.Description, + Layer: l.Layer.Name, + } + + vulnerabilities = append(vulnerabilities, nv) + } + } + } + + sort.Sort(VulnerabilitiesBySeverity(vulnerabilities)); + + return vulnerabilities +} + +func fmtURI(u string, port int) { + uri = u + if port != 0 { + uri += ":" + strconv.Itoa(port) + } + if !strings.HasSuffix(uri, "/v1") { + uri += "/v1" + } + if !strings.HasPrefix(uri, "http://") && !strings.HasPrefix(uri, "https://") { + uri = "http://" + uri + } +} + +//Config configure Clair from configFile +func Config() { + fmtURI(viper.GetString("clair.uri"), viper.GetInt("clair.port")) + priority = viper.GetString("clair.priority") + healthPort = viper.GetInt("clair.healthPort") + Report.Path = viper.GetString("clair.report.path") + Report.Format = viper.GetString("clair.report.format") +} diff --git a/cmd/clairctl/clair/clair_test.go b/cmd/clairctl/clair/clair_test.go new file mode 100644 index 00000000..7a5944a0 --- /dev/null +++ b/cmd/clairctl/clair/clair_test.go @@ -0,0 +1,129 @@ +package clair + +import ( + "net/http" + "net/http/httptest" + "testing" + "encoding/json" + "io/ioutil" + "fmt" +) + +func getSampleAnalysis() []byte { + file, err := ioutil.ReadFile("./samples/clair_report.json") + + if err != nil { + fmt.Printf("File error: %v\n", err) + } + + return file; +} + +func newServer(httpStatus int) *httptest.Server { + return httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(httpStatus) + })) +} + +func TestIsHealthy(t *testing.T) { + server := newServer(http.StatusOK) + defer server.Close() + uri = server.URL + if h := IsHealthy(); !h { + t.Errorf("IsHealthy() => %v, want %v", h, true) + } +} + +func TestIsNotHealthy(t *testing.T) { + server := newServer(http.StatusInternalServerError) + defer server.Close() + uri = server.URL + if h := IsHealthy(); h { + t.Errorf("IsHealthy() => %v, want %v", h, true) + } +} + +func TestCountAllVulnerabilities(t *testing.T) { + + var analysis ImageAnalysis + err := json.Unmarshal([]byte(getSampleAnalysis()), &analysis) + + if err != nil { + t.Errorf("Failing with error: %v", err) + } + + vulnerabilitiesCount := analysis.CountAllVulnerabilities() + + if vulnerabilitiesCount.Total != 77 { + t.Errorf("analysis.CountAllVulnerabilities().Total => %v, want 77", vulnerabilitiesCount.Total) + } + + if vulnerabilitiesCount.High != 1 { + t.Errorf("analysis.CountAllVulnerabilities().High => %v, want 1", vulnerabilitiesCount.High) + } + + if vulnerabilitiesCount.Medium != 18 { + t.Errorf("analysis.CountAllVulnerabilities().Medium => %v, want 18", vulnerabilitiesCount.Medium) + } + + if vulnerabilitiesCount.Low != 57 { + t.Errorf("analysis.CountAllVulnerabilities().Low => %v, want 57", vulnerabilitiesCount.Low) + } + if vulnerabilitiesCount.Negligible != 1 { + t.Errorf("analysis.CountAllVulnerabilities().Negligible => %v, want 1", vulnerabilitiesCount.Negligible) + } +} + +func TestRelativeCount(t *testing.T) { + var analysis ImageAnalysis + err := json.Unmarshal([]byte(getSampleAnalysis()), &analysis) + + if err != nil { + t.Errorf("Failing with error: %v", err) + } + + vulnerabilitiesCount := analysis.CountAllVulnerabilities() + + if (vulnerabilitiesCount.RelativeCount("High") != 1.3) { + t.Errorf("analysis.CountAllVulnerabilities().RelativeCount(\"High\") => %v, want 1.3", vulnerabilitiesCount.RelativeCount("High")) + } + + if (vulnerabilitiesCount.RelativeCount("Medium") != 23.38) { + t.Errorf("analysis.CountAllVulnerabilities().RelativeCount(\"Medium\") => %v, want 23.38", vulnerabilitiesCount.RelativeCount("Medium")) + } + + if (vulnerabilitiesCount.RelativeCount("Low") != 74.03) { + t.Errorf("analysis.CountAllVulnerabilities().RelativeCount(\"Low\") => %v, want 74.03", vulnerabilitiesCount.RelativeCount("Low")) + } +} + +func TestFeatureWeight(t *testing.T) { + feature := Feature{ + Vulnerabilities: []Vulnerability{}, + } + + v1 := Vulnerability{ + Severity: "High", + } + + v2 := Vulnerability{ + Severity: "Medium", + } + + v3 := Vulnerability{ + Severity: "Low", + } + + v4 := Vulnerability{ + Severity: "Negligible", + } + + feature.Vulnerabilities = append(feature.Vulnerabilities, v1) + feature.Vulnerabilities = append(feature.Vulnerabilities, v2) + feature.Vulnerabilities = append(feature.Vulnerabilities, v3) + feature.Vulnerabilities = append(feature.Vulnerabilities, v4) + + if (feature.Weight() != 10) { + t.Errorf("feature.Weigh => %v, want 6", feature.Weight()) + } +} diff --git a/cmd/clairctl/clair/errors.go b/cmd/clairctl/clair/errors.go new file mode 100644 index 00000000..83036a94 --- /dev/null +++ b/cmd/clairctl/clair/errors.go @@ -0,0 +1,13 @@ +package clair + +import "errors" + +const oSNotSupportedValue = "worker: OS and/or package manager are not supported" + +var ( + OSNotSupported = errors.New(oSNotSupportedValue) +) + +type LayerError struct { + Message string +} diff --git a/cmd/clairctl/clair/go-bindata b/cmd/clairctl/clair/go-bindata new file mode 100644 index 00000000..e69de29b diff --git a/cmd/clairctl/clair/health.go b/cmd/clairctl/clair/health.go new file mode 100644 index 00000000..33315bcd --- /dev/null +++ b/cmd/clairctl/clair/health.go @@ -0,0 +1,26 @@ +package clair + +import ( + "fmt" + "net/http" + "os" + "strconv" + "strings" +) + +func IsHealthy() bool { + healthURI := strings.Replace(uri, "6060/v1", strconv.Itoa(healthPort), 1) + "/health" + response, err := http.Get(healthURI) + if err != nil { + + fmt.Fprintf(os.Stderr, "requesting Clair health: %v", err) + return false + } + defer response.Body.Close() + + if response.StatusCode != http.StatusOK { + return false + } + + return true +} diff --git a/cmd/clairctl/clair/push.go b/cmd/clairctl/clair/push.go new file mode 100644 index 00000000..9a80edf4 --- /dev/null +++ b/cmd/clairctl/clair/push.go @@ -0,0 +1,52 @@ +package clair + +import ( + "bytes" + "encoding/json" + "fmt" + "io/ioutil" + "net/http" + + "github.com/coreos/clair/api/v1" +) + +//Push send a layer to Clair for analysis +func Push(layer v1.LayerEnvelope) error { + lJSON, err := json.Marshal(layer) + if err != nil { + return fmt.Errorf("marshalling layer: %v", err) + } + + lURI := fmt.Sprintf("%v/layers", uri) + request, err := http.NewRequest("POST", lURI, bytes.NewBuffer(lJSON)) + if err != nil { + return fmt.Errorf("creating 'add layer' request: %v", err) + } + request.Header.Set("Content-Type", "application/json") + + response, err := (&http.Client{}).Do(request) + if err != nil { + return fmt.Errorf("pushing layer to clair: %v", err) + } + defer response.Body.Close() + + if response.StatusCode != 201 { + if response.StatusCode == 422 { + return OSNotSupported + } + + body, err := ioutil.ReadAll(response.Body) + if err != nil { + return fmt.Errorf("reading 'add layer' response : %v", err) + } + var lErr LayerError + err = json.Unmarshal(body, &lErr) + + if err != nil { + return fmt.Errorf("unmarshalling 'add layer' error message: %v", err) + } + return fmt.Errorf("%d - %s", response.StatusCode, string(body)) + } + + return nil +} diff --git a/cmd/clairctl/clair/report.go b/cmd/clairctl/clair/report.go new file mode 100644 index 00000000..4b8d6d07 --- /dev/null +++ b/cmd/clairctl/clair/report.go @@ -0,0 +1,32 @@ +package clair + +import ( + "bytes" + "fmt" + "text/template" +) + +//go:generate go-bindata -pkg clair -o templates.go templates/... + +//ReportConfig Reporting configuration +type ReportConfig struct { + Path string + Format string +} + +//ReportAsHTML report analysis as HTML +func ReportAsHTML(analyses ImageAnalysis) (string, error) { + asset, err := Asset("templates/analysis-template.html") + if err != nil { + return "", fmt.Errorf("accessing template: %v", err) + } + + templte := template.Must(template.New("analysis-template").Parse(string(asset))) + + var doc bytes.Buffer + err = templte.Execute(&doc, analyses) + if err != nil { + return "", fmt.Errorf("rendering HTML report: %v", err) + } + return doc.String(), nil +} diff --git a/cmd/clairctl/clair/report_test.go b/cmd/clairctl/clair/report_test.go new file mode 100644 index 00000000..31ea0845 --- /dev/null +++ b/cmd/clairctl/clair/report_test.go @@ -0,0 +1,31 @@ +package clair + +import ( + "encoding/json" + "io/ioutil" + "log" + "os" + "testing" + "fmt" +) + +func TestReportAsHtml(t *testing.T) { + var analysis ImageAnalysis + err := json.Unmarshal([]byte(getSampleAnalysis()), &analysis) + + if err != nil { + t.Errorf("Failing with error: %v", err) + } + + html, err := ReportAsHTML(analysis) + if err != nil { + log.Fatal(err) + } + + fmt.Println(os.TempDir()+"/hyperclair-html-report.html") + + err = ioutil.WriteFile(os.TempDir()+"/hyperclair-html-report.html", []byte(html), 0700) + if err != nil { + log.Fatal(err) + } +} diff --git a/cmd/clairctl/clair/samples/clair_report.json b/cmd/clairctl/clair/samples/clair_report.json new file mode 100644 index 00000000..1497cb58 --- /dev/null +++ b/cmd/clairctl/clair/samples/clair_report.json @@ -0,0 +1,1580 @@ +{ + "Registry": "registry:5000", + "ImageName": "jgsqware/ubuntu-git", + "Tag": "latest", + "Layers": [ + { + "Layer": { + "Name": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845", + "Namespace": "ubuntu:14.04", + "ParentName": "sha256:9e0bc8a71bde464f710bc2b593a1fc21521517671e918687892303151331fa56", + "IndexedByVersion": 2, + "Features": [ + { + "Name": "sudo", + "Namespace": "ubuntu:14.04", + "Version": "1.8.9p5-1ubuntu1.2", + "Vulnerabilities": [ + { + "Name": "CVE-2015-8239", + "Namespace": "ubuntu:14.04", + "Description": "race condition checking digests/checksums in sudoers", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8239", + "Severity": "Medium" + }, + { + "Name": "CVE-2015-5602", + "Namespace": "ubuntu:14.04", + "Description": "sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by \"/home/*/*/file.txt.\"", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-5602", + "Severity": "Medium" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libtext-soundex-perl", + "Namespace": "ubuntu:14.04", + "Version": "3.4-1build1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "dash", + "Namespace": "ubuntu:14.04", + "Version": "0.5.7-4ubuntu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "eject", + "Namespace": "ubuntu:14.04", + "Version": "2.1.5+deb1+cvs20081104-13.1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "gcc-4.8", + "Namespace": "ubuntu:14.04", + "Version": "4.8.4-2ubuntu1~14.04", + "Vulnerabilities": [ + { + "Name": "CVE-2014-5044", + "Namespace": "ubuntu:14.04", + "Description": "Array memory allocations could cause an integer overflow and thus memory overflow issues at runtime.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-5044", + "Severity": "Low" + }, + { + "Name": "CVE-2015-5276", + "Namespace": "ubuntu:14.04", + "Description": "The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-5276", + "Severity": "Low" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "lvm2", + "Namespace": "ubuntu:14.04", + "Version": "2.02.98-6ubuntu2", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "net-tools", + "Namespace": "ubuntu:14.04", + "Version": "1.60-25ubuntu2.1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libsepol", + "Namespace": "ubuntu:14.04", + "Version": "2.2-1ubuntu0.1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libtext-charwidth-perl", + "Namespace": "ubuntu:14.04", + "Version": "0.04-7build3", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "cdebconf", + "Namespace": "ubuntu:14.04", + "Version": "0.187ubuntu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "vim", + "Namespace": "ubuntu:14.04", + "Version": "2:7.4.052-1ubuntu3", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "attr", + "Namespace": "ubuntu:14.04", + "Version": "1:2.4.47-1ubuntu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "gnutls26", + "Namespace": "ubuntu:14.04", + "Version": "2.12.23-12ubuntu2.3", + "Vulnerabilities": [ + { + "Name": "CVE-2015-7575", + "Namespace": "ubuntu:14.04", + "Description": "Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-7575", + "Severity": "Medium", + "FixedBy": "2.12.23-12ubuntu2.4" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "python3.4", + "Namespace": "ubuntu:14.04", + "Version": "3.4.3-1ubuntu1~14.04.3", + "Vulnerabilities": [ + { + "Name": "CVE-2014-2667", + "Namespace": "ubuntu:14.04", + "Description": "Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-2667", + "Severity": "Low" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "logrotate", + "Namespace": "ubuntu:14.04", + "Version": "3.8.7-1ubuntu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "adduser", + "Namespace": "ubuntu:14.04", + "Version": "3.113+nmu3ubuntu3", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "base-passwd", + "Namespace": "ubuntu:14.04", + "Version": "3.5.33", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "grep", + "Namespace": "ubuntu:14.04", + "Version": "2.16-1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "dpkg", + "Namespace": "ubuntu:14.04", + "Version": "1.17.5ubuntu5.5", + "Vulnerabilities": [ + { + "Name": "CVE-2014-8625", + "Namespace": "ubuntu:14.04", + "Description": "Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-8625", + "Severity": "Low" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "ustr", + "Namespace": "ubuntu:14.04", + "Version": "1.0.4-3ubuntu2", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "db5.3", + "Namespace": "ubuntu:14.04", + "Version": "5.3.28-3ubuntu3", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libtext-iconv-perl", + "Namespace": "ubuntu:14.04", + "Version": "1.7-5build2", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "gccgo-4.9", + "Namespace": "ubuntu:14.04", + "Version": "4.9.1-0ubuntu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "xz-utils", + "Namespace": "ubuntu:14.04", + "Version": "5.1.1alpha+20120614-2ubuntu2", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "netcat-openbsd", + "Namespace": "ubuntu:14.04", + "Version": "1.105-7ubuntu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "coreutils", + "Namespace": "ubuntu:14.04", + "Version": "8.21-1ubuntu5.3", + "Vulnerabilities": [ + { + "Name": "CVE-2015-1865", + "Namespace": "ubuntu:14.04", + "Description": "\"time of check to time of use\" race condition fts.c", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-1865", + "Severity": "Low" + }, + { + "Name": "CVE-2016-2781", + "Namespace": "ubuntu:14.04", + "Description": "nonpriv session can escape to the parent session by using the TIOCSTI ioctl", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2781", + "Severity": "Medium" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "cpio", + "Namespace": "ubuntu:14.04", + "Version": "2.11+dfsg-1ubuntu1.1", + "Vulnerabilities": [ + { + "Name": "CVE-2016-2037", + "Namespace": "ubuntu:14.04", + "Description": "The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2037", + "Severity": "Medium", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 4.3, + "Vectors": "AV:N/AC:M/Au:N/C:N/I:N" + } + } + }, + "FixedBy": "2.11+dfsg-1ubuntu1.2" + }, + { + "Name": "CVE-2015-1197", + "Namespace": "ubuntu:14.04", + "Description": "cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-1197", + "Severity": "Low", + "FixedBy": "2.11+dfsg-1ubuntu1.2" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "tar", + "Namespace": "ubuntu:14.04", + "Version": "1.27.1-1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libffi", + "Namespace": "ubuntu:14.04", + "Version": "3.1~rc1+r3.0.13-12ubuntu0.1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libgcrypt11", + "Namespace": "ubuntu:14.04", + "Version": "1.5.3-2ubuntu4.2", + "Vulnerabilities": [ + { + "Name": "CVE-2015-7511", + "Namespace": "ubuntu:14.04", + "Description": "ECDH Key-Extraction via Low-Bandwidth Electromagnetic Attacks on PCs", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-7511", + "Severity": "Medium", + "FixedBy": "1.5.3-2ubuntu4.3" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "findutils", + "Namespace": "ubuntu:14.04", + "Version": "4.4.2-7", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "gzip", + "Namespace": "ubuntu:14.04", + "Version": "1.6-3ubuntu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "klibc", + "Namespace": "ubuntu:14.04", + "Version": "2.0.3-0ubuntu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "gnupg", + "Namespace": "ubuntu:14.04", + "Version": "1.4.16-1ubuntu2.3", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "readline6", + "Namespace": "ubuntu:14.04", + "Version": "6.3-4ubuntu2", + "Vulnerabilities": [ + { + "Name": "CVE-2014-2524", + "Namespace": "ubuntu:14.04", + "Description": "The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-2524", + "Severity": "Low" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "lockfile-progs", + "Namespace": "ubuntu:14.04", + "Version": "0.1.17", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "fribidi", + "Namespace": "ubuntu:14.04", + "Version": "0.19.6-1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "json-c", + "Namespace": "ubuntu:14.04", + "Version": "0.11-3ubuntu1.2", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "sysvinit", + "Namespace": "ubuntu:14.04", + "Version": "2.88dsf-41ubuntu6.2", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "base-files", + "Namespace": "ubuntu:14.04", + "Version": "7.2ubuntu5.3", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "ifupdown", + "Namespace": "ubuntu:14.04", + "Version": "0.7.47.2ubuntu4.1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "resolvconf", + "Namespace": "ubuntu:14.04", + "Version": "1.69ubuntu1.1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "bash", + "Namespace": "ubuntu:14.04", + "Version": "4.3-7ubuntu1.5", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "console-setup", + "Namespace": "ubuntu:14.04", + "Version": "1.70ubuntu8", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "pcre3", + "Namespace": "ubuntu:14.04", + "Version": "1:8.31-2ubuntu2.1", + "Vulnerabilities": [ + { + "Name": "CVE-2015-2328", + "Namespace": "ubuntu:14.04", + "Description": "PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-2328", + "Severity": "Low", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 7.5, + "Vectors": "AV:N/AC:L/Au:N/C:P/I:P" + } + } + } + }, + { + "Name": "CVE-2016-3191", + "Namespace": "ubuntu:14.04", + "Description": "The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-3191", + "Severity": "Medium", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 7.5, + "Vectors": "AV:N/AC:L/Au:N/C:P/I:P" + } + } + } + }, + { + "Name": "CVE-2015-8394", + "Namespace": "ubuntu:14.04", + "Description": "PCRE before 8.38 mishandles the (?(\u003cdigits\u003e) and (?(R\u003cdigits\u003e) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8394", + "Severity": "Low", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 7.5, + "Vectors": "AV:N/AC:L/Au:N/C:P/I:P" + } + } + } + }, + { + "Name": "CVE-2015-8391", + "Namespace": "ubuntu:14.04", + "Description": "The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8391", + "Severity": "Low", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 9, + "Vectors": "AV:N/AC:L/Au:N/C:P/I:P" + } + } + } + }, + { + "Name": "CVE-2015-8390", + "Namespace": "ubuntu:14.04", + "Description": "PCRE before 8.38 mishandles the [: and \\\\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8390", + "Severity": "Low", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 7.5, + "Vectors": "AV:N/AC:L/Au:N/C:P/I:P" + } + } + } + }, + { + "Name": "CVE-2015-8382", + "Namespace": "ubuntu:14.04", + "Description": "The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8382", + "Severity": "Low", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 6.4, + "Vectors": "AV:N/AC:L/Au:N/C:P/I:N" + } + } + } + }, + { + "Name": "CVE-2015-8387", + "Namespace": "ubuntu:14.04", + "Description": "PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8387", + "Severity": "Low", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 7.5, + "Vectors": "AV:N/AC:L/Au:N/C:P/I:P" + } + } + } + }, + { + "Name": "CVE-2015-8393", + "Namespace": "ubuntu:14.04", + "Description": "pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8393", + "Severity": "Low", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 5, + "Vectors": "AV:N/AC:L/Au:N/C:P/I:N" + } + } + } + }, + { + "Name": "CVE-2015-8386", + "Namespace": "ubuntu:14.04", + "Description": "PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8386", + "Severity": "Low", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 7.5, + "Vectors": "AV:N/AC:L/Au:N/C:P/I:P" + } + } + } + }, + { + "Name": "CVE-2015-8380", + "Namespace": "ubuntu:14.04", + "Description": "The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \\01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8380", + "Severity": "Low", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 7.5, + "Vectors": "AV:N/AC:L/Au:N/C:P/I:P" + } + } + } + }, + { + "Name": "CVE-2015-8385", + "Namespace": "ubuntu:14.04", + "Description": "PCRE before 8.38 mishandles the /(?|(\\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8385", + "Severity": "Low", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 7.5, + "Vectors": "AV:N/AC:L/Au:N/C:P/I:P" + } + } + } + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libsemanage", + "Namespace": "ubuntu:14.04", + "Version": "2.2-1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "gdbm", + "Namespace": "ubuntu:14.04", + "Version": "1.8.3-12build1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "xkeyboard-config", + "Namespace": "ubuntu:14.04", + "Version": "2.10.1-1ubuntu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "ncurses", + "Namespace": "ubuntu:14.04", + "Version": "5.9+20140118-1ubuntu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "python3-defaults", + "Namespace": "ubuntu:14.04", + "Version": "3.4.0-0ubuntu2", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libarchive-extract-perl", + "Namespace": "ubuntu:14.04", + "Version": "0.70-1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "iproute2", + "Namespace": "ubuntu:14.04", + "Version": "3.12.0-2ubuntu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "liblocale-gettext-perl", + "Namespace": "ubuntu:14.04", + "Version": "1.05-7build3", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "mawk", + "Namespace": "ubuntu:14.04", + "Version": "1.3.3-17ubuntu2", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "expat", + "Namespace": "ubuntu:14.04", + "Version": "2.1.0-4ubuntu1.1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libcap2", + "Namespace": "ubuntu:14.04", + "Version": "1:2.24-0ubuntu2", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "initramfs-tools", + "Namespace": "ubuntu:14.04", + "Version": "0.103ubuntu4.2", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libestr", + "Namespace": "ubuntu:14.04", + "Version": "0.1.9-0ubuntu2", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libtext-wrapi18n-perl", + "Namespace": "ubuntu:14.04", + "Version": "0.06-7", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "debianutils", + "Namespace": "ubuntu:14.04", + "Version": "4.4", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "insserv", + "Namespace": "ubuntu:14.04", + "Version": "1.14.0-5ubuntu2", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "slang2", + "Namespace": "ubuntu:14.04", + "Version": "2.2.4-15ubuntu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "systemd", + "Namespace": "ubuntu:14.04", + "Version": "204-5ubuntu20.15", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "upstart", + "Namespace": "ubuntu:14.04", + "Version": "1.12.1-0ubuntu4.2", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "kbd", + "Namespace": "ubuntu:14.04", + "Version": "1.15.5-1ubuntu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "busybox", + "Namespace": "ubuntu:14.04", + "Version": "1:1.21.0-1ubuntu1", + "Vulnerabilities": [ + { + "Name": "CVE-2014-9645", + "Namespace": "ubuntu:14.04", + "Description": "modprobe wrongly accepts paths as module names", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-9645", + "Severity": "Low" + }, + { + "Name": "CVE-2011-5325", + "Namespace": "ubuntu:14.04", + "Description": "path traversal vulnerability in busybox tar", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2011-5325", + "Severity": "Medium" + }, + { + "Name": "CVE-2016-2147", + "Namespace": "ubuntu:14.04", + "Description": "OOB heap write due to integer underflow", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2147", + "Severity": "Low" + }, + { + "Name": "CVE-2016-2148", + "Namespace": "ubuntu:14.04", + "Description": "heap overflow in OPTION_6RD parsing", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2148", + "Severity": "Low" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "eglibc", + "Namespace": "ubuntu:14.04", + "Version": "2.19-0ubuntu6.6", + "Vulnerabilities": [ + { + "Name": "CVE-2015-8778", + "Namespace": "ubuntu:14.04", + "Description": "hcreate((size_t)-1) should fail with ENOMEM", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8778", + "Severity": "Low" + }, + { + "Name": "CVE-2014-9761", + "Namespace": "ubuntu:14.04", + "Description": "nan function unbounded stack allocation", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-9761", + "Severity": "Low" + }, + { + "Name": "CVE-2015-5180", + "Namespace": "ubuntu:14.04", + "Description": "DNS resolver NULL pointer dereference with crafted record type", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-5180", + "Severity": "Low" + }, + { + "Name": "CVE-2013-2207", + "Namespace": "ubuntu:14.04", + "Description": "pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2013-2207", + "Severity": "Low" + }, + { + "Name": "CVE-2015-8776", + "Namespace": "ubuntu:14.04", + "Description": "Passing out of range data to strftime() causes a segfault", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8776", + "Severity": "Low" + }, + { + "Name": "CVE-2015-8779", + "Namespace": "ubuntu:14.04", + "Description": "catopen() Multiple unbounded stack allocations", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8779", + "Severity": "Low" + }, + { + "Name": "CVE-2015-5277", + "Namespace": "ubuntu:14.04", + "Description": "The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-5277", + "Severity": "Medium" + }, + { + "Name": "CVE-2015-7547", + "Namespace": "ubuntu:14.04", + "Description": "Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing \"dual A/AAAA DNS queries\" and the libnss_dns.so.2 NSS module.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-7547", + "Severity": "High", + "FixedBy": "2.19-0ubuntu6.7" + }, + { + "Name": "CVE-2014-8121", + "Namespace": "ubuntu:14.04", + "Description": "DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-8121", + "Severity": "Low" + }, + { + "Name": "CVE-2015-1781", + "Namespace": "ubuntu:14.04", + "Description": "Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-1781", + "Severity": "Low" + }, + { + "Name": "CVE-2016-1234", + "Namespace": "ubuntu:14.04", + "Description": "glob: buffer overflow with GLOB_ALTDIRFUNC due to incorrect NAME_MAX limit assumption", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-1234", + "Severity": "Medium" + }, + { + "Name": "CVE-2015-8777", + "Namespace": "ubuntu:14.04", + "Description": "The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8777", + "Severity": "Low" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "hostname", + "Namespace": "ubuntu:14.04", + "Version": "3.15ubuntu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "bzip2", + "Namespace": "ubuntu:14.04", + "Version": "1.0.6-5", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libnih", + "Namespace": "ubuntu:14.04", + "Version": "1.0.3-4ubuntu25", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "mpdecimal", + "Namespace": "ubuntu:14.04", + "Version": "2.4.0-6", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "openssl", + "Namespace": "ubuntu:14.04", + "Version": "1.0.1f-1ubuntu2.16", + "Vulnerabilities": [ + { + "Name": "CVE-2016-0797", + "Namespace": "ubuntu:14.04", + "Description": "Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-0797", + "Severity": "Low", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 5, + "Vectors": "AV:N/AC:L/Au:N/C:N/I:N" + } + } + }, + "FixedBy": "1.0.1f-1ubuntu2.18" + }, + { + "Name": "CVE-2016-2842", + "Namespace": "ubuntu:14.04", + "Description": "The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2842", + "Severity": "Medium", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 10, + "Vectors": "AV:N/AC:L/Au:N/C:C/I:C" + } + } + }, + "FixedBy": "1.0.1f-1ubuntu2.18" + }, + { + "Name": "CVE-2016-0702", + "Namespace": "ubuntu:14.04", + "Description": "The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a \"CacheBleed\" attack.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-0702", + "Severity": "Low", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 1.9, + "Vectors": "AV:L/AC:M/Au:N/C:P/I:N" + } + } + }, + "FixedBy": "1.0.1f-1ubuntu2.18" + }, + { + "Name": "CVE-2016-0705", + "Namespace": "ubuntu:14.04", + "Description": "Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-0705", + "Severity": "Low", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 10, + "Vectors": "AV:N/AC:L/Au:N/C:C/I:C" + } + } + }, + "FixedBy": "1.0.1f-1ubuntu2.18" + }, + { + "Name": "CVE-2016-0798", + "Namespace": "ubuntu:14.04", + "Description": "Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-0798", + "Severity": "Low", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 7.8, + "Vectors": "AV:N/AC:L/Au:N/C:N/I:N" + } + } + }, + "FixedBy": "1.0.1f-1ubuntu2.18" + }, + { + "Name": "CVE-2016-0799", + "Namespace": "ubuntu:14.04", + "Description": "The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-0799", + "Severity": "Low", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 10, + "Vectors": "AV:N/AC:L/Au:N/C:C/I:C" + } + } + }, + "FixedBy": "1.0.1f-1ubuntu2.18" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "diffutils", + "Namespace": "ubuntu:14.04", + "Version": "1:3.3-1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "apt", + "Namespace": "ubuntu:14.04", + "Version": "1.0.1ubuntu2.10", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "debconf", + "Namespace": "ubuntu:14.04", + "Version": "1.5.51ubuntu2", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "ubuntu-meta", + "Namespace": "ubuntu:14.04", + "Version": "1.325", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "rsyslog", + "Namespace": "ubuntu:14.04", + "Version": "7.4.4-1ubuntu2.6", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "dh-python", + "Namespace": "ubuntu:14.04", + "Version": "1.20140128-1ubuntu8.2", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libpng", + "Namespace": "ubuntu:14.04", + "Version": "1.2.50-1ubuntu2.14.04.1", + "Vulnerabilities": [ + { + "Name": "CVE-2015-8540", + "Namespace": "ubuntu:14.04", + "Description": "underflow read in png_check_keyword in pngwutil.c", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8540", + "Severity": "Medium", + "FixedBy": "1.2.50-1ubuntu2.14.04.2" + }, + { + "Name": "CVE-2015-8472", + "Namespace": "ubuntu:14.04", + "Description": "Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8472", + "Severity": "Medium", + "FixedBy": "1.2.50-1ubuntu2.14.04.2" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libmodule-pluggable-perl", + "Namespace": "ubuntu:14.04", + "Version": "5.1-1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "mountall", + "Namespace": "ubuntu:14.04", + "Version": "2.53", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "cron", + "Namespace": "ubuntu:14.04", + "Version": "3.0pl1-124ubuntu2", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "acl", + "Namespace": "ubuntu:14.04", + "Version": "2.2.52-1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libdrm", + "Namespace": "ubuntu:14.04", + "Version": "2.4.60-2~ubuntu14.04.1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "util-linux", + "Namespace": "ubuntu:14.04", + "Version": "2.20.1-5.1ubuntu20.7", + "Vulnerabilities": [ + { + "Name": "CVE-2014-9114", + "Namespace": "ubuntu:14.04", + "Description": "blkid command injection", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-9114", + "Severity": "Low" + }, + { + "Name": "CVE-2013-0157", + "Namespace": "ubuntu:14.04", + "Description": "(a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2013-0157", + "Severity": "Low" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "tzdata", + "Namespace": "ubuntu:14.04", + "Version": "2015g-0ubuntu0.14.04", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "less", + "Namespace": "ubuntu:14.04", + "Version": "458-2", + "Vulnerabilities": [ + { + "Name": "CVE-2014-9488", + "Namespace": "ubuntu:14.04", + "Description": "The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-9488", + "Severity": "Low" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "popt", + "Namespace": "ubuntu:14.04", + "Version": "1.16-8ubuntu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "init-system-helpers", + "Namespace": "ubuntu:14.04", + "Version": "1.14", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "mime-support", + "Namespace": "ubuntu:14.04", + "Version": "3.54ubuntu1.1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "p11-kit", + "Namespace": "ubuntu:14.04", + "Version": "0.20.2-2ubuntu2", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "cgmanager", + "Namespace": "ubuntu:14.04", + "Version": "0.24-0ubuntu7.5", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libselinux", + "Namespace": "ubuntu:14.04", + "Version": "2.2.2-1ubuntu0.1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "langpack-locales", + "Namespace": "ubuntu:14.04", + "Version": "2.13+git20120306-12.1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "procps", + "Namespace": "ubuntu:14.04", + "Version": "1:3.3.9-1ubuntu2.2", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "ureadahead", + "Namespace": "ubuntu:14.04", + "Version": "0.100.0-16", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "file", + "Namespace": "ubuntu:14.04", + "Version": "1:5.14-2ubuntu3.3", + "Vulnerabilities": [ + { + "Name": "CVE-2014-9621", + "Namespace": "ubuntu:14.04", + "Description": "The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-9621", + "Severity": "Low" + }, + { + "Name": "CVE-2014-9620", + "Namespace": "ubuntu:14.04", + "Description": "The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-9620", + "Severity": "Low" + }, + { + "Name": "CVE-2014-9653", + "Namespace": "ubuntu:14.04", + "Description": "readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-9653", + "Severity": "Low" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "dbus", + "Namespace": "ubuntu:14.04", + "Version": "1.6.18-0ubuntu4.3", + "Vulnerabilities": [ + { + "Name": "CVE-2015-0245", + "Namespace": "ubuntu:14.04", + "Description": "D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-0245", + "Severity": "Low" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "zlib", + "Namespace": "ubuntu:14.04", + "Version": "1:1.2.8.dfsg-1ubuntu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "netbase", + "Namespace": "ubuntu:14.04", + "Version": "5.2", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libtasn1-6", + "Namespace": "ubuntu:14.04", + "Version": "3.4-3ubuntu0.3", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "sed", + "Namespace": "ubuntu:14.04", + "Version": "4.2.2-4ubuntu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "e2fsprogs", + "Namespace": "ubuntu:14.04", + "Version": "1.42.9-3ubuntu1.3", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "sensible-utils", + "Namespace": "ubuntu:14.04", + "Version": "0.0.9", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libusb", + "Namespace": "ubuntu:14.04", + "Version": "2:0.1.12-23.3ubuntu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "shadow", + "Namespace": "ubuntu:14.04", + "Version": "1:4.1.5.1-1ubuntu9.1", + "Vulnerabilities": [ + { + "Name": "CVE-2013-4235", + "Namespace": "ubuntu:14.04", + "Description": "TOCTOU race conditions by copying and removing directory trees", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2013-4235", + "Severity": "Low" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "kmod", + "Namespace": "ubuntu:14.04", + "Version": "15-0ubuntu6", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "ucf", + "Namespace": "ubuntu:14.04", + "Version": "3.0027+nmu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libpod-latex-perl", + "Namespace": "ubuntu:14.04", + "Version": "0.61-1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "ubuntu-keyring", + "Namespace": "ubuntu:14.04", + "Version": "2012.05.19", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "perl", + "Namespace": "ubuntu:14.04", + "Version": "5.18.2-2ubuntu1", + "Vulnerabilities": [ + { + "Name": "CVE-2016-2381", + "Namespace": "ubuntu:14.04", + "Description": "environment variable confusion", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2381", + "Severity": "Medium", + "FixedBy": "5.18.2-2ubuntu1.1" + }, + { + "Name": "CVE-2013-7422", + "Namespace": "ubuntu:14.04", + "Description": "Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2013-7422", + "Severity": "Low", + "FixedBy": "5.18.2-2ubuntu1.1" + }, + { + "Name": "CVE-2014-4330", + "Namespace": "ubuntu:14.04", + "Description": "The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-4330", + "Severity": "Low", + "FixedBy": "5.18.2-2ubuntu1.1" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "lsb", + "Namespace": "ubuntu:14.04", + "Version": "4.1+Debian11ubuntu6", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "makedev", + "Namespace": "ubuntu:14.04", + "Version": "2.3.1-93ubuntu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libterm-ui-perl", + "Namespace": "ubuntu:14.04", + "Version": "0.42-1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "isc-dhcp", + "Namespace": "ubuntu:14.04", + "Version": "4.2.4-7ubuntu12.3", + "Vulnerabilities": [ + { + "Name": "CVE-2015-8605", + "Namespace": "ubuntu:14.04", + "Description": "ISC DHCP 4.x before 4.1-ESV-R12-P1 and 4.2.x and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8605", + "Severity": "Medium", + "FixedBy": "4.2.4-7ubuntu12.4" + }, + { + "Name": "CVE-2016-2774", + "Namespace": "ubuntu:14.04", + "Description": "ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2774", + "Severity": "Low", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 7.1, + "Vectors": "AV:N/AC:M/Au:N/C:N/I:N" + } + } + } + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "liblog-message-simple-perl", + "Namespace": "ubuntu:14.04", + "Version": "0.10-1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "plymouth", + "Namespace": "ubuntu:14.04", + "Version": "0.8.8-0ubuntu17.1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "audit", + "Namespace": "ubuntu:14.04", + "Version": "1:2.3.2-2ubuntu1", + "Vulnerabilities": [ + { + "Name": "CVE-2015-5186", + "Namespace": "ubuntu:14.04", + "Description": "log terminal emulator escape sequences handling", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-5186", + "Severity": "Negligible" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libbsd", + "Namespace": "ubuntu:14.04", + "Version": "0.6.0-2ubuntu1", + "Vulnerabilities": [ + { + "Name": "CVE-2016-2090", + "Namespace": "ubuntu:14.04", + "Description": "Heap buffer overflow in fgetwln function of libbsd", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2090", + "Severity": "Low" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "iputils", + "Namespace": "ubuntu:14.04", + "Version": "3:20121221-4ubuntu1.1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libgpg-error", + "Namespace": "ubuntu:14.04", + "Version": "1.12-0.2ubuntu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "pam", + "Namespace": "ubuntu:14.04", + "Version": "1.1.8-1ubuntu2", + "Vulnerabilities": [ + { + "Name": "CVE-2015-3238", + "Namespace": "ubuntu:14.04", + "Description": "The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-3238", + "Severity": "Low", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 5.8, + "Vectors": "AV:N/AC:M/Au:N/C:P/I:N" + } + } + }, + "FixedBy": "1.1.8-1ubuntu2.1" + }, + { + "Name": "CVE-2013-7041", + "Namespace": "ubuntu:14.04", + "Description": "The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2013-7041", + "Severity": "Low", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 4.3, + "Vectors": "AV:N/AC:M/Au:N/C:P/I:N" + } + } + }, + "FixedBy": "1.1.8-1ubuntu2.1" + }, + { + "Name": "CVE-2014-2583", + "Namespace": "ubuntu:14.04", + "Description": "Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create aribitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty funtion, which is used by the format_timestamp_name function.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-2583", + "Severity": "Low", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 5.8, + "Vectors": "AV:N/AC:M/Au:N/C:P/I:P" + } + } + }, + "FixedBy": "1.1.8-1ubuntu2.1" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "liblockfile", + "Namespace": "ubuntu:14.04", + "Version": "1.09-6ubuntu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "ntp", + "Namespace": "ubuntu:14.04", + "Version": "1:4.2.6.p5+dfsg-3ubuntu2.14.04.6", + "Vulnerabilities": [ + { + "Name": "CVE-2016-0727", + "Namespace": "ubuntu:14.04", + "Description": "NTP statsdir cleanup cronjob insecure", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-0727", + "Severity": "Low" + }, + { + "Name": "CVE-2015-8158", + "Namespace": "ubuntu:14.04", + "Description": "Potential Infinite Loop in ntpq", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8158", + "Severity": "Low" + }, + { + "Name": "CVE-2015-7973", + "Namespace": "ubuntu:14.04", + "Description": "Deja Vu: Replay attack on authenticated broadcast mode", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-7973", + "Severity": "Low" + }, + { + "Name": "CVE-2015-8140", + "Namespace": "ubuntu:14.04", + "Description": "ntpq vulnerable to replay attacks", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8140", + "Severity": "Low" + }, + { + "Name": "CVE-2015-8139", + "Namespace": "ubuntu:14.04", + "Description": "Origin Leak: ntpq and ntpdc, disclose origin", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8139", + "Severity": "Low" + }, + { + "Name": "CVE-2015-7976", + "Namespace": "ubuntu:14.04", + "Description": "ntpq saveconfig command allows dangerous characters in filenames", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-7976", + "Severity": "Low" + }, + { + "Name": "CVE-2015-7979", + "Namespace": "ubuntu:14.04", + "Description": "Off-path Denial of Service (DoS) attack on authenticated broadcast mode", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-7979", + "Severity": "Low" + }, + { + "Name": "CVE-2015-8138", + "Namespace": "ubuntu:14.04", + "Description": "ntp: missing check for zero originate timestamp", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8138", + "Severity": "Medium" + }, + { + "Name": "CVE-2015-7977", + "Namespace": "ubuntu:14.04", + "Description": "reslist NULL pointer dereference", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-7977", + "Severity": "Medium" + }, + { + "Name": "CVE-2015-7978", + "Namespace": "ubuntu:14.04", + "Description": "Stack exhaustion in recursive traversal of restriction list", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-7978", + "Severity": "Medium" + }, + { + "Name": "CVE-2015-7974", + "Namespace": "ubuntu:14.04", + "Description": "NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a \"skeleton key.\"", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-7974", + "Severity": "Low" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "newt", + "Namespace": "ubuntu:14.04", + "Version": "0.52.15-2ubuntu5", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "sqlite3", + "Namespace": "ubuntu:14.04", + "Version": "3.8.2-1ubuntu2.1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + } + ] + } + }, + { + "Layer": { + "Name": "sha256:9e0bc8a71bde464f710bc2b593a1fc21521517671e918687892303151331fa56", + "Namespace": "ubuntu:14.04", + "ParentName": "sha256:27aa681c95e5165caf287dcfe896532df4ae8b10e099500f2f8f71acf4002a89", + "IndexedByVersion": 2 + } + }, + { + "Layer": { + "Name": "sha256:27aa681c95e5165caf287dcfe896532df4ae8b10e099500f2f8f71acf4002a89", + "Namespace": "ubuntu:14.04", + "ParentName": "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4", + "IndexedByVersion": 2 + } + }, + { + "Layer": { + "Name": "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4", + "IndexedByVersion": 2 + } + } + ] +} \ No newline at end of file diff --git a/cmd/clairctl/clair/templates.go b/cmd/clairctl/clair/templates.go new file mode 100644 index 00000000..8dc151f0 --- /dev/null +++ b/cmd/clairctl/clair/templates.go @@ -0,0 +1,260 @@ +// Code generated by go-bindata. +// sources: +// templates/analysis-template.1.html +// templates/analysis-template.html +// DO NOT EDIT! + +package clair + +import ( + "bytes" + "compress/gzip" + "fmt" + "io" + "io/ioutil" + "os" + "path/filepath" + "strings" + "time" +) + +func bindataRead(data []byte, name string) ([]byte, error) { + gz, err := gzip.NewReader(bytes.NewBuffer(data)) + if err != nil { + return nil, fmt.Errorf("Read %q: %v", name, err) + } + + var buf bytes.Buffer + _, err = io.Copy(&buf, gz) + clErr := gz.Close() + + if err != nil { + return nil, fmt.Errorf("Read %q: %v", name, err) + } + if clErr != nil { + return nil, err + } + + return buf.Bytes(), nil +} + +type asset struct { + bytes []byte + info os.FileInfo +} + +type bindataFileInfo struct { + name string + size int64 + mode os.FileMode + modTime time.Time +} + +func (fi bindataFileInfo) Name() string { + return fi.name +} +func (fi bindataFileInfo) Size() int64 { + return fi.size +} +func (fi bindataFileInfo) Mode() os.FileMode { + return fi.mode +} +func (fi bindataFileInfo) ModTime() time.Time { + return fi.modTime +} +func (fi bindataFileInfo) IsDir() bool { + return false +} +func (fi bindataFileInfo) Sys() interface{} { + return nil +} + +var _templatesAnalysisTemplate1Html = []byte("\x1f\x8b\x08\x00\x00\x09\x6e\x88\x00\xff\xec\xbd\x6b\x77\xe3\x46\x92\x20\xfa\x7d\xce\x99\xff\x40\xd1\xb6\x4c\x5a\x20\x8b\x6f\x49\xa4\x29\x8d\xbb\xec\x1e\x7b\xd7\xee\xee\x6d\x7b\x66\x7b\xaf\x4a\xde\x03\x02\x20\x89\x2a\x90\x60\x01\xa0\x54\x32\xc5\xfe\xed\x37\xf2\x05\xe4\x23\x12\x00\x55\xe5\x9e\xb9\xe7\x76\x57\xbb\x0a\xcc\x8c\x8c\x8c\x8c\x8c\x8c\x88\x8c\x7c\x7d\x7d\xf6\xed\x9f\x5f\xff\xf2\x7f\xfe\xf2\x5d\x63\x9d\x6d\xa2\x9b\x7f\xfd\x97\xaf\xc9\xbf\x8d\xc8\xdd\xae\xe6\xcd\x60\xdb\x84\x14\x92\x16\xb8\x3e\x7c\x35\x1a\x5f\x6f\x82\xcc\x6d\x78\x6b\x37\x49\x83\x6c\xde\xdc\x67\xcb\xce\x55\x53\xca\x59\x67\xd9\xae\x13\xbc\xdf\x87\x0f\xf3\xe6\xdf\x3a\xff\xf1\x4d\xe7\x75\xbc\xd9\xb9\x59\xb8\x88\x82\x66\xc3\x8b\xb7\x59\xb0\x85\x62\x3f\x7c\x37\x0f\xfc\x55\x20\x17\xdc\xba\x9b\x60\xde\x7c\x08\x83\xc7\x5d\x9c\x64\x12\xec\x63\xe8\x67\xeb\xb9\x1f\x3c\x84\x5e\xd0\xa1\x3f\x9c\x46\xb8\x0d\xb3\xd0\x8d\x3a\xa9\xe7\x46\xc1\xbc\xcf\x88\x04\x4c\x59\x98\x45\xc1\xcd\xf7\x4f\xbb\x20\xf1\x22\x37\x4c\x1a\x7f\x0d\x08\xb6\xf4\xeb\x57\x2c\x87\x02\xa5\xd9\x13\xff\xfc\xea\x40\xfe\x6e\x34\x96\x50\x57\x67\xe9\x6e\xc2\xe8\x69\xda\x68\xfe\xb8\xf7\x42\xdf\x6d\xbc\x8e\xb7\x69\x0c\x54\x3b\x8d\x9f\xe2\xad\xeb\xc5\x4e\x63\x13\x6f\xe3\x74\xe7\x7a\xc1\x8c\x14\x3b\x92\xbf\xba\xdf\x06\x4b\xa0\xb4\xcf\x11\x2d\x5c\xef\xdd\x2a\x89\xf7\x5b\xbf\xe3\xc5\x51\x9c\x4c\x1b\x8b\x08\x92\x66\x2c\x97\x27\x3d\xae\xc3\x4c\x46\xf1\x3a\x81\xc6\x40\x43\xac\x38\x92\xd5\xa2\xd5\x1f\x5f\x39\x8d\x09\xfc\xbf\xad\x22\x2b\xf0\x33\x64\xdf\x87\xab\x75\x39\xa2\xab\x4b\xa7\x31\xa4\xff\x55\xa0\xfa\x29\xf0\xc3\xfd\xa6\x14\xd9\xa0\x3f\x74\x1a\xfd\x4b\xc0\x36\x18\x55\x60\xfb\x31\x7e\x2c\x45\x35\x1a\x03\xa6\xf1\xc8\x69\x8c\x86\x65\x98\x28\xae\xcc\x05\x71\x6a\x1c\xa8\x30\x4c\x1b\xee\x3e\x8b\x67\xac\x92\x87\x7d\xf4\x3a\x8e\x0e\x0d\x9e\xd3\x1f\xf4\x76\x1f\x1a\x67\xe1\x86\x08\x81\xbb\xcd\x66\x9c\x96\x70\xa1\x40\x5d\x21\x50\x04\xee\xd5\x57\x67\x94\x90\xaf\x1a\x7f\x88\xe3\x2c\xcd\x12\x77\xd7\x78\x18\x76\x87\xdd\x71\xa3\x45\xe4\x7c\xfa\xea\xd5\x2a\xc8\x16\x22\xaf\xeb\xc5\x9b\x36\x2f\xf0\x3a\xde\x3d\x25\xd0\x15\x59\x63\xd0\xeb\xf7\x3b\xf0\xd7\xb8\xf1\xcb\x63\x98\x65\x41\xe2\x34\x7e\xd8\x7a\x5d\x0e\xf7\x23\x08\xf5\x36\x0d\xfc\x06\x70\x23\x48\x1a\x3f\xfd\xf0\x0b\x43\x9d\x12\xdc\x61\xb6\xde\x2f\x08\xd6\x57\xd9\xe3\x22\x7d\x95\x57\xf4\x6a\x11\xc5\x8b\x57\x1b\x37\x05\x6c\xaf\x7e\xfc\xe1\xf5\x77\x7f\xfa\xf9\x3b\x5e\xf1\x2b\xa0\xb9\xb1\x8d\x93\x8d\x1b\x85\xbf\x05\x5d\x2f\x4d\x09\xc5\xbd\xee\xb0\xf1\x4c\x91\xf3\xfa\xe0\x97\x84\x7d\x1b\x00\xa7\xdd\xf4\x95\x5a\xee\xab\x57\x44\x11\x1c\xe4\xb1\x91\xba\xdb\xb4\x93\x06\x49\xb8\x9c\x75\x1e\x83\xc5\xbb\x30\xeb\x64\xc1\x87\xac\x93\x42\x99\x8e\xeb\xbf\xdd\xa7\xd9\xb4\xdf\xeb\x7d\x31\xeb\x6c\x52\x3c\xe7\xb8\x88\xfd\xa7\xc3\xc6\x4d\x56\xe1\x76\xda\x3b\xba\x09\x48\x7e\x14\x38\x6e\x1a\xfa\x81\xe3\x83\x1e\x08\xa3\xd4\x59\x86\x2b\xcf\xdd\x65\x61\xbc\x25\x9f\xfb\x24\x70\x96\xd0\x74\xe0\x1c\xd1\x42\xe4\x1f\x22\x3d\x3b\x67\xe3\x86\x5b\x67\x13\x6c\xf7\xce\xd6\x7d\x70\xd2\xc0\xa3\x25\xd2\xfd\x06\xd0\x3f\x1d\xfc\x30\xdd\x45\xee\xd3\x14\x78\xe5\xbd\x3b\xba\x7b\x3f\x8c\x1d\xcf\xdd\x3e\xb8\xa9\xb3\x4b\xe2\x55\x12\xa4\xa9\xf3\x00\xb5\xc6\x39\x64\xb8\x8d\xc2\x6d\xd0\xa1\x05\x66\x0f\x41\x42\x07\x65\x07\x18\xb2\xda\x4e\x17\x6e\x1a\x90\x5c\x86\x68\xba\x8d\xb3\xd6\x1d\xd1\x50\x49\x1c\xa5\xf7\xed\x1c\xc5\x36\xde\x06\xb3\x75\x40\x3a\x1e\x5a\x77\xb7\x0e\x7d\x3f\xd8\xde\x3b\x59\xb0\x81\xec\x2c\x50\xe0\x8e\xee\xc1\x18\x09\xd0\xbb\x5b\xd0\x30\x09\x28\xbe\xa3\x3b\x75\xa1\x45\x0f\xc0\x9c\xe9\x3a\x06\x72\x0e\xf1\x3e\x23\x24\x10\xb6\x2d\x16\xc9\x1d\xd5\x68\xf7\x87\x45\x9c\x00\x4f\x3a\x8b\x38\xcb\xe2\xcd\xb4\x0f\x92\xec\xc3\x67\xe0\x1f\x17\x0e\x08\x4b\xbc\x5d\xb1\x1e\x7c\x64\x44\x5d\xf6\x7a\x47\x7f\xb9\x65\x69\x54\x11\x4e\xc3\x0c\x9a\xe8\x1d\xd7\x7d\xd1\x2d\xdd\xc9\x65\xb0\x69\xf4\x66\x0c\x06\x3a\x70\x3a\x08\x36\x47\xc8\x7c\x77\x60\x54\x7e\xd6\xeb\xf5\x66\x05\xed\xd3\xcf\x96\xcb\xde\x31\x05\xd1\xe1\xd2\x42\xcb\x5c\x41\x67\xa7\x7b\x20\x62\xbf\x3b\xec\xe2\x34\x24\x9d\x33\x4d\x02\x60\x03\xb4\x49\xc2\x7d\x39\xfe\x62\x46\xf9\x2e\xd8\x66\x65\x3d\xc1\x94\xc5\xbb\x69\xa7\x3b\x06\x7a\x00\xf7\x81\x37\xba\xd3\x1d\x90\x94\x70\xb3\xe2\xdc\x00\x16\xa5\x0f\x2b\xda\x4b\xd3\x04\x44\xa7\x7d\x20\x0c\x5c\x46\xf1\xe3\x94\x75\xc9\x91\xc9\x95\x68\x71\x1f\xda\x3b\x02\x25\x70\x5c\x27\x87\x9c\x0c\x21\xe1\x8b\xf8\x03\xa1\x34\xdc\xae\xa6\xdc\x26\x91\x24\x10\xf1\xf8\x37\x5b\x1e\x9e\x7c\xdc\x41\x8d\x39\x21\x44\x6b\x1d\xbd\x18\xc4\xfe\xdd\xc2\x07\x91\x0c\x9c\xd4\xdd\xec\x94\xe1\x96\xdb\x1b\xa7\xb0\x3c\x05\xe3\x80\xe8\xe3\x62\x0f\x0c\xd8\x3a\xe1\x76\xb7\xcf\x9c\x78\x97\xb1\x81\x01\xfc\x82\xc1\xe0\x90\x01\x08\xa2\xe4\xe6\xc3\x8d\x16\x06\x31\x5f\xc3\x08\xce\x66\xac\x2f\xf9\x2f\x8e\xa9\x20\xef\x21\x4c\x89\xcd\x16\x35\x30\x94\x07\x3a\xa6\xa9\x90\x2e\x41\x57\x30\x31\xe6\x10\xd4\x6b\xa0\x84\xdc\x65\x60\x7f\xe7\x2c\xf9\xde\x91\x92\x60\xcc\x05\x99\x92\x02\x9d\xb8\x09\xb3\xfb\x83\xe0\xb5\xbb\xdb\x05\x2e\xa0\xf7\x82\x29\x2b\x3f\xf3\xf6\x49\x0a\x64\xee\xe2\x10\xf8\x98\xf0\xca\xee\x60\x1c\x11\x13\xe0\xdf\xcb\xd5\xe6\x89\x07\x5e\xc8\x0f\x96\xee\x3e\x12\x6d\x9b\x4e\x69\x97\x2d\x63\x6f\x9f\x76\xc2\xed\x16\x14\x09\x2d\x67\xa6\x1f\x76\xae\xef\x93\xce\x03\x29\x17\xf2\x44\x41\x0f\xb2\xa0\x32\x6d\x79\x94\x5a\xe3\xad\x03\xef\x1d\x74\xb4\xda\x68\x17\x14\x46\xd1\x42\x49\x34\xf2\x91\x6b\x0a\x93\x94\x85\xa7\xe6\x14\xca\xf5\x6f\xf7\x9b\x45\x90\xdc\x43\x83\x78\x65\xb4\x35\x9d\x74\x17\x6e\x3b\xb2\xa4\x58\xa0\x41\xbf\xa8\xd0\x62\x2c\x50\x51\x95\x7b\x0d\xfa\xc8\x5b\xa3\x6d\xfa\xb8\x11\x32\x43\xe4\x80\x88\xdc\x32\x0c\x22\x1f\xa1\xa0\xa0\x9d\x25\x74\x3c\x52\x24\x42\x1a\x6b\x2b\xe0\x83\xe9\x4b\x5c\xa2\x9b\x30\x19\xa4\xf2\x4d\x2b\x07\xc1\xcd\xa5\xa2\x3b\x04\x6d\xd3\xe8\x4e\x06\xf4\x9f\x4b\xf8\x7b\x26\x46\x58\x63\xb0\xfb\x20\x64\x86\xa8\x62\x70\x20\x43\xbf\x91\x86\x11\x0c\xab\x63\x14\xac\x82\xad\x8f\x09\x57\x3e\x52\x55\xed\x20\x06\xb4\xa1\xc1\xa9\xff\x23\x34\x3f\xd1\x0b\x32\x3e\x62\x4a\x22\x77\x97\x06\x53\xf1\x71\xcc\x7c\x27\x5b\x17\x15\x1f\x89\x93\xf0\x73\xbc\x4f\xa0\x89\x0d\xc4\xdb\x58\x8f\x17\x3b\x6a\xfc\xc7\xd0\x29\x61\x14\x24\xd4\x78\x29\x5e\x47\x9a\x78\xaf\xc0\x49\x78\x45\x6c\x30\xf7\x16\xfe\x6d\x03\xfe\xa2\xdb\xd8\x25\x30\x52\x0f\x5f\x39\x53\x77\x49\x4c\xf6\x74\x11\x80\xaa\x08\x24\xcb\x21\x39\x5a\xcc\x45\x58\xbb\x3e\xb4\x98\xf0\x5a\xca\x92\xcc\x4b\xaf\x21\x97\x51\x84\x0e\x2f\x6a\xcb\x39\xba\x60\x4b\x89\x62\x03\xf3\xc8\x54\x59\xd1\xfd\x53\xea\x80\x31\x13\x7f\xb7\x4e\x82\xe5\x3d\x6b\xc0\x81\x8b\xe7\xb4\xd9\x68\x35\x1b\x6e\x96\x25\x2d\x92\xdb\x6e\x34\xdb\x4d\xd9\x0e\x5b\xa1\x69\x36\x07\xa7\x88\x7f\x9d\x37\xdf\xba\xe0\x86\x78\x49\xb8\x03\x40\x5e\xd2\xc9\x33\x3f\x6b\x1a\xc8\x9a\x47\xea\x94\xbc\xdf\x83\x17\x44\x4c\xc5\xc1\x10\xb1\xcf\xae\xaf\xaf\x41\x29\xac\xc0\x7d\x01\x39\x7a\x07\x23\x9f\x78\x54\x53\xf7\x21\x0e\xfd\x63\x46\xfc\xa6\xdc\xf7\xa0\xc2\xd3\x61\xae\x54\x87\xca\x17\xb1\x9c\x4e\x46\xd4\x1e\x5e\x9e\x18\xd6\x8d\xfb\x81\x4d\xbe\xa8\x1b\x27\xf1\x74\x3d\x70\xd6\x43\x67\x77\x88\x93\xdd\x1a\xec\xc2\x74\x38\x03\xb0\xf8\x11\x3e\x58\x96\x8c\x95\x36\x8b\x23\xed\x82\xd3\xb6\x70\x13\xd5\x25\xea\x2e\xb2\xed\x4d\xd7\x83\xb1\x90\x39\x5d\x3f\x89\x77\xfb\xdd\x8d\x94\x26\x44\x1e\xbc\x80\x0e\x26\x50\xc7\x6e\xe4\x2e\x82\x08\x61\x0f\x80\x1d\xbb\xca\xb0\x31\x46\x89\x8c\x86\x4d\x30\x60\xd8\x88\xaf\xb5\xe9\xab\x81\xd7\xb3\x34\xca\x74\x18\x76\x70\xe8\xf3\xc2\x52\xd2\x1a\xa1\xcc\xf7\x7d\x09\xcb\xf1\xdf\xb8\x03\xe0\x05\x8a\x2b\xf0\xe5\xbf\x47\x4f\xbb\x75\x08\x12\x91\x36\xbe\x77\xa3\x25\x08\xea\x2a\xfd\x72\x06\xc3\x70\xba\x4f\xa2\x56\xb7\xfb\x8a\x40\xa7\xaf\x56\x39\x58\x67\x2d\xc0\x3a\x49\xb0\xda\x47\x6e\xd2\x0d\xc0\x13\x3a\xbd\xc8\xed\x67\x61\xb0\x0c\x3f\xb4\x1b\xc4\xe4\xbb\x59\xeb\xcb\x00\xec\x06\x38\x51\x7e\x27\xde\x81\x74\x82\x76\xfd\xb2\xed\xd4\xc7\xf8\x18\x2f\x97\x83\x02\x19\xfd\x79\x32\x02\xb5\xfc\x49\xc5\xb3\x4c\x2a\x9d\x25\xfb\xe0\xe4\x16\x80\x6b\xf9\x59\x01\xf0\x7f\x73\x00\x9e\x5f\x60\x07\xc0\x2f\xdb\xc7\x6e\x0e\x8b\xf8\xc1\xc4\x9f\x05\x61\x98\xa1\x73\x90\x1a\x02\x20\xf9\xf1\xcc\x1f\x99\xc9\xb6\x62\x04\x7e\xba\xec\xb2\xf4\x73\xed\xc9\xca\x6d\xc0\x37\x5e\x13\x93\x00\xa2\x17\x82\xb7\x0d\x9e\xb6\xcf\xcc\x76\x9c\x7e\xd0\x61\x56\x89\xfb\x44\xe3\x2d\x52\x8b\x3a\xd4\x1a\x84\xe9\xbb\x42\xcd\x73\x95\xf5\x66\xe0\x36\x65\xc0\x5d\xb4\x4f\x11\xa0\x85\x02\x14\xec\x13\x0e\xe3\xa8\xa9\x31\x52\xb4\xe7\x7a\x4a\xe1\x4d\xb8\x45\xab\x18\xf4\x07\x0a\x9c\x17\xc5\x7b\x1f\x81\x9b\xf4\xfa\x2a\x31\xdb\x87\x20\x02\x11\x47\x40\x2f\x7b\xd7\x6a\xe3\x82\xad\x17\x46\x28\xe0\x52\x01\x5c\xc1\x34\x1b\xa1\x31\xe8\x69\x75\x6f\xf6\x69\xe8\xa1\x70\x6a\x5b\x98\x17\x83\x02\x0e\x15\x40\x50\xf7\x49\x86\xc2\x8d\x55\x84\xe0\x87\xa0\x60\x13\x03\xac\x03\x93\xda\xec\x09\x05\xbe\x54\x80\xf7\x69\x80\xe3\xbc\x52\xc0\x96\x61\xb4\x41\xc1\x54\x5e\x67\xeb\x0e\x0c\xb2\x15\xd2\x2d\x41\xaf\xdf\xd3\x40\x51\xa0\xbe\x81\x2f\x4c\x51\xde\x68\x82\x13\x23\x52\x0e\x40\x2a\xa3\x93\x60\x03\x4e\x1c\x0a\x38\x52\x00\x7f\x8b\xe3\x0d\x98\x59\x14\x72\x6c\x42\x82\x73\x8e\x82\xaa\xfd\x02\xca\x10\x85\x52\x3b\x24\x85\x69\xb5\x8b\x88\x2b\x00\xaa\x5d\xe2\xc5\x2b\x14\x4a\xeb\x91\xc4\x4d\x51\x4e\x0f\xd4\xee\x58\xc7\x1b\x94\x31\x83\xbe\x2e\x07\x38\x98\xda\x1b\x59\x68\xc1\xa6\xf5\x47\xec\x22\x83\x1d\xc0\xd4\xde\x00\x8f\x65\x1b\x01\x68\xc7\x8d\x50\x3e\x0f\xc6\x28\x38\x0a\xaa\x76\xc9\x7e\x67\x05\x54\x7b\x25\xdc\x82\xe3\x8a\xc2\x5d\x69\x9a\xd4\x7d\xea\x78\x61\xe2\x59\xd8\x74\xad\xc9\x23\xcc\x66\xd0\x26\x0d\x7b\x1a\xe0\x12\xe6\xe7\x68\x3f\x0e\xd5\x0e\x22\xc3\xc5\xc6\xa7\xa1\xda\x49\xc4\x8c\xa1\x60\x6a\x27\x2d\x23\x17\x15\xb4\xe1\x48\x57\x62\xfe\x6e\x0d\x7e\x22\xaa\x42\x87\x6a\x17\x3d\xc4\xd1\x7e\x13\xd8\x46\xc4\x70\x82\x01\x93\x6e\x45\xa1\x2f\x31\xe8\xfd\x0e\x85\x55\x7b\xeb\x7d\x42\x62\x3c\x28\xa0\xda\x51\xe0\x0b\xdb\x20\x47\x9a\x5a\xc3\x99\x35\xea\xeb\x50\x28\x9b\x46\x6a\x0f\x2d\x62\x5c\xad\x8d\x86\x06\x18\x89\x00\xa2\xa0\x6a\x2f\xd1\x09\x20\x0a\xa7\x76\x90\xe7\x6e\x82\xc4\x45\x01\xd5\xce\xa1\x51\x2b\x0c\xec\x52\x23\x31\x42\x87\xd9\x48\xed\x10\x16\xee\x44\x01\x35\xb5\x46\x26\x88\xdc\x71\x42\xa0\xc7\x3d\x13\x9a\x4d\x90\x30\x60\xb5\x6f\x68\x60\xb3\x13\x05\x4b\x1c\xf3\x00\x01\xf6\x02\x12\xff\x42\xc1\x87\x08\x78\x62\x25\x7b\x84\x40\x93\xf0\x7c\xb8\x44\x6d\xf9\x78\x6c\x8c\x7d\x14\x6c\xa2\xe9\x32\x9f\x84\x74\xac\x2d\xd4\x35\x1f\x85\xb6\xd3\xac\x39\x0a\x30\x39\x22\xda\xbf\x43\xc3\xf7\x68\x01\xcd\x3d\x0b\xbd\x6c\x9f\xa0\x43\x6b\xa2\xf6\xe2\xc6\xdd\x75\x88\x98\xe3\x9c\x9e\x68\x1d\xc3\x96\x35\x30\xc0\xa1\x66\xaa\x70\x01\x9e\xa8\x7d\x11\xf8\x21\x0e\xa6\xb9\x68\x6b\xd7\xd2\x16\xb5\x0f\x68\x34\x12\x85\x53\xb9\x6f\xf3\x57\x26\x57\x9a\xcb\x17\xec\x3a\x64\x12\xfc\xe8\x26\xe8\x38\x9b\x5c\x6b\xbd\x04\x56\xa2\x0c\xfe\xb2\xa7\xe9\xbf\x12\xd0\xbe\x61\x01\x51\x30\xb5\x7f\x76\x2e\x78\x9e\x28\xdc\x50\x6b\x59\x8c\x6a\xf2\xcb\x91\xa6\x86\x12\x2b\x7d\x63\xb3\xe9\x65\xe0\xba\x33\x0d\x9c\x2d\x03\x57\xfb\x2b\x78\x1b\x78\xa8\x9c\x5c\x5e\xe9\xfd\xff\x90\xc4\x76\x35\x73\x79\x8d\x82\x5b\x47\xe1\x55\xcf\x98\xd0\x51\x4f\x12\x85\xed\x9b\x53\x33\x3b\xf0\x00\xf1\xa0\xed\xd0\x43\xcd\x29\xb7\x43\xaa\xfd\xf7\x7e\x1f\xa4\x64\xf2\x6d\x87\x1f\x6b\x5a\x69\x19\xdb\x61\xb5\x2e\xf4\x92\x20\xd8\xa6\xeb\x18\xe7\xdc\x25\xd6\x40\xbb\x0b\x77\x75\xa5\x37\xb1\x04\x56\xf7\x22\xb6\x25\xc0\xd7\x6a\x17\xba\x49\x12\x3f\x5a\xe5\xe3\xba\x8f\x00\x5b\xa5\xe3\x7a\x80\x40\xe3\x1e\xd2\xf5\x10\x01\xb5\xb9\x5e\xd7\x23\x53\xf9\xd9\x9c\xcf\xeb\xb1\xc6\x67\xba\xfa\xbc\xdc\x47\xe8\x5c\xe7\x7a\x82\x41\xd3\x65\x4c\x14\x5c\x1b\x85\x1f\xbc\xc8\xdd\xb8\x65\x02\xd5\xd7\x26\xf5\xab\x10\x65\x74\x5f\x9b\xd3\x47\x81\x8b\xb9\xac\x7d\x6d\x46\xbf\x0c\x51\x2b\xd0\xef\x69\x46\xe5\x29\xa0\x71\x3a\x14\x74\x6c\x80\x7a\x51\x8c\xea\xcc\xbe\x16\x00\x00\x5d\xb5\x0d\xb7\x2b\x7b\xd3\x2f\x75\x8d\xbd\xc5\xd1\x6a\x3a\xcb\x8d\x82\xad\x8f\x86\x20\xfa\x5a\x1c\x20\x71\xb7\x7e\x8c\x05\x0c\xfa\x5a\x14\xc0\x8b\x37\x9b\x00\x35\xc0\x7d\x2d\x14\xb0\x71\x57\xdb\x00\x07\x1c\xa0\xba\x12\x95\xef\xbe\x16\x11\x10\xc0\x16\x09\xef\x6b\x71\x81\x24\xc8\x1e\x03\x0b\x15\xba\x23\x10\xef\x76\xa4\x13\x3c\x3c\xb6\xd3\xef\xeb\x7e\x74\x44\x03\xdf\xb6\x2e\xd6\xa2\x04\x1c\xdc\x26\x3c\x5a\xa8\x80\x0f\x1f\xb1\x76\x8f\x96\xd0\x67\xa6\xb4\xc4\x3a\x4e\xc2\xdf\x00\x0a\x2f\xa3\x87\x10\x7c\xcc\x42\xf6\xb5\x08\xc2\x02\x46\x3c\xa0\x45\xc9\xd6\xa2\x08\x8b\x00\x1d\xed\x7d\x2d\x8a\xe0\x91\x66\x2d\xa1\x61\x19\xca\x39\x2d\x98\x90\xad\xf7\x9b\x45\x6a\x91\x0e\x2d\x92\xc0\x61\x6d\xc2\xa1\x05\x13\xd6\x20\xf4\x56\x1d\xdc\xd7\x02\x0a\x14\xd8\xa2\xdd\xfb\x5a\x50\x81\xc2\x5a\x08\xbe\x36\x21\x6d\xe4\x6a\x31\x05\x66\x89\x2a\x4c\x47\x5f\x0b\x2f\x28\x85\x6c\xe4\x6b\x71\x06\xa5\x0c\xde\x0c\x2d\xe4\xa0\x94\xb0\x36\x47\xed\xd7\x55\x14\x2f\xd0\xfe\xd7\x42\x0f\x8f\x49\xb0\x45\xa3\xb2\x7d\x2d\xec\x90\xb9\xe9\x3b\x6c\x92\xde\xd7\x02\x0e\xcb\x30\xc2\x27\x7f\x7d\x2d\xda\xb0\x48\xc2\x60\xe9\xb9\xf8\xf8\xd6\x02\x0e\xc4\x2e\x32\xbf\x05\x03\xd6\x62\x0e\xbe\x9b\xae\x17\x31\xee\xa0\xf6\xb5\xc8\xc3\xce\xa5\xdb\x2f\x43\xb4\x1b\xb4\xf0\x03\x8d\x4b\x5b\x23\xc9\x7d\x2d\x0a\x11\x85\x5b\x6c\x46\xd3\xd7\x23\x10\x24\x46\x84\xc2\xa9\xfd\xb4\xdb\xa7\xeb\x1d\x1a\x82\xed\x6b\x21\x88\x7d\x8a\x37\x5c\xe5\xfe\x6a\x81\x37\x59\xe5\x7b\x1a\xe3\xda\x5a\x0b\x28\x10\xb0\xce\xe2\x09\x7c\x9d\xdd\xda\x5d\xe0\x06\x41\x0b\x2b\xe8\x45\x2c\x7e\x52\x5f\x0b\x30\x88\x62\x6c\x69\x12\x83\x1f\xda\xe1\xad\x75\x8c\x70\xd2\xb2\x2c\x09\x17\xfb\x0c\x0d\xe1\xf5\xb5\x60\x83\x59\xc8\x5a\x9b\xd6\x5d\x5b\x3a\xf9\x0d\xd0\x4e\x1b\xeb\x8e\xdc\x0e\x34\x1a\x0a\xa8\x07\xc3\xd9\x3a\xb1\x55\x5b\x68\x51\x87\x1c\x1e\xd7\x47\x5a\xe4\x21\x8a\x57\xf8\x6a\x40\x7f\xd2\xd7\x63\xa5\x68\x94\xb6\x3f\xd1\x43\xaf\x2b\xcb\xa2\x41\x5f\x0b\x4f\x6c\x83\xc7\xce\x63\xb8\x25\xfb\x25\x30\x60\xdd\x3d\xf1\x62\x5c\x0b\xe8\x61\x0a\x17\x0d\x2b\xf4\xb5\x28\x85\xcd\xbd\xd0\x82\x14\x04\x1b\x5e\xab\x16\xdd\xa3\x2b\xe9\x28\xe0\xb5\xde\xed\x16\x40\x2d\x2e\x91\x06\xb8\x74\x5c\xea\xdd\x02\xce\xd8\x53\xc7\x47\xd7\x42\x01\x7a\x80\x41\x5b\x5b\x75\xa9\xc7\xc7\x29\xb8\x75\x6d\xa9\xaf\x87\x2a\x0a\xf4\x28\xf4\x18\x83\xb6\xf5\x84\x16\xad\x00\x8b\xe1\x87\x19\xf1\x39\x71\xca\xd5\x7e\x63\x7b\x05\x71\xb5\xa2\xc7\x2b\xf6\x59\x14\x24\xa8\x19\xd0\x42\x15\x6c\xef\x0a\x06\x78\x65\xb8\xfe\x3b\xb2\xd1\x17\x67\xb2\x16\xa4\x00\x4b\x64\x35\x1c\x5a\x88\x82\xc2\xd9\x74\x91\x16\xa0\xc8\xe2\x47\x0b\xad\x9a\x86\xcc\xdc\x0c\x55\x8a\x5a\x58\x22\xf5\xad\x71\xcf\xbe\x16\x95\x58\x97\x81\x6a\xe3\x6b\xbf\xa0\x1b\x95\x70\x0a\xb4\x48\x20\xdd\x04\x43\x16\xfe\x2d\xa8\x75\x7b\xb7\xa7\x1e\x63\xb4\x40\xfb\xf6\x5a\x37\x7b\x04\x7a\xdc\xe9\xa3\xb0\xba\xbd\x23\xb0\x13\x0b\xac\x6e\xe4\x08\xec\xa5\x05\x56\xf3\x0d\xc5\xe6\xfd\x8e\x65\xc9\xa3\x7f\xad\x2b\xc5\x55\x48\x76\xe6\xd3\x68\x80\xb5\x8c\xb6\xfc\x41\xb6\x21\x94\x2d\x24\xf6\xb5\x88\x03\x2b\x60\x5d\x4e\xec\x5f\x5f\x69\x23\x2f\x80\xe9\x7c\xbc\x0d\x2d\xa3\xef\x5a\x5f\xc4\x05\x70\x3f\xf0\x42\x7f\x1f\x63\xdb\x28\x82\x41\x4f\x1b\x5b\x18\x11\x03\x2d\xe4\x41\x34\x90\x6d\x41\x77\xa0\xc5\x3d\x88\xfe\xb1\xc3\x6a\x8e\x60\xf0\x10\x44\xb8\x61\x1d\x68\x01\x10\xd2\x99\x28\x98\xe6\x0b\x92\x9d\x2c\x28\x9c\x3a\xa6\x5c\xd0\x51\xd8\xb0\x1f\x68\xe1\x89\xe0\xfd\x9e\x1e\xa5\xc0\x78\x3f\xd0\x22\x14\xef\xe8\xe6\x5e\x04\xac\xaf\x07\x30\x51\x0d\xad\x6f\x70\xd9\xb9\xa8\x7f\x32\xd0\xe2\x12\x8b\x90\x04\x10\x50\x40\x95\x83\xef\xb6\x96\x99\xdb\x40\x0b\x48\x2c\x5c\x70\xd6\x00\x68\xb3\x8f\xb0\x75\xbd\x81\x16\x8f\xc8\xd0\xa8\xcc\x60\xb2\x54\x77\x0e\xd1\xe3\x3f\xb6\xb9\xc7\x40\x0b\x43\x2c\x50\x55\x3f\xd0\x42\x0f\xee\x6e\x87\x89\xd9\xf2\x6a\xa9\x6e\xd7\x09\x12\x7c\x2a\x35\xd0\x02\x0e\xeb\x78\x9f\x58\xb6\xf6\x0c\x86\x7d\x75\x8f\x53\xe4\x6e\x50\xa6\x6b\x11\x07\x1f\x06\xba\x2d\xde\x30\xd0\xe2\x0d\xbb\x70\xb5\x7a\x22\xa1\x5f\x4c\xef\x0c\xb4\x80\x43\xea\x85\x29\x38\xd6\xe8\x10\xd7\xa2\x0d\x8b\x30\xf3\x62\xd4\x29\x1d\x68\xa1\x86\x45\x86\xad\xa8\xea\x50\x1f\x16\xa8\x14\x69\x50\x4f\x98\x90\xf7\x7a\xae\xda\x8c\xb7\xd8\xa8\x36\xa0\x92\xfd\x02\xeb\xe8\x41\x6f\xe1\xeb\x70\x35\xa0\xe8\xee\x37\xac\x05\x5a\xd8\x83\x1c\x54\x8c\xc0\xfb\x47\xf5\x8e\x16\xed\xc8\x61\x49\x30\x20\xc3\xa5\x57\x0b\x76\x04\xfe\xde\x63\x7b\x96\x31\x58\x6d\x79\x84\x1e\xa3\x2a\x0f\xb2\x0d\xb4\x30\x07\x2f\x53\x12\xca\x1b\x68\x01\x0f\x72\x08\xab\xb3\x76\x37\x0b\x18\x06\xb8\xc6\xd3\x02\x1f\x9b\xd8\x77\x23\xfb\xa4\x63\xa0\xc5\x3f\x62\x6c\x73\x1d\x40\x69\xd3\xef\xc4\xc5\x85\x55\x0b\x7c\xa4\xfb\x2d\x1d\xac\xa8\xb3\x33\xd0\x37\x5b\x88\x53\x6c\x28\x6c\xdf\x84\x65\x9b\x83\x31\xe0\x81\x09\x2c\xed\x72\xc7\x4a\x68\x7d\xb9\x20\x2b\x7f\x7c\xc9\x1e\x5f\xb3\x1c\x68\x91\x10\xa5\x08\x3f\x2d\x85\x95\x1a\xdb\x4b\x95\x8b\x8e\x16\x27\x51\x4a\x5a\x62\x77\x03\x6d\xdf\x86\x52\xa6\x4c\xe8\xb4\x68\x8b\x52\xce\x16\x5c\x1c\xe8\x9b\x3a\x92\xd0\x85\xde\x0f\xec\x05\xf4\x7d\x1d\xa2\x80\xad\x35\x5a\x0c\x26\x87\xb7\x73\x5b\x0b\xbf\xe4\x25\x2c\x5d\x3a\xd6\x9d\x53\x7a\x2c\x19\x85\xd4\x66\x14\xfb\x5d\x90\xf0\x63\x06\x18\xf4\x58\x9f\x01\x94\xc0\x4e\xcc\xf1\x6e\x65\xc8\xa5\x09\x6b\xe7\xf6\x95\x09\x6c\x89\xaf\x0c\xb4\xf8\x0a\x85\xc5\x5d\x40\x12\x5b\xf9\xea\x13\x1f\xb9\x3a\x6a\x07\x5a\x3e\x31\xf6\xe2\xac\x2d\x3b\xdc\xd7\xdb\x15\xa7\xa1\x32\x77\xd7\x59\x03\x07\x23\x3a\x27\x61\x0a\x26\x59\x2d\xdc\x56\xcf\xa1\x7f\xda\xec\x54\xad\xbc\x5d\xbc\xf9\x7d\x10\x3d\x04\x64\x28\x35\xfe\x14\xec\x83\xa6\x93\xff\x76\xbe\x01\x79\x8b\x1c\xe9\x28\xaf\x54\xeb\x08\x6a\x55\x36\x8c\x77\x47\x83\xab\xf1\x65\x7f\x34\x9c\xf1\x43\x0f\xc3\xe1\x70\x86\x1e\x85\x50\xcf\x22\xea\x47\x10\x65\xda\xc4\x01\xc4\xa2\x5e\x91\x22\x57\x2d\x0e\x26\xba\x87\xbc\xe6\x4b\x77\x71\x39\xd3\xcf\xed\xb0\xa3\xb4\x53\x7a\x7c\x2f\x3f\x2a\xcb\x8b\x80\x9d\x1a\x5c\x7a\x46\x11\xe9\xa8\x0f\x2b\x97\x1f\xad\x25\x3b\xdd\xf9\xf9\xd9\x99\x48\x1b\xef\x3e\xd0\x23\xe6\x8d\x62\xef\x3c\x39\x29\x98\xd0\x95\x37\x52\x8f\x80\x24\x7b\x0d\xd3\x20\x9b\x76\x06\xbb\x0f\xda\x01\xd3\x1e\x3d\x43\xa3\x1d\x6c\xdd\x84\xbe\x4f\x76\xd3\x7b\x2e\xf0\x12\x18\xc6\x8e\xeb\xdd\x74\xc3\x2c\xd8\xdc\xb8\x37\xe4\x50\x0e\x9e\x47\x73\xe0\x2f\xb2\x84\xb6\x03\x75\x40\x0e\x09\x77\xe9\x42\xd2\xd6\x0d\xa3\x06\x2f\x9a\x27\x90\x9f\xea\x71\xe8\x99\x7a\x9a\x67\x26\x9f\xf3\x63\x88\x49\xe7\x06\xbe\x38\x2b\x43\xce\x30\xc2\xa4\x70\x02\xed\xa2\xd9\x39\x6a\xfc\xec\xb4\x1d\x7b\x7e\x6e\xb1\x44\xd0\x50\xe9\x32\x0f\xd5\x91\x83\x33\x33\x95\xbe\x91\x3c\x66\x48\xe0\x89\x1d\xb6\x70\xa3\xa8\xd1\x1d\xa4\x8d\x00\x9c\x79\xe0\x23\x89\x8a\xce\x3a\x71\x15\x44\x79\x36\xe3\x03\x5b\x44\xd2\xb8\x34\xee\x7d\x41\xce\x11\xb3\x9e\xa7\x4a\x9d\xdc\x42\xc0\x8f\x08\x0a\xb3\x40\x93\xc4\xf9\xbf\x59\x71\xac\x49\x6e\x60\x10\x80\x70\xa4\x49\x27\xde\x46\x4f\xc5\xd1\x11\x77\x01\xd9\xfb\x2c\x98\x71\x0e\x03\x1e\xc1\xc3\x9d\x74\x2e\x54\x1c\x49\xec\x90\x54\xed\xf4\xf3\x8c\x2e\xce\x24\x30\x40\x73\x0d\x52\x9c\x45\x14\x35\x32\x31\x27\x07\x98\xc4\x39\x74\x24\x87\x8d\x9e\x9c\x36\x12\xc3\x0a\x3d\x4e\x19\xed\x6f\xb9\xef\xf3\x63\xc8\xfa\x21\x63\x46\x0f\x95\xbe\xbb\x04\x6c\x9b\x38\x3b\x7c\xd0\x0e\xff\x76\xd7\x7d\xa7\xbb\x1e\xc0\x7f\x43\xf8\x6f\x04\xff\x8d\xe1\xbf\x89\x03\xc9\xec\x14\x1a\xa4\x41\xd2\x7a\x62\x57\x37\xfc\x60\xcc\x58\x3f\x18\xd3\xed\xcf\xd4\xf3\xd0\x50\x57\xa3\x4b\x37\x83\x38\xe4\x53\x7c\x0d\x8a\xc4\x41\x9e\x38\x2c\x12\x87\x79\xe2\xa8\x48\x1c\xe5\x89\xe3\x22\x71\x9c\x27\x4e\x8a\xc4\x09\x4f\x2c\x2a\xcf\xeb\x2e\xaa\xce\x6b\x2e\x2a\xce\xeb\x2d\xaa\xcd\x6b\x2d\x2a\xcd\xeb\x2c\xaa\x14\x35\x1e\xca\x8f\x0d\xf1\x81\x78\x79\x79\xa9\x74\x82\x60\x7c\x85\xb0\x13\x63\xf6\xb1\x0c\x7d\x29\x47\x24\x9b\x3a\x19\x7f\x71\x54\xc4\x46\x48\x8b\x44\x7d\xdf\x4a\xfd\xc7\xf5\xe7\x47\x75\x8b\xb8\x27\x81\xf2\x7e\xdd\x97\x12\x87\x54\x25\x93\x3e\x18\xc8\xa9\x8c\xe2\x21\xe9\x19\xe9\x12\x87\x11\x6b\x07\x90\x20\x3b\x1a\x57\x34\x15\xf8\x30\x3e\xa8\x8e\xc0\x91\xf2\x68\x22\xa7\x12\xc3\xb6\xcb\x6d\x5a\xa3\xd7\x60\xbc\x89\xc8\xf1\x52\x44\xbf\x49\x25\x27\xe2\x27\x17\xb1\xa1\x31\x00\x47\x47\x7e\x80\xb8\xb5\x01\x34\x4c\x85\x5c\x4e\x80\xba\xf6\x81\x55\x20\xb5\x04\x74\xda\xf1\xc8\x59\x65\xdc\x3b\x41\xf8\x44\x62\xb0\x0e\xbd\xb1\x22\x3f\xb4\x3d\x08\x36\x98\x69\xf1\x96\x57\xc1\xf0\xd8\xa5\x2e\x02\xf1\x68\xd9\xb9\x60\x66\xa0\xc9\x6f\x9e\x45\x1d\x58\x39\x8f\x26\xf0\x4c\xb6\x37\x5b\xce\x65\x29\x3c\x9b\xef\xae\x96\xf3\x79\x12\x07\xd8\xc6\x8f\x89\xbb\x3b\xd0\x7b\x81\xe8\x71\x6e\x72\x98\x8f\x24\x09\xba\xc8\x12\x02\x59\xd5\xd7\xef\x5f\xc8\x33\x38\xe0\x7e\xb7\xc3\x01\xf3\x0c\x41\xb1\xbb\xa3\xfb\xe0\x7f\x33\x20\x8b\x1c\x0e\xba\xd9\x93\xd3\xd2\xb2\x02\xa0\xc9\xbb\x24\xa4\xd7\xac\x28\xce\xd9\xd1\x55\x32\x85\x53\xa6\x26\xaa\x1e\xda\xd5\xa4\x77\xdd\xe3\x38\xd3\xbd\xe7\x05\x69\x9a\xe3\xf4\x2e\x27\x43\x5f\xe0\xe4\x99\x2a\x4e\x91\xa8\xe2\x5c\x8c\x47\x03\x8f\xe3\x24\xbb\x38\x73\x84\xfd\xcb\xde\xd5\x52\x20\x24\x39\x2a\x36\x9a\xa2\xa2\x1a\x8d\x07\x93\x6b\x8e\x8a\xef\x79\x13\x79\x57\xee\xc4\x1f\x2e\x04\x36\x9e\xa9\x22\x14\x89\x0a\xce\xc9\x64\xdc\xcf\xc9\xf3\x61\xea\x57\x64\xb9\xd7\xa3\xd1\x68\x20\x50\xb2\x3c\x15\x23\x4f\x53\x10\x5e\x8d\x86\xe3\xe1\xe8\xd8\x5d\xac\xf4\x5e\xa1\x8e\x93\x21\xf3\x79\x5f\x15\x05\xf2\x4a\xa4\x24\x56\x87\x59\x5c\x74\x19\x80\x8a\x0e\x33\x81\xfc\xe5\xb2\xe7\x5f\xb1\x3a\xf4\x9e\x93\x92\x6c\x75\x78\xfd\x60\xb0\x18\xd2\x3a\x68\x07\x22\x15\x5c\x07\xfe\x92\x37\x42\xe9\x49\xf1\xdb\x86\xda\x5d\x42\xd1\x80\xa2\x16\x1d\x6a\x55\x0b\xae\x04\x25\x57\xa0\xf6\x2b\x52\xfc\x32\xf0\x16\x63\x5a\x07\xef\x60\x04\x66\x00\x0e\x76\xc0\xaa\xd0\x7a\xba\x48\xb1\x55\x10\x8c\x16\xd7\x0b\x90\x4b\x7a\xb6\x9e\x2d\x87\x0a\x4d\x27\x34\xf0\x75\x6e\xc8\xa6\xe4\x6a\x1b\x50\xd6\x92\xcf\x29\x5f\x17\x24\x79\x9b\x71\xe4\xec\x23\xd9\x1c\xf6\x30\x5b\x18\x47\x0d\x00\x84\xbf\xf7\x04\xbc\x41\x0b\x35\x8a\x72\x1c\x14\x24\x84\x1e\x14\xdb\x6f\xe9\xf1\xe4\xfc\xde\x0b\x16\x37\x20\xda\x3f\x2d\x4e\x2e\x93\xa3\xff\x34\x81\xcd\x23\x74\x58\x8e\x99\xfe\xea\x8c\xe9\xd4\xc1\x5e\xf8\x26\x0a\xf1\x69\x89\x40\xca\x82\x11\xe3\xc2\x5b\x66\x88\x21\xe1\xe8\x97\xb6\x9e\x30\xf0\xe8\xfb\x8e\xaf\x5e\x04\x53\xcc\x5d\x8e\x90\x63\xdc\xb6\x94\x9b\x46\xd6\x98\x12\x33\xe7\x47\x52\xb4\xad\x41\x70\x45\xb1\x9b\x51\x33\x24\xbc\xfd\x49\x0f\x75\xe7\x03\x37\x61\x60\xba\x85\x62\x09\x79\x81\x20\x02\x4f\x3b\x0d\xd3\x19\x66\x6b\xb4\xea\x55\xba\xe9\x25\x69\x47\x76\xe3\x85\xef\x66\x6e\x07\x20\x21\x13\x26\xb3\xec\xfe\x0b\x47\xbe\x93\x8a\xfb\xed\xeb\x20\xda\x21\x02\xc7\xe6\xd7\x0d\x66\x4c\xf8\x4d\x7e\x61\xba\x91\x6c\xf8\x35\xcc\x1a\xad\x16\xac\xb8\x0a\x23\x37\xee\x44\x2c\x1b\x92\xe3\x49\x7d\x13\xdd\x05\xb9\xec\x8e\x0b\xf9\x17\x3d\x2e\x4b\x7f\x81\x18\x64\x7a\x1a\x91\x43\x1c\xde\x3a\x8c\x7c\x47\xca\xd8\x59\xd2\xf7\x72\x01\x63\x24\x48\x80\xdc\x6b\x91\x52\xf8\xdd\x66\x52\x0a\x73\x69\xd4\x19\xbb\x72\xb1\x56\x45\x8c\x86\x30\xd6\xa8\x92\xc7\xad\xcc\x9a\x91\x0c\x74\x13\xfc\x97\x6f\x06\xbd\xfe\xa8\xf1\xa6\xd7\xfb\xa6\xf7\x25\xe8\xb6\x1c\xbc\x93\x04\x20\x5f\xa9\x8c\xa1\xbb\xdb\x47\x11\x77\x9a\xd4\x61\xd7\x37\xc6\x5d\xcf\x14\x5a\x31\xa1\x16\x03\x55\xea\x25\xa5\x03\x7b\x18\x19\x5a\x7b\x31\x08\xb5\xe1\x18\x84\x85\x65\x52\xbb\xac\x6c\x95\x61\x6c\x1c\x96\x61\x70\x66\xa3\x1c\x16\x75\xb2\x48\x64\x49\xcb\xec\x00\x32\x82\xd2\x76\x95\x81\x28\xb5\x94\xb5\x4a\xbd\xc7\xe6\x4b\x2a\x3b\x0d\x2a\x47\x5f\x1e\x41\x06\xc8\xde\x1c\xfb\xc4\x41\xbe\xd5\xc2\xa2\x6f\xcb\xef\x4f\xfb\x29\xd8\x46\xb1\xc3\x6f\xef\x7c\x4d\xe3\xe6\x6e\xea\x34\x5f\xc7\xfb\x24\x0c\x92\xc6\x9f\x82\xc7\x66\x71\xb3\x1a\xc5\x95\x6b\x14\x98\xe9\x34\x46\x8a\xfe\x20\x3a\x49\x78\x27\x97\x83\xf1\x28\xc0\x66\x13\xd7\xcb\xc1\x72\x64\x46\xa5\x8e\x40\x62\x3d\xd4\x36\x8f\x6d\xa8\x21\x1d\x4a\xa1\x2e\xe9\xbe\xa3\x70\x9b\x06\x19\xe8\x3e\x12\xf5\x81\x7f\xa4\x20\x71\x77\x30\x6e\xcf\x6a\x43\x12\x82\x1b\x32\xd1\xf2\x6d\x80\x34\xa8\xa7\x99\x39\xdb\xb5\x4c\xfa\x65\x4c\xf4\x0e\x3c\x55\xb3\x89\x2a\xae\xa9\x7e\xd6\x26\x97\x72\xb5\xc3\x5a\xc1\xe9\x47\xe0\x13\xbb\x6e\x68\xca\x2f\x1d\x8a\x22\x96\x48\xac\x1c\x4f\x23\xbf\xb1\xfe\x1b\x93\x3f\x48\xac\xd1\xf3\x3c\xa4\x57\xa1\x2d\x0d\x45\x6a\x7a\x48\x4c\x5b\x09\x2b\x29\x76\x17\x8a\x53\x9a\x4c\x42\xa4\x6b\x20\xb5\x6a\x41\xe3\x91\x62\xa9\x97\x90\xdd\xa5\xe4\x3a\x23\x12\x6c\xe5\x0c\x19\x8e\x64\xef\xa0\xf3\x34\x65\x60\xc7\x2e\x19\x80\x6e\x28\xdd\x6c\x67\x55\xc6\xfd\xa2\x0f\x38\x8c\x14\xba\x63\x20\x34\x4e\x67\x77\x62\x8a\xba\x78\xfa\x98\x3a\x0e\x66\x81\xeb\xeb\x01\x5a\xe0\xfa\xd2\x52\xa0\x3f\xe8\xf5\xd0\x12\xfd\x3e\x2b\x52\x64\x74\x96\xd1\x3e\xf4\x3f\x59\x6b\xbb\x49\xfc\x78\x50\xe0\x3a\x72\x51\xe6\x97\x92\x14\x42\x42\xd4\x89\x56\x9d\xbe\x93\x7f\xf5\x8a\x4f\x29\x75\x90\x7f\x16\x5f\xc3\xfc\x6b\x94\x7f\x8d\xf3\xaf\x49\xfe\x75\x99\x7f\x5d\xe5\x5f\xd7\xec\x6b\xe3\x8b\xaa\xc9\x57\xaf\xf8\x94\x52\x07\xf9\x67\xf1\x35\xcc\xbf\x46\xf9\xd7\x38\xff\x9a\xe4\x5f\x97\xf9\xd7\x55\xfe\xc5\xab\x4e\x37\xa2\x6a\xf2\xd5\x2b\x3e\xa5\xd4\x41\xfe\x59\x7c\x0d\xf3\xaf\x51\xfe\x35\xce\xbf\x26\xf9\xd7\x65\xfe\x75\x95\x7f\xf1\xaa\x3f\xa4\xa2\x6a\xf2\xd5\x2b\x3e\xa5\xd4\x41\xfe\x59\x7c\x0d\xf3\xaf\x51\xfe\x35\xce\xbf\x26\xf9\xd7\x65\xfe\x75\x95\x7f\x5d\x23\xb7\x39\x11\x59\x35\x83\xf1\xa5\xe2\x77\xfc\x2f\x6c\x40\x31\xbd\x28\xa8\x18\x1c\x8a\x95\x9b\x22\xb5\x2f\xc6\x66\xbf\x3b\x61\xff\xbb\x94\x72\x7b\x3c\xf7\x6a\xd8\x1d\xf2\xff\x15\xb9\xd7\xb9\x1e\x28\xd2\xae\x78\xda\x64\x82\xa0\xbb\xe4\x99\xe3\x2b\x04\xdb\x44\x64\x4a\xd4\x8d\x79\xda\x08\x23\x6e\xc4\x33\x87\x18\x6d\x43\x9e\x39\x90\x68\xcb\x19\x80\xd1\x26\xf8\x80\x91\x46\x9d\x1f\xe0\x1f\xef\x6d\x99\x7f\x2c\xab\xcf\xb3\x50\x26\x32\x90\x1e\x07\x41\x39\x49\x41\xae\x39\x84\xcc\x4e\x9a\x71\xc5\x33\x50\x9e\x52\x88\x4b\x0e\x81\x32\x96\x42\x4c\x04\x84\x4e\xfb\x98\x67\xa0\x2c\xa6\x10\x23\x0e\x81\xf2\x99\x42\x0c\x39\xc4\x40\xa7\x3c\x67\x99\x95\x72\xc1\x39\x2b\xe1\x82\x6f\x4c\x5b\xe7\x39\xe9\x9a\x74\x08\x1b\x6b\x6a\x7f\x90\x9c\x3e\xcb\xb1\x74\x07\x81\xe8\x31\x08\x4b\x6f\x00\xc4\x35\x03\x50\x3b\x03\xd2\xaf\x58\xba\xa5\x2f\x00\xe0\x92\x01\x58\xba\x02\x00\x26\x1c\x40\xa7\x7a\xcc\xd2\x2d\x1d\x01\x00\x23\x06\x60\xe9\x07\x00\x18\x32\x80\x81\x4e\xb3\x60\x94\x95\x66\xce\x2f\x2b\xc9\x9c\x5b\x4a\x1f\xb0\x25\x71\xd2\x0b\x4a\x30\x41\xee\x0c\x01\xd2\x57\x40\xd0\x5e\x11\xa0\x3d\x05\x14\xed\x1e\x0e\x7a\xad\x40\xca\xfd\xc4\x01\xae\x14\x00\xb4\xc3\x38\xe4\xa5\x02\x89\xf6\x1c\x87\x9c\xa8\x90\x66\x5b\xc7\x0a\x00\xda\x97\x1c\x72\xa4\x40\xa2\x9d\xca\x21\x87\x0a\xe4\xc0\x6c\xa9\xd6\x05\x25\x2d\x55\x7b\xa2\xa4\xa1\xbd\xda\xa1\xad\xff\x32\x07\xc1\x30\x72\xb4\x16\xc3\xc8\x51\x32\xac\x46\x8e\xd2\x6b\x35\x72\xb4\x1a\xcd\xc8\x11\x22\xac\x46\x8e\xd0\x6a\x35\x72\xa4\x49\xba\x91\x23\x0d\xb6\x1a\x39\xc2\x17\xab\x91\x23\xec\xd3\x8d\x1c\x61\xae\xd5\xc8\x91\xa6\xda\x8c\x1c\xe4\xd9\x8c\x5c\x9e\x65\x37\x72\x39\x88\xdd\xc8\x09\x10\xc3\xc8\x89\x0c\xbb\x91\x13\x10\x76\x23\x27\x20\x0c\x23\x27\x32\xec\x46\x4e\x40\xd8\x8d\x9c\x80\x30\x8c\x9c\xc8\xb0\x1b\xb9\x9c\x2f\x36\x23\x27\x00\x4c\x23\x47\x73\x50\x23\x97\xe7\x58\x8d\x5c\x0e\x61\x35\x72\x02\x42\x37\x72\x22\xdd\x6a\xe4\x04\x80\xd5\xc8\x09\x00\xdd\xc8\x89\x74\xab\x91\x13\x00\x56\x23\x27\x00\x74\x23\x27\xd2\xad\x46\x2e\x67\x87\xc5\xc8\x89\x7c\xc3\xc8\x41\x46\x95\x91\x93\x40\xaa\x8c\x9c\x04\x5a\x65\xe4\x0a\x50\x8b\x91\x2b\x00\xaa\x8c\x5c\x01\x59\x65\xe4\x0a\x48\x8b\x91\x2b\x00\xaa\x8c\x5c\x01\x59\x65\xe4\x0a\x48\x8b\x91\x2b\x00\xaa\x8c\x9c\xc4\xdf\x72\x23\x57\x00\xea\x46\xae\x34\x94\xf1\x5f\x34\x03\x37\xac\x1c\xad\xc5\xb0\x72\x94\x0c\xab\x95\xa3\xf4\x5a\xad\x1c\xad\x46\xb3\x72\x84\x08\xab\x95\x23\xb4\x5a\xad\x1c\x69\x92\x6e\xe5\x48\x83\xad\x56\x8e\xf0\xc5\x6a\xe5\x08\xfb\x74\x2b\x47\x98\x6b\xb5\x72\xa4\xa9\x36\x2b\x07\x79\x36\x2b\x97\x67\xd9\xad\x5c\x0e\x62\xb7\x72\x02\xc4\xb0\x72\x22\xc3\x6e\xe5\x04\x84\xdd\xca\x09\x08\xc3\xca\x89\x0c\xbb\x95\x13\x10\x76\x2b\x27\x20\x0c\x2b\x27\x32\xec\x56\x2e\xe7\x8b\xcd\xca\x09\x00\xd3\xca\xd1\x1c\xd4\xca\xe5\x39\x56\x2b\x97\x43\x58\xad\x9c\x80\xd0\xad\x9c\x48\xb7\x5a\x39\x01\x60\xb5\x72\x02\x40\xb7\x72\x22\xdd\x6a\xe5\x04\x80\xd5\xca\x09\x00\xdd\xca\x89\x74\xab\x95\xcb\xd9\x61\xb1\x72\x22\xdf\xb0\x72\x90\x51\x65\xe5\x24\x90\x2a\x2b\x27\x81\x56\x59\xb9\x02\xd4\x62\xe5\x0a\x80\x2a\x2b\x57\x40\x56\x59\xb9\x02\xd2\x62\xe5\x0a\x80\x2a\x2b\x57\x40\x56\x59\xb9\x02\xd2\x62\xe5\x0a\x80\x2a\x2b\x27\xf1\xb7\xdc\xca\x15\x80\x35\xac\x9c\x14\x7f\xff\x2f\x8a\x71\x1b\x66\x8e\xd6\x62\x98\x39\x4a\x86\xd5\xcc\x51\x7a\xad\x66\x8e\x56\xa3\x99\x39\x42\x84\xd5\xcc\x11\x5a\xad\x66\x8e\x34\x49\x37\x73\xa4\xc1\x56\x33\x47\xf8\x62\x35\x73\x84\x7d\xba\x99\x23\xcc\xb5\x9a\x39\xd2\x54\x9b\x99\x83\x3c\x9b\x99\xcb\xb3\xec\x66\x2e\x07\xb1\x9b\x39\x01\x62\x98\x39\x91\x61\x37\x73\x02\xc2\x6e\xe6\x04\x84\x61\xe6\x44\x86\xdd\xcc\x09\x08\xbb\x99\x13\x10\x86\x99\x13\x19\x76\x33\x97\xf3\xc5\x66\xe6\x04\x80\x69\xe6\x68\x0e\x6a\xe6\xf2\x1c\xab\x99\xcb\x21\xac\x66\x4e\x40\xe8\x66\x4e\xa4\x5b\xcd\x9c\x00\xb0\x9a\x39\x01\xa0\x9b\x39\x91\x6e\x35\x73\x02\xc0\x6a\xe6\x04\x80\x6e\xe6\x44\xba\xd5\xcc\xe5\xec\xb0\x98\x39\x91\x6f\x98\x39\xc8\xa8\x32\x73\x12\x48\x95\x99\x93\x40\xab\xcc\x5c\x01\x6a\x31\x73\x05\x40\x95\x99\x2b\x20\xab\xcc\x5c\x01\x69\x31\x73\x05\x40\x95\x99\x2b\x20\xab\xcc\x5c\x01\x69\x31\x73\x05\x40\x95\x99\x93\xf8\x5b\x6e\xe6\x0a\x40\xc3\xcc\xf1\x37\x81\xca\x1e\x62\xe4\x6f\x51\xe6\xab\xc9\x64\x6b\xe0\x95\xb4\x96\xc7\x77\xae\x90\x24\x2f\xdf\x80\x35\xd3\xf7\x91\x67\x6b\x64\x6b\x39\xad\x5c\x3a\x2a\xa5\x9d\x9c\x42\xb6\x1f\xb2\x32\x37\x19\x39\xf1\x77\x93\x25\x37\xf9\x33\x43\x52\xd2\x3a\x4f\x22\x1b\x75\x34\xa8\x3c\xa9\x80\xa2\x8f\xfb\xaa\x50\x79\x52\xf1\x6c\xd8\x95\x7d\xfb\x85\x76\xb0\x0d\x18\x64\x39\xd2\xe4\xfb\xfe\x11\xa9\x42\x7f\xf1\x91\xb6\x57\xdb\x39\x38\x40\xb1\xf0\xbe\xb9\x10\xd8\xa6\xcb\x30\x11\xdb\xf0\xa4\xf6\x94\x83\xe5\x9c\x80\xee\xa3\x0f\x62\x55\xa2\x2b\x87\x53\x39\xab\xe6\xd9\x50\x56\x83\xae\xa5\xd7\xaf\xa6\x3d\x45\x10\x2e\xe8\xdf\x72\x3e\xca\xad\x46\xd7\x22\xed\xf4\xfc\x26\x7f\xad\xca\x8b\xc9\x6d\xec\x69\xe0\x23\x32\x86\x66\xae\x91\x4c\x43\xee\xd0\x4c\xac\xa4\x21\x8b\x68\x66\x21\x95\xe3\x7c\x4c\xe4\xef\x6c\xe1\x8f\x6c\xe9\x50\x58\xf3\x90\xbc\xb5\x99\x67\x36\x0e\xc9\x43\xca\x99\x4d\x43\xf2\x2c\x4f\x84\x99\xd4\x9f\x84\x8d\x0f\x22\xae\x5b\x06\x05\xcf\xd2\x2c\x09\x77\x52\x83\xa7\xdb\x6c\x0d\xba\xb2\x43\x1e\xc5\x6a\xc5\xbe\xdf\xc6\x84\xe5\x9a\xfc\x11\x18\xe8\x16\xf5\xa2\xbc\x75\x4b\x3c\xdd\x5a\xc5\xd4\x2d\x79\xd8\xf9\xce\x23\x57\x30\x7c\x35\x27\xea\xf9\xde\x38\x41\xa8\xbe\x55\xe7\x91\xf7\x36\xb6\x33\xe6\xfc\xd3\x5d\x64\xe2\x7d\x36\x05\x8b\x23\xde\x6a\x3b\x09\x77\x10\x45\x32\x66\x4d\x99\x76\xd9\xd9\x47\x44\xcd\xe6\x39\x6b\x53\x01\xfb\x5d\x71\x64\xd2\x50\xcd\x7a\x0e\x17\x18\xa4\x1e\x3d\x07\xd3\xea\x16\x6c\x48\x3d\x5c\x24\x90\x7a\xf4\x1c\xcc\x2e\x58\xb0\x15\xf5\xd8\x7b\x1c\x15\x13\x5e\x6a\xca\x53\x73\x11\x2e\x85\x5a\xe3\x50\x3c\x5b\x25\x51\x83\x29\x9a\xc0\xa0\x6d\x50\x6b\x05\x0a\x3b\x78\x71\x45\xfe\x18\x52\xc2\xcf\xb3\x60\x62\x92\x67\xa1\x72\xc2\x73\x31\x41\xd1\xb3\x84\x3c\x20\x75\x19\x59\xa8\xac\x58\x10\x62\x75\x09\x99\x40\xea\x32\xb2\x50\x79\xb1\x20\x94\xea\xb2\x1f\x1a\xc2\x65\x41\x39\x32\x64\x17\x19\x0d\xac\x42\x66\x54\x32\x11\xa1\x51\xd0\xd9\xa5\xa6\xea\x3c\x93\xdf\x0b\xae\xbd\x89\x21\x36\xe4\xa0\x12\x26\x33\x2c\x1d\x15\x18\x92\x85\x49\x8b\x92\x2e\xe4\x41\xc7\xaf\xa6\xa3\x42\x82\xe1\x31\xf0\x0b\x19\xd0\xf1\xab\xe9\xa8\x60\x60\x78\x04\x7e\xfb\x31\x2f\xbc\xaf\x8b\x73\x5e\x76\x79\x90\x61\x2a\x84\x41\x22\x0d\x91\x84\x02\x91\x5d\x0c\x4a\x0f\x9e\x79\xa3\x60\xb8\x1c\x1a\x32\xc0\xcf\x92\x61\x62\x90\x67\xa1\x92\xc0\x73\x31\x61\xd0\xb3\x44\xbf\x23\x75\x19\x59\xa8\x54\x58\x10\x62\x75\x09\x19\x40\xea\x32\xb2\x50\x09\xb1\x20\x94\xea\xb2\x1f\xd8\xc3\x65\x40\x39\xae\x67\x17\x15\x0d\xac\x42\x5a\x54\x32\x11\x81\x51\xd0\xd9\x65\xa6\xf2\x2c\xa1\xbb\x1c\x78\x9e\x21\x36\xec\x80\x20\x26\x35\x22\x07\x15\x1a\x96\x89\xc9\x8c\x96\x23\xe4\xc2\xac\x47\xcf\x41\x05\x06\xc7\x86\xd4\x23\x64\xc2\xac\x47\xcf\x41\x85\x05\xc7\x56\xd4\x63\x3f\x78\x89\xcb\x80\x7c\xee\xd2\x2e\x29\x2a\x54\x85\xa0\x28\x24\x22\x72\x22\x23\xb3\x8b\x49\xd5\x81\xd0\x85\xe7\xe5\x52\x22\xdd\x0b\x73\x90\xb6\x24\x77\x7b\xfd\x2f\x8a\xd3\x01\x1f\x94\x8d\xfc\xec\x22\xf8\x86\xbb\xf5\x1b\xad\x22\x08\x71\x39\xb9\xa4\x01\x7f\x03\xab\x35\x46\x41\x37\x39\x4b\x27\x10\xf8\x09\xc5\xce\x26\xcd\x0f\x21\xf2\x83\x3d\x24\x89\x50\x00\x10\xf4\x21\x11\x7a\x54\x61\xe1\x26\xf8\x4d\x2f\x66\xcb\x6e\xf8\x64\xd6\x38\x75\x6a\x01\xc4\xe6\x7b\x65\x40\xeb\x12\x20\x73\x06\x58\x06\x54\x86\xc9\x9c\xc5\x95\x01\xad\xf1\x3b\x02\xf0\x72\xc6\x7c\xd8\xce\x1b\x74\x52\x2c\x47\x1f\xac\xc4\xa1\x53\xe6\x53\x4b\x16\xec\x7c\x71\xc9\x93\xeb\x2c\x18\xff\xe2\x92\x4a\x9d\x07\xed\x5c\xe2\x49\x9c\x96\xce\x94\x9e\xc6\xe8\xd3\x0a\x4a\x7c\x7e\x61\xc1\x53\x6b\x94\xb8\xfc\xc2\x82\x72\x8d\x07\xe5\x5c\xe8\x29\x4c\x96\x90\x94\x0d\xb5\x8a\x82\xf6\x81\x6c\xf2\xea\xf4\x1a\xb1\x82\x5a\xfc\x86\x04\xac\x97\x61\x10\xf9\x69\x90\x1d\x8a\x85\xd9\x9e\x79\xed\x53\xaf\xb8\xd0\x29\x0a\x56\xc1\xd6\xd7\x0e\xdd\x49\x0a\x5c\x2f\x6b\xb9\xc2\x85\x5c\xba\x82\x5d\xd0\xa6\x5c\x0c\xa7\x5d\x68\x85\xdc\x32\x30\x26\x7f\x8e\xec\x99\xfe\x3a\x97\x87\xa9\x34\x8d\xb5\x6b\x64\xc8\x01\x7b\x7a\xe1\xdc\x1d\x09\x58\xcd\xd9\x73\xd8\xf7\x9f\xfa\x6e\x3e\xa9\x06\xfa\xae\x04\xa4\xdd\x3b\x52\x22\x39\x9b\x17\xdf\x8b\x7b\x71\x46\xf4\x40\x65\xce\x4d\x1e\x01\x7f\x73\xad\x30\x8f\x1d\x6b\x95\x31\x93\x9b\xaf\xef\xd5\x5e\x3a\x2a\x75\x80\xfd\xbf\xb7\xf6\xe2\x91\x5d\xb8\x77\xb7\xd9\x47\x59\xb8\x23\xe7\xf1\x79\x02\xe9\xbb\xfb\x83\x7c\xc1\x9b\x5e\x27\xbf\x76\x02\x6b\xa4\x99\xc5\x9a\xfa\xbb\xdd\x9a\x07\x69\x50\x15\x7e\x40\x94\x72\xf2\x52\x3d\x12\x5a\x7d\x5f\xe1\x78\x3c\x3e\x76\xc9\x0d\x02\x24\x8e\x9c\x81\x8f\x61\x1f\x08\xf9\x29\x4a\xe9\x1e\xb5\x09\x34\x83\x5c\x7b\x74\x72\xa5\xb6\x6b\xec\x8a\xd4\x70\xe3\xae\x02\x71\x48\xb6\xd6\x81\xd3\xb2\x13\xbf\xa4\x2c\xf9\x4f\x3e\xc8\xdb\xbb\xc4\xcf\xfc\x5a\x61\x91\xcb\xf3\x38\x11\xb4\x09\xf2\x05\x78\x8d\x6e\x7f\x9c\x3a\x26\x41\x06\x8c\x76\xd5\x5e\x39\xbe\x32\x3c\x9f\x02\x89\x2a\x0a\x5c\x8c\x65\x6c\xe4\x7a\x1e\x77\x19\x5c\xe7\x72\x8c\x9e\x6c\xae\x62\xa4\x43\x8e\x2f\x5f\x89\x8c\x7e\x6f\xe0\xf4\x2f\xc7\xce\x60\x38\x74\xba\x93\x93\x7a\xa4\x14\x91\xd6\x98\x29\xd5\x6b\x20\xda\x5e\xb0\xa6\x4f\xb7\x89\x5b\x80\xae\xaf\xa1\x39\xe0\x31\x86\xd9\xd3\xb4\xaf\x15\x22\x5e\x38\x1d\xde\x96\x82\x46\x1d\x9c\x19\xf5\xcb\xdc\xc1\x78\x23\x96\xce\xbf\x77\xd4\xf4\x04\x4c\x3c\xb9\x4e\xf0\xde\x11\x26\xad\x00\x6d\xa8\x43\x16\x99\xef\x04\x81\xad\x4d\x52\x85\x95\x88\xf9\x45\x25\xdb\x98\xac\xcb\x92\xdb\xb4\xfc\xa3\xb8\xb2\x54\x05\xb4\x28\x50\xdd\xe0\xb8\xbb\x1d\xa4\xb8\x5b\x8f\xdf\x4b\x83\xcc\xae\x04\x28\x31\xdf\x7e\xf0\x40\xee\xff\xde\x85\x1f\x82\xa8\x43\x2f\x27\x9d\xf6\xda\x07\x09\xbf\xef\x66\xc1\xbd\x42\x89\xac\x8c\xc9\x23\xc8\xf6\x5c\x52\x96\x3e\x93\x0c\x7a\xce\x8d\xec\x70\x1b\x48\x5a\xab\xd9\xca\xf5\x36\x43\x7a\x17\x1c\xeb\x70\xba\xea\xd9\x49\x37\x0d\x9d\x46\xa7\x04\x80\x92\x59\x06\xa0\x51\x5a\x06\xca\x88\xd5\x9b\x79\xcf\x4b\xa4\x1b\x93\x3d\x58\x8e\xce\x1a\x0c\x86\xb3\x45\x64\xa9\x2c\xe9\xe9\x2c\x89\x56\x15\x2c\x51\x01\x10\x96\x98\x18\xac\x2c\x51\x41\xcb\x59\x12\xad\x6c\x2c\x51\x73\x70\x96\xa8\x30\x0a\x4b\xa2\x95\xc2\x92\xd1\x84\x9e\xc0\xa7\x52\x44\xa9\x3c\x98\x81\x81\x63\x57\x78\x16\x4e\x97\x3a\x12\xc8\x11\x6a\xfd\x9e\xda\xea\x9b\x19\x05\xce\x06\x75\x2a\x39\x66\xf6\x43\x8e\x7e\x50\x77\x56\x39\x7e\x8d\xdc\x54\xd9\x9b\xe9\xf7\x60\xea\x57\x90\xe6\xb5\xa1\x4e\x61\x9e\xcd\xef\xa2\xb2\x40\x31\x12\x0d\xb7\x8a\x67\x20\x65\xb9\x87\x69\x5e\x02\x2b\x31\x68\x44\x9d\x4c\xe5\x4a\x82\x81\xc2\xa0\x0b\x9d\xfd\x17\xbc\x17\x24\x24\x1d\xa5\x9b\x38\x25\x2a\x5d\x25\x9d\x86\x5e\xb7\x55\x9f\xd7\xe8\xfd\xc8\xd6\x1e\xe0\xe4\x5c\x94\x53\x7b\xa1\xd2\x8e\xdd\xee\xc5\x37\x78\xd1\x4b\x9b\x0d\x7b\x81\x76\x60\x39\x1c\xef\x4c\xac\x64\x57\x14\x40\x73\x25\xcb\x65\xa0\x43\x4b\xb2\xac\xa2\x18\x66\xcf\x74\xf6\x14\x88\x14\xce\x14\xc9\x98\xd1\xd4\x59\x8c\xc1\x28\x7c\x2e\x23\x24\xaf\x4a\x19\xb1\x7a\x6a\x19\x19\x25\x20\xf2\xe8\xc7\x88\x90\xcd\x5c\x87\xed\x08\x90\xb5\x84\xec\xfc\xe7\x13\x0e\x6d\xa3\xd7\xa5\x29\xca\x28\xde\x42\x87\x96\xe4\x82\x65\x51\xaf\x89\xe8\x69\xb7\x63\x1d\x0b\x40\xc9\xfa\xcc\xa4\xfd\x2f\xc6\x45\x39\x03\x63\x82\x32\x36\xaf\x0f\xe2\x33\x46\x1c\xbb\x61\xec\xf4\xe9\x65\x61\x32\x73\x7f\x49\x47\xc4\x76\x55\x16\x06\x81\x58\x72\xd4\xa9\xfa\x44\xed\xd1\xaa\xe2\xcd\xb3\x56\x68\xda\x73\xac\xbc\xd4\x62\xc5\x7f\xd2\x80\xab\x9d\xc6\x32\x46\x08\x39\x94\xc9\x93\x65\x72\xa0\x4f\x48\xab\xf9\x73\x2c\xac\xb4\x64\xa0\x67\xca\x85\x79\xc5\xa5\xbc\xf9\x4d\xc0\x1a\x1a\xbe\x8b\x72\x66\x5e\x03\xaf\x08\x8f\x56\x89\xe1\x16\x58\x84\x07\x06\x86\x26\x3c\x05\x22\x83\x67\xe0\xf3\xa0\xcc\xfd\xb4\xcd\xd2\x6a\x2c\x91\x21\xbc\xa5\x68\xf9\x3a\x32\x04\xc0\xa7\xc9\x90\xce\x0f\x4d\x86\x28\x79\xb2\x0c\x5d\xc9\x6c\xea\x9f\xc2\xa6\x63\x77\xed\xa6\x9d\x65\x10\xf8\x64\x1a\x66\x5a\x7f\x35\x5f\xeb\x25\x55\xb7\x8d\x06\xdd\x71\xce\x25\x41\xb8\x89\x39\xf7\x6e\x98\x99\x16\x7a\xf1\x37\x30\x2e\x7e\xf0\x61\x3a\x98\x61\x21\x1c\xaa\xb9\x65\x2d\xae\xcf\x61\x66\xc6\xfd\xcc\x33\xee\x53\x74\x82\x07\xf8\x9d\xf2\x0d\x60\x25\x4c\xbe\xc0\x29\xd7\xbd\xf3\x0a\x30\x2b\x80\x38\x15\x32\x29\x5a\x52\x2d\x66\xba\x32\xa9\x45\x63\xba\xa9\x00\xb3\x02\x88\xc3\x29\x3d\x89\xdb\xb8\x3a\x25\x52\xc1\xf7\xc5\x34\x24\xcf\x13\x4d\xce\x5d\x37\x35\x97\xd7\xcd\xdd\x04\x25\x8f\xdc\x2d\xca\x1c\x4d\x2d\x83\x3a\x00\x58\x1a\x56\x87\x31\x79\xc0\xf2\x84\x3f\x8e\x80\x48\xde\x06\x92\xa1\x14\xd4\x6e\xb5\x56\x09\x54\xa3\x1d\x4a\x3c\x8a\xc1\xff\xde\xa1\xbf\x12\x7a\xd0\x28\x19\xbb\x63\xfb\xc5\xb1\x31\x62\xc5\x3e\x9b\x5c\x2e\xfa\x93\xab\x93\xc3\x61\x52\x59\x8d\x6a\x59\xc2\x41\xef\xc4\x5b\x95\xe7\x48\x48\x96\xed\x38\x9b\x61\x1c\x2f\xe1\x48\x31\x18\x90\x12\x7c\x3f\x87\x2e\xf2\x46\xb2\x22\x8e\x45\xae\x29\xf2\x79\x9e\x2e\xf2\x79\x86\x24\xf2\x6a\x1a\x56\x07\x2a\xf2\x7a\x1e\x22\xf2\x02\xc4\x10\x79\x25\x03\x15\x79\x7e\x53\xba\x4a\x60\x89\xc8\x33\xf8\x7f\x8c\xc8\xa3\xf4\x58\x02\xc3\xe4\xde\xf6\x8f\x13\x79\xaf\xe7\xf6\x27\x8b\x97\x89\x3c\x2b\xab\x51\x6d\x15\x79\xce\x43\xdb\x4e\xa9\x19\xc6\xf1\x12\x8e\x18\x22\x2f\x97\x08\x92\x24\x4e\x74\x81\xd7\x12\x15\x51\x14\x79\xa6\xb0\xf3\x1c\x5d\xd4\x79\xb2\x24\xe8\x72\x8a\x89\x1b\x15\x72\x35\x07\x11\x71\x06\x60\x08\xb8\x94\x8c\x8a\x37\xbf\xb5\x5f\x26\xab\x44\xb8\x19\xf4\x3f\x46\xb8\x11\x6a\x50\xd1\x66\x2f\x08\x7c\xa4\x68\x07\x57\xa3\xab\xe1\x0b\x45\x9b\x96\x55\x68\xb6\x0a\x36\xe7\x9f\x6d\x5f\xd7\x0c\xe3\xb6\x95\x1b\x86\x58\xcb\xf0\xb9\x4b\x4b\x7b\xfb\xef\x96\x82\xf4\xb4\xcd\x58\x38\x3c\x6a\x19\xf1\x62\x52\x59\x59\x98\xe0\x17\xd2\x6e\x3c\xd3\x95\x47\xab\xc6\x68\xf4\x33\x3f\x70\x36\x24\x7f\x4a\xee\xdf\xa2\xf5\x73\xe1\x95\x83\xb4\x96\x25\x78\x35\x4e\x67\x79\xb7\xcc\xc4\xa9\x2f\xb1\x2a\x58\xa5\x57\xa1\x4e\x45\x28\x26\x37\x18\x5e\xad\x98\x24\x37\x3a\x38\xdd\x70\x51\xab\x6e\x09\x49\x03\x9b\xb3\xa1\x70\x86\xc4\xd6\x05\x5e\x64\xdb\x43\xc1\x1c\x3b\x29\x37\x2a\x93\xe5\x53\xef\x4a\x11\x45\xad\xea\xfb\xe3\x6a\xb5\xbf\xd0\xe4\x4a\x32\x8b\x16\x97\x89\x0c\xf6\x6a\xc2\x69\x55\x0a\xc5\x6b\x56\xcc\x95\xae\x1e\x1d\xc3\xb1\xe0\x71\x77\x04\x69\x49\x90\xbd\xb8\xd6\x55\x39\x32\xaa\x62\xb1\xcf\x7d\xf5\x61\xce\x0b\x4a\x4f\x2c\xe8\x7c\xc6\xb2\x72\xdb\x66\x40\x70\x63\x88\xa7\xeb\x0f\x69\x88\x50\x66\x59\x3f\x9d\x46\x20\x5f\x3a\x90\x16\x58\x2e\xf3\x99\xa9\x0c\x67\xae\x08\x95\xdf\xa0\x5c\xa1\xc3\x14\xea\x14\x41\xb7\x34\x35\x97\x42\xe3\xf1\x26\x84\xd8\x3a\xbd\x59\xdc\xe6\x7b\x0a\xad\x5a\x54\xc1\x4e\x7a\x7f\xd4\x1d\x0e\x8d\xd0\x0c\x76\x1f\x47\x9d\xba\x48\x74\xc0\x5e\xd7\xc4\x88\x23\x02\x53\x88\x3a\x2a\x5b\xd0\x29\xf6\xc4\xa0\xeb\x39\xc5\x1e\x99\xd2\x27\xe5\x8a\x3d\x33\x66\x58\xc6\xdc\xe4\x6a\x59\x1a\x22\xbb\x17\xb2\x78\xef\xad\x3b\xe4\xd8\x16\x0c\xd9\x8d\xbb\x0d\x77\xfb\x88\x3e\xf3\x39\xb3\xe7\xa8\x4b\x4a\xb9\xdf\xb3\x4f\xc1\x71\x60\x31\x3b\xb6\x2f\x87\xee\xa8\x40\x52\x53\x33\xd1\x48\xa8\xb9\xd3\xc7\x7e\xd5\x3b\x5d\x76\x87\xce\xe0\x47\xd2\xba\x6c\x2f\x96\x94\x32\x95\x52\x8a\xcf\xa9\x01\x3e\x35\xc0\x7f\xb7\xfd\x5b\x3a\x2d\xd2\xa7\xf2\x64\x15\x89\xbe\xa2\x0f\xb9\x4a\xcd\x93\x69\x3f\xe0\xdc\xac\xb5\x49\x07\x06\x53\x63\xac\xb9\x9f\x7d\xcb\x6b\x08\x36\x58\x46\x57\xb1\x72\x06\xbf\x2a\xb6\x99\x90\x51\x64\xae\x3f\xcd\x96\x61\x44\x5f\xce\x88\x76\x6b\xb7\xc5\x37\xb0\xcc\x27\xd2\xd6\xab\x8a\xf7\x13\xf2\x4d\x2f\xdd\xc9\x98\xbc\x1d\x25\x53\x85\x90\x41\x21\x0e\x68\x98\x13\x32\x80\xfb\x4b\x77\x1f\x65\x72\xaf\x94\xbd\xbe\x9a\x9f\x64\x22\x27\x0d\xa4\xf2\x52\x8f\x8b\x24\x2e\x61\xa5\x88\x83\x09\xf9\xa3\xcf\x44\x3d\xf2\x47\x41\x6f\x8a\x4e\x4d\x5c\xae\x4f\xfe\xa8\xa4\x4a\xb2\x95\xe3\x17\x69\xf1\x2e\xd8\xde\x74\xfd\x24\xde\x91\x27\xa8\x41\xb3\xac\x56\x51\x50\x9f\x51\x27\xd2\x80\x70\xcd\x1c\xd8\x7a\x0e\x3f\x25\x62\x52\x8f\xf5\x81\x15\xdb\x54\xc5\x56\xd9\x6e\x81\xbc\x12\x70\x5a\x1b\xb0\x46\x9f\xfa\x23\xf2\xa7\x5a\x3e\x3e\xb2\x4f\x51\xd5\xa2\x56\xa0\x0c\x7c\x23\x15\xab\xbf\xc8\x44\xfa\x52\xe4\x4d\xcb\x0a\x62\x42\x90\xe7\x99\x62\x20\x6f\xb3\x43\x93\x31\x2a\xa5\x5c\xb3\xb6\x22\x13\xa3\x53\xca\x2d\x2d\xca\x28\xb5\x68\x48\x01\x5f\x95\x2f\x68\xaf\x02\x63\x94\x54\x40\x4d\xeb\x21\x9b\xd6\x43\x66\x3d\xb6\x57\xa9\x35\x01\x8f\xeb\xaf\x82\xaa\xb7\x1a\x87\xac\xd0\x09\x2f\x3b\x6a\xf5\x0e\x82\x89\xef\x8e\x14\x2c\x72\x6f\x2b\x2f\x40\x96\xa3\x67\x2f\x3f\x6a\xe8\xfb\x83\xc1\x62\xd4\x53\xd0\xab\x83\xfb\x04\x5c\x83\xde\xc8\xbf\xd4\x48\x95\x65\x4f\xe0\xaf\x1e\xdc\xb5\xd8\x75\x22\x0d\x08\xd7\x10\x85\xad\xe5\x48\x23\x55\xa5\x1e\xeb\x03\x2b\xb6\xda\x0a\x5b\xeb\xe0\x4a\xc0\x6a\x85\x7d\x4a\x9f\x52\xd6\x55\xcb\xc7\x47\xf6\x69\x89\xc2\x16\x15\xa8\x0a\x5b\x4f\xc5\xea\x47\x15\xb6\x9e\x37\x2d\x2b\x88\x09\x01\xa6\xb0\x79\x9e\xae\xb0\x8d\x64\x8c\x4a\x5c\x61\x1b\x99\x18\x9d\xb8\xc2\x36\x33\xcb\x15\x36\x87\xaf\xca\xaf\x52\xd8\xaa\x98\x56\x40\x55\x29\x6c\x55\x94\xab\xa0\x6c\x0a\xbb\xae\xee\xd4\xd4\xb6\x28\x86\x5f\xa9\x44\xca\x69\xaf\x1a\xe3\x43\x67\xec\x2d\xae\xc6\x9e\x56\xfb\xc8\x73\x83\x91\xa7\x60\x91\xbb\x5d\x79\x57\xb7\x1c\xfd\x68\x74\xed\x8f\xf4\x91\x39\x18\x8f\x27\x83\xb1\x82\xbe\xce\x28\x47\x71\x0d\xaf\xaf\x46\xc3\x6b\x95\x54\x59\x08\x05\xfe\xea\x51\x5e\x8b\x5d\x27\xd2\x80\x70\x0d\xd1\xdc\x5a\x8e\x34\x64\x55\xea\xb1\x3e\xb0\x62\xab\xad\xb9\xb5\x0e\xae\x04\xac\xd6\xdc\x27\xf4\x29\x63\x5d\xb5\x7c\x7c\x64\x9f\x96\x68\x6e\x51\x81\xaa\xb9\xf5\x54\xac\x7e\x54\x73\xeb\x79\xd3\xb2\x82\x98\x10\x60\x9a\x9b\xe7\xe9\x9a\xdb\x48\xc6\xa8\xc4\x35\xb7\x91\x89\xd1\x89\x6b\x6e\x33\xb3\x5c\x73\x8b\xab\x6e\x2a\xf2\xab\x34\xb7\x2a\xa6\x15\x50\x55\x9a\x5b\x15\xe5\x2a\x28\x9b\xe6\xae\xab\x3b\x35\xcd\x2d\x8a\xd9\x35\xb7\xfc\x76\xbc\x45\x6d\x2f\xbc\x9e\xb1\xe6\x38\x9a\x2c\xae\x7c\xb7\x40\x21\x77\x78\xf1\x54\x79\xc5\x80\xec\x2f\x7a\xfe\x58\x77\xa5\x16\x13\xff\x6a\x5c\x20\xae\x35\xb2\x31\x44\x83\xc9\xb5\xbb\xf0\x24\x0a\x65\xa9\xa3\x98\xab\xc7\x74\x35\x73\x4e\xa9\x5a\xe7\x11\xa2\x9e\xe5\x64\x69\x50\x4a\xe4\x1a\x8c\xc6\x91\xd4\x56\xc9\x72\xe7\x95\x43\x55\x2b\xe3\xba\xfd\xc5\xf8\x53\xd1\xf1\x2f\xee\xaf\x12\x05\x4c\xf1\xaa\xda\x57\x49\x32\xea\x44\xf5\xae\x92\x31\xb5\x16\x31\xfa\x15\x53\xb7\x24\x43\xd7\xb5\x6a\x9a\x41\x13\xae\x65\xd5\x1c\x83\x2a\x5c\xbf\x6a\x39\xe5\xca\x95\x5e\x1d\x55\x96\x59\xa5\x56\x25\x51\x2b\x03\xa9\x52\xa8\x92\x2c\x96\x82\x58\x55\x69\x1d\x7d\xa6\xeb\x51\x5e\xc6\xae\x47\xc5\xb5\x4d\xa5\x82\xbf\xec\xb9\xfe\x48\xaf\x3a\x08\xdc\xc1\x70\xa2\x60\x91\x3b\x56\xdc\x9d\x54\x43\xa1\x06\xde\xf5\x65\x5f\x0f\xc9\x5c\x5f\x8d\x97\x3d\x5f\x41\x5f\x67\x8c\xa2\xb8\xfc\xf1\xd5\xb8\x3f\x50\x49\x95\x25\x4d\xe0\xaf\x1e\xa9\xb5\xd8\x75\x22\x0d\x08\xd7\x10\x15\xab\xe5\x48\x63\x51\xa5\x1e\xeb\x03\x2b\xb6\xda\xea\x56\xeb\xe0\x4a\xc0\x6a\xa5\x7b\x42\x9f\x32\xd6\x55\xcb\xc7\x47\xf6\x69\x89\x02\x16\x15\xa8\x3a\x58\x4f\xc5\xea\x47\x35\xb1\x9e\x37\x2d\x2b\x88\x09\x01\xa6\x92\x79\x9e\xae\x95\x8d\x64\x8c\x4a\x5c\x37\x1b\x99\x18\x9d\xb8\x86\x36\x33\xcb\x95\xb4\xb8\xb1\xad\x22\xbf\x4a\x55\xab\x62\x5a\x01\x55\xa5\xb0\x55\x51\xae\x82\xb2\x06\x9b\x6b\xea\x4e\x3d\xe4\xcc\x8b\xd9\x35\x37\xbf\x44\xad\x7c\xe4\x5c\x8f\x87\x23\x43\x13\x8d\x86\xcb\xa1\x2b\x23\x51\x56\x18\xd8\x65\x66\x35\xd4\xb6\x77\x3d\xec\x0d\x74\x77\xe8\x72\xd2\xf7\xfa\xd7\x32\xf2\x3a\x23\x1c\x45\xe5\x7a\x83\x6b\x31\xc7\xe5\x74\x2a\x8b\x1d\x0c\x7b\x8d\xc5\xa4\x1a\x8c\x3a\x8d\x00\x93\x5f\xd8\xea\xa0\x92\x21\xaf\x0a\xc9\x84\x23\xac\xb7\xa1\xaa\xbf\x32\xa8\x74\x6a\x15\x5c\x8d\x75\xc1\xda\xfd\xc8\x38\x56\x29\x12\x1f\xd5\x8f\x65\x6b\x82\x0c\xbb\xb6\x24\xa8\x26\x22\x75\xe3\x0b\x82\x6a\xd6\xb4\xa4\x18\xd2\xeb\xe8\x6a\x20\xcd\x32\x16\x03\xb5\x54\x84\x3e\xcb\x52\xa0\x96\x87\x50\x68\x59\x08\xd4\xf3\x2a\xd6\x01\xd9\x1d\x89\xe5\xd9\x95\xab\x80\xb2\x48\x96\x03\x55\xae\x01\xca\x52\x5b\x01\x64\xbd\xf3\xb7\x9e\x5e\xd4\x74\xb2\x28\x65\xd7\xc9\x51\xb8\x7d\x77\x30\xae\x29\xc0\x82\xd8\x7c\x23\x51\xaf\x28\xe7\xe4\x5f\x8a\x08\x90\x84\xa9\x9e\x50\xbd\xc1\x85\x91\x52\xf6\x76\x46\xdd\x6d\x2d\x18\x85\x06\x41\xb2\x7c\xd1\xdf\x9c\xf3\x32\x83\xe5\x77\x3b\xaa\x0a\x8a\x19\xf7\x70\x3c\xb8\xf4\x8c\xed\x48\xd0\x9e\x20\x21\xbb\x8b\xcc\xbe\x40\x2b\xc1\xc7\x81\x96\x53\x3e\x0a\x24\x5a\x4b\x41\x14\xf2\xf3\xb7\x46\xb0\xad\x54\xf9\x8e\xc3\x1b\xf2\x8b\x93\xb4\x3a\x7c\xba\xf3\xb2\x45\x1d\xe9\x46\xaa\xa3\x38\xd5\xfe\x31\x07\xba\x0b\xe4\x1f\x52\x09\xf9\x87\xb4\x68\x00\xdb\xaf\xf5\x42\xdc\xd8\x96\x7b\x79\x57\x75\x0e\x73\x21\x81\xab\x7b\xf2\xe5\xcb\x80\x16\xfb\x2c\x8b\xb7\xf7\x05\xac\x72\x55\x43\x00\xbd\x69\xc9\x4b\xf7\x8b\x4d\x28\x67\xaa\x7b\xbb\x5d\x3f\x38\x88\x6d\x5f\x3d\xec\x8e\x2e\x9e\x49\x6f\xb8\x6a\x90\xb6\xbb\x89\x76\xeb\x16\x06\x51\x9e\xcd\xea\xed\x86\xdb\x83\x74\xcd\x12\x88\x5c\xe4\xee\xd2\x20\xe7\x19\x13\x34\x91\x4c\xa0\x15\x6e\x1e\xb3\x04\xcd\xe4\x97\x21\xc6\x8f\x47\x7a\xcf\x62\x39\x0c\x13\x81\xbc\x16\x32\x8b\x32\xb7\x68\xf3\xce\xee\xe5\x77\xcf\xe6\x37\xcf\x1a\xec\xea\x64\xe1\x86\xec\x62\x5c\xee\xb7\x6c\x6b\x28\xb9\x24\x4c\xe5\x17\x0e\x52\x89\xc2\xac\xca\xdf\xf3\x11\xd9\x1d\xea\x37\xa1\x69\x79\xf6\x42\x26\xd6\x1d\x38\x2e\x41\x02\x5d\xc2\x5a\xed\x3c\x84\x69\xb8\x08\x23\xe8\x24\xad\x8a\x12\xc0\x5a\x50\xc0\x74\xd0\x72\x59\xd9\x79\x8e\x5e\xc1\x7a\xe5\x35\x27\x18\x85\xf8\x9e\x5d\xe9\x91\x1a\x72\x53\xa2\xef\xa6\xeb\xc0\xd7\x53\xe9\xde\xd8\x37\xf9\x82\x14\x3f\x3d\x5e\xb6\x69\x96\xbd\x4b\x85\x41\x1c\x73\x47\xcf\xa1\x5f\xfb\x1d\x76\x86\x5d\x73\x06\xb5\x1d\xb2\x3d\x09\x60\x13\x6c\xf7\x96\xb3\xea\xf4\x1a\x41\x76\x4c\x20\x3f\xad\x0e\x69\xbd\x99\x3c\x5e\x66\xc5\x23\x86\x33\xe9\x71\xc5\x89\x7e\x0b\x46\x7e\x97\xe7\x80\x5f\x28\xa9\x6d\xaf\xd6\x5e\x93\x02\xa5\x97\x66\xfc\x6e\x65\x7d\x03\xb2\xe4\x4f\xe7\x06\x59\xca\x8d\xc2\xdd\xb4\xb8\xe3\xe4\xc3\xac\x34\xaf\xe4\xaa\x42\x29\x55\xd9\x40\x4b\xf7\xda\xd6\xb8\xcb\x90\x9d\x06\x23\x1a\x5c\x2d\xaf\x9d\x7d\x2b\x01\xd3\xba\xa9\x4b\x9f\xda\xa3\xd2\x73\x10\xb7\x08\x48\x2f\xbe\x29\xb0\x0d\xf0\xa7\x1f\x42\x72\x93\x9d\x30\x1c\xf9\x0e\xf7\xe9\x35\xed\x0e\x5d\xb5\x20\x41\x39\x76\xbb\xa9\x8a\xf8\x26\x0a\x6f\x5c\xfc\x4a\x4b\x62\x8a\x1a\xf4\x6a\x24\x2f\x02\x9d\x4b\x1e\xbe\x5a\xd7\xdd\x36\x2f\x6d\x9d\xc4\x2e\x85\x36\x49\x10\x6e\x09\x92\xa3\xfa\x43\x13\xf2\x07\xf5\x29\x30\x99\xe2\xaf\xbc\xa8\x58\xc5\x63\x32\xae\x5e\x5d\x9e\x81\x53\x53\x64\x1b\x13\xc1\x9a\xf4\x70\x0f\xd8\x36\x70\x6f\xf2\x59\x13\x42\x5b\x91\x65\xa1\x4e\x02\xd0\x7d\xb0\x92\x7a\xea\x22\x43\x5b\x88\xec\x21\x2f\x75\xb8\xf1\x8d\xf2\x7c\xdb\x39\x68\xfa\x55\xe8\x4f\xbf\xfd\xdb\x0f\x24\xeb\x17\x52\x8c\x9c\x15\xe9\xfe\x14\x7a\x49\x9c\xc6\xcb\xac\xbb\x22\x23\x14\xf0\xb4\x82\x2d\x25\x6e\xbe\x74\xa3\x34\x80\x71\xa5\x4d\x99\xa9\x12\x54\x6d\x3d\x03\x71\xad\x3a\xb3\xe6\x38\xa4\x9a\x5c\x7a\x1c\x73\x26\x8e\x5d\xe5\x50\xe4\x6e\x68\x60\x57\xc5\x88\x2a\x75\x09\xf5\x51\x44\x9c\xe8\xd2\x51\x44\xd8\x4a\x7e\x14\x8a\x7f\x19\x7e\x80\xbe\x50\x6f\x28\xc9\x4f\xc2\x68\x36\xe0\xfa\x1a\xe8\x2f\x74\x91\xce\x47\x0b\x4b\xc8\x39\x41\x6a\x7f\x9d\xee\xd6\x7d\x58\xb8\x49\x87\xd6\xc9\xcf\xdb\x34\x72\x24\x1c\xea\x40\xce\xf9\x40\xd7\x4d\x9b\x4d\xd9\x9c\xea\x97\x31\x9b\x46\x57\xca\xe0\x76\xb7\xa8\x5f\x21\xb4\x92\x0e\xb5\x59\xa4\x76\xda\x83\xf9\x81\x55\xf3\x49\xc3\xd2\x43\x54\xbc\x36\xca\x1e\x1d\x39\xc2\xb3\x12\x70\x9b\x50\x49\x73\x0c\x47\x9a\x6e\x08\xcf\xa5\xee\x55\x77\x96\x03\x8e\x26\x42\x69\x16\xc3\x8f\x74\x2e\xe8\xf9\x0c\xbd\x16\xf9\x9d\x63\x0b\x16\x65\x02\x8f\xe4\x4f\xab\xf2\xa5\x59\x2a\x96\x2d\x05\x95\x0a\x52\xcd\x4a\x2d\x75\xe1\x55\x48\x98\x0f\xf9\x6d\x3e\x52\x0b\xe9\x1c\xf7\x42\xe3\x51\x91\x68\x74\x54\xa3\xf8\x44\x4b\x49\x59\xea\x11\x44\x7e\xde\x50\x4c\x04\xb3\x38\x26\x4f\x4f\xa8\xb9\x63\x2d\xb7\x51\xd4\x20\xa7\xc8\x44\xe5\xe9\xf2\x29\x64\xbd\x2f\x39\xd0\x8d\x81\xee\xc6\x82\xee\x46\x41\xa7\x3c\xd4\xaa\xcc\x92\x19\x77\xc1\x52\xb4\xe4\x87\x09\xda\x2c\xa5\xb8\x55\x9e\x25\xe8\x0e\x6f\xfb\x80\x06\x8d\xe4\xce\x94\x1e\x3b\xd0\x4e\xc4\xda\x21\x4f\xac\x1c\x54\x06\x1b\xbf\x39\x19\xaa\x92\xd2\x32\x8d\x9a\x8b\x8a\x4c\x3e\x28\x72\xa8\xbb\xfb\x06\xb4\x4c\x11\x69\xa6\x8d\x20\x25\x4f\xa7\xc7\x22\x01\x3a\x40\x8d\x3e\x63\x8a\xa2\xa2\x8b\x38\xb6\x32\xf6\xeb\x6c\xd2\x07\x67\x2d\x14\x1a\xf3\x3e\x51\xe7\xf1\xaa\xcb\xba\xd0\x14\xc4\x8f\xec\xa5\x86\x21\x08\x86\x26\xa3\x6e\x8d\x01\x27\x7b\x39\x6a\x33\x2e\x0c\x50\xf5\x0e\xb4\x2b\xfd\x1a\xda\x2b\x73\x10\xd3\x2b\xc2\xca\xd1\xf4\x07\x3a\x9e\xfe\x40\x41\x64\xa1\xfb\x1f\x71\x50\xb2\x8c\x80\x22\x6e\x7c\x4a\x68\x58\xb8\x38\x88\xde\xa1\xa7\xa9\x69\x26\xef\x72\xfe\xdc\x3e\x27\x50\x97\x04\x1e\xb5\x28\x3c\x9c\x12\x1c\xbd\x06\xc7\x52\xc7\x94\xab\x19\x76\x9f\xe2\x46\xb7\xfe\xaa\x1f\x5b\x3c\x45\x3a\xb3\xbe\x0b\x6d\x25\x47\x46\x2b\xbf\x69\x6a\x01\xd7\x6d\x26\x92\x5b\xab\x1d\xe5\x78\xac\x46\x98\xde\x37\xdc\xd7\x2e\x01\xe8\x59\xa9\xad\xa1\x25\x4b\x14\xa4\xee\xfc\x94\x28\x38\xab\x3e\x23\x61\x8b\x32\x8d\x56\x53\xe9\x68\xa4\x94\x29\xbc\x4a\xfd\x56\xa9\x73\xe5\x52\xa3\x12\x49\xfe\x64\x96\x08\x45\xfb\x42\x93\xf4\x02\x5c\x16\xdb\xf4\xe9\xfa\xeb\x77\x31\x53\x66\x37\xca\xf5\xbf\xdd\xa7\x59\xb8\x0c\x03\x5f\x0d\x8e\xcb\x0a\x82\x45\xcb\x21\x0b\xec\x12\x9f\x9a\x16\xeb\x62\x34\xb6\x3e\x4d\x83\x9d\x9b\xb8\x59\x80\x62\x36\xb4\x99\x9a\xa3\x5d\xa8\xc3\x6a\xd3\x9e\x4e\x16\xe4\x7c\x61\xaf\x40\x72\xcd\x0f\xb8\x3a\xc3\xe1\xd5\xa9\x5f\x31\xe5\xbb\xf3\xdd\xcc\xe5\x3d\xcd\x97\x5f\xd2\x7b\x5a\x12\xbf\x00\xa6\x1e\x3c\xbf\xbf\xdb\x0e\x2c\xa9\xd9\x53\xeb\xb1\x14\xb5\xde\xef\x4e\xe3\xaf\x49\xe0\x65\xdc\xc8\xf6\xda\xf8\xa5\xa5\xf2\x0c\xc1\x3e\x69\x65\x62\x63\x17\x0c\x09\x8b\xfa\x86\xb6\xd4\xcb\xf5\x6e\xab\xe6\x1d\xa7\xde\x05\x6b\xd0\x55\xdc\xe8\x2a\xc5\xc4\xad\x8f\x3f\xf5\xf4\x27\x17\x6e\xb4\xbb\x99\xf4\x5c\xe4\x46\xa6\x32\x10\xe8\x13\xa6\xdc\x7e\xff\x1b\x93\x2d\x2d\xb0\xc0\x98\xed\xa8\x01\x88\xb6\xa6\xee\xd5\xcc\xa5\xf4\x95\x40\xdb\x28\xad\x59\x44\xd0\xac\xdf\x0b\x6d\x21\xc7\x0a\x65\x92\x51\x0b\x54\x67\x19\x0b\x2b\xa9\xf7\xe6\x96\xc9\x1c\xc9\xad\x90\x39\x1d\x44\xaf\xf2\xf7\xb8\xdb\xdd\x42\xba\x05\xa6\x96\xb0\xd5\x6a\x46\xdd\x4b\xe4\x4b\xe9\x2b\x81\x3e\x51\xd8\x6c\x34\xe3\xb2\x61\x90\x63\x85\xaa\x29\x6c\x55\x2c\x33\x84\x4d\xbf\x79\xae\x42\xb2\xe4\xa9\x44\x61\x9f\x4b\x30\xd6\xf0\xf5\x90\x4a\x4f\x2e\xf5\x52\xcf\xbd\x46\x73\x85\xc3\x51\xfb\xc2\x28\x04\xeb\xa1\xea\xa5\xb7\xd2\xe5\x38\xf9\xc1\x37\xf3\x1e\x2b\xfc\xd9\xaa\x9a\x8f\xbd\x21\xb4\x76\xf5\x27\x23\xac\x1a\x02\xd9\xf0\x62\xc3\x56\x67\x3b\x10\xb2\xf1\xc7\x40\x67\xb9\x72\xaf\x14\x4e\x79\x38\xb1\xc3\x6f\xc3\xb4\x0b\xac\xf2\x50\xab\x29\x99\xd6\x6c\xcd\x1b\xe7\xbe\x6e\x15\x84\xe4\xaa\x55\x00\x6b\x73\x0e\x13\x5a\x7a\xd2\x53\x9f\x6b\xe9\x13\xa1\xca\xc2\xbf\x77\x44\xb5\x94\xaf\xc6\x0b\xac\xf6\xce\x92\x27\x74\x26\x4e\x5b\xae\xbd\x23\x2c\xd3\xac\xea\xe2\x58\x24\xb8\x82\xc7\x35\x7b\xb0\x06\x6c\x49\xa8\xf4\x84\x78\x65\x19\xff\x0e\xf2\x06\x18\x0d\x76\x81\x2f\x2e\xe5\x83\xbb\x87\x2e\x7a\xa2\x56\x0a\xd9\x32\x83\xc1\xd1\x30\x0f\xb2\xca\x82\xc1\xe6\xb1\x56\x34\x93\xaf\x1d\xa1\x79\xc6\x0a\xd2\xa7\x1a\xed\xfa\x15\x95\x08\xe9\x2f\x94\x95\x82\xda\x99\xc9\x9d\xad\xfb\xa0\xdd\x6b\x6a\xdc\xad\xa8\xed\xee\xa1\x65\x6e\xa2\xb0\xea\x05\x35\x01\x77\xe3\x56\xbe\xb5\xa6\x5a\x81\x31\xa7\x4b\xd9\x3a\x92\xff\x2e\xd9\xb0\x80\x1a\x3d\x81\x4a\xda\xf4\xa0\xec\x9d\x30\x72\xd5\x1a\xcb\x36\x5e\xe0\x1b\x43\x4e\xdc\x36\x41\x29\x68\xf0\x1d\x0c\x8e\xfc\x43\x22\x24\x4f\xb2\x3e\xc2\x1f\xe8\x67\x70\xd8\x6e\x14\x8e\x1d\xfe\xea\x7c\xba\x3d\x46\xa2\x2f\x6e\xc2\xcd\xea\x50\xc4\x87\x73\xe1\x20\xd7\x1d\xa7\x07\xeb\x43\xcc\xf4\x4d\x7d\x01\x46\x04\x49\xde\x95\xa6\xc8\x5e\x2e\xa2\x02\x14\xfa\x4e\x19\x26\x25\xdb\x2b\x4e\xbb\xee\xb2\xc1\x9f\x4e\xd6\x6a\xc3\xf6\x79\x13\x5e\x37\xd8\x5f\x7a\x4b\xa4\xbd\x47\x58\xaa\xd4\xa1\x66\x9e\x22\x5c\xc4\xa9\xe3\x72\xc4\xaf\xec\x2a\xbd\x1d\x51\xe3\xae\xa6\xd1\x71\x91\xa3\x14\xd0\x8f\x22\xc6\x27\xc5\x3f\xf4\xc7\xbf\x2d\x45\x8a\xee\x53\x7b\xdf\x80\x2a\x7a\x4e\x7a\x4f\xdb\xf0\x5b\xad\x08\xaa\x77\x7a\x14\xa1\xb9\xd2\x5d\x1d\x96\x36\x20\xe1\xc5\x22\xa6\x58\xbf\x51\x64\x5b\x47\x0d\xe8\x62\xd3\x8e\xe1\x79\xdb\xda\x6f\x4a\x96\x0d\x42\x97\x32\x2b\x9c\x2c\xdb\xfa\xf8\x7c\x01\x0f\xa1\x79\x65\x43\xbe\xce\x98\xfb\x07\x37\x5a\x1d\x20\xf4\x98\x0b\xa3\x65\x17\x46\x91\xa6\x99\xd4\x8c\xa2\xad\x7a\xdf\x09\x88\x0b\x28\xad\xed\x4a\x56\x01\xb4\xc6\x19\xc9\x72\x8b\xcc\xcc\x3a\xd7\x6f\x14\x06\x80\x5c\x62\xef\xbd\xc3\x47\x6b\x91\x25\x91\x4c\x5f\x16\x30\x97\xc7\x6c\xda\xe2\x58\xad\x14\x5e\xaa\x0b\x7e\x0f\x15\x70\xda\xc8\xaf\x3d\xe0\x25\xd6\x58\xb5\xe7\xcb\x15\x42\xf9\xb8\xa8\x33\x26\x7e\x07\x25\xf0\xa9\x15\xc0\x3f\xa0\x91\xe8\xa0\x87\x92\x1d\xbe\x87\xf1\x86\xfe\xd8\xb9\x5b\xfd\xa8\x89\x02\xc3\x50\xeb\xdb\x50\x05\x11\xba\x84\xea\xab\xce\x2f\x59\x93\x63\x5b\x0c\xb1\x27\x02\x8a\x7b\xf0\xc7\xe6\x53\xb7\x74\x43\x6a\x99\x2f\x54\xb9\x09\x12\xd1\x74\xd5\x1b\x27\xf9\x46\x59\x49\x7f\xe6\x9b\x24\xf3\x93\x3c\xda\xae\x92\xb1\xb1\xab\x84\xa4\x08\xaf\xb4\xf3\x61\x4a\x0f\x87\x44\xc5\x61\x97\x3c\x2b\xf5\x60\xd6\x1f\x91\x09\x04\xbd\x77\x5d\xde\x82\x8a\xbb\x7f\x15\xaf\xcd\xf4\xd8\xde\x92\xc1\x78\xec\x88\xff\xba\x7d\xeb\x1b\x38\x38\xb4\xd1\x5c\x7a\x9e\x49\x50\xfc\x54\x43\x4d\x29\xbc\x92\x5e\x30\x51\x36\xd8\xd6\xde\xc9\xa2\x53\x63\x9c\xa7\xa2\x22\x7c\x16\x6e\x76\x71\x92\xb9\xc0\x23\x29\x36\x2c\xa5\x6a\xef\xd1\x4a\xb3\x06\xde\x3b\x05\x6c\x15\x07\x78\x81\x23\xbe\xb3\x57\x2b\xab\xed\xff\x85\xc6\xdb\x41\xd8\x8b\x2d\x28\x4c\xd5\x83\xb7\x9f\x8c\x18\x3a\x2d\xca\x5f\x80\xec\xc9\x7b\x8d\x21\x83\x3f\xbe\xcf\xdf\x5c\xbc\x82\xec\x36\x7b\xa1\x3f\x4e\xc8\x0e\x78\x36\x99\x8c\x20\x25\xf5\xdc\x5d\x50\x88\xc3\xa7\xa4\x6a\xd0\xeb\xd1\x37\x17\x88\x4a\x73\x61\x0a\x05\xe5\xa2\x7d\x08\x5a\xd3\x40\x6b\x83\x60\x63\x5c\xca\x2f\x2b\xab\x95\xfa\xd8\x07\x39\xfe\x3b\x50\xdd\xd3\xdc\xa3\xa3\x29\x80\x07\xe5\x28\x96\xb6\xc3\x8b\xaa\x8f\x6a\x1d\x20\x61\xd3\x57\x2a\x50\x71\x35\xe5\x40\x3f\x39\xa0\x6c\x60\x97\x8f\x8b\x0d\x7b\xd5\xe4\x54\x54\x55\x41\x22\x01\x51\x8e\x06\xa8\xcc\xc0\x2a\x39\xe4\xba\x46\x0f\x4c\x29\x28\xfa\x92\x2f\x41\x50\x2c\x40\xdf\xfb\x72\x68\x41\xb6\x91\x79\xc0\x69\xcc\x03\x4e\x65\x4b\xeb\xec\x29\x7b\x19\xad\xe4\x74\x14\x69\xf6\xc0\x94\x5a\x98\x46\x4d\x54\xc7\xa1\x8a\xe9\x37\x85\x44\x36\x14\x5c\x8e\x09\xc0\xc4\x5d\x05\x3b\x98\x43\x2b\xa7\x49\x6c\xf1\xb4\x1c\x04\xa0\xb2\x92\xf3\xeb\x5a\x2c\xfa\x48\x1e\xcd\x55\xf1\x53\xb2\xe4\x6a\x5f\xd1\x95\x9c\xd3\xcf\x0e\x9d\xfa\x64\x89\xd2\x24\xf3\x1c\xa5\x92\xdd\xe8\x86\xc0\xb3\x0e\x71\x70\xb0\x63\xd8\x83\x41\xf1\xca\xac\xb9\xac\xd5\x37\x6a\x2b\xd0\x5d\x14\x88\x25\x2e\x8d\xea\x0c\x75\xde\x17\x8a\xdf\x99\xd7\x43\x22\xb5\x3c\x60\x77\x49\xde\x32\x6e\x74\xf2\x48\x29\xcf\xe6\xc1\x56\xf9\x45\x9f\x9e\xf9\x86\x7c\x5f\x5f\x20\x1f\xe8\xe6\x49\xd0\x76\x29\xd3\x96\x47\x21\x75\xe7\x36\x97\x1c\xa6\xa8\xcc\x6d\x59\xd4\x6b\x51\x5e\x7f\x2a\x17\x05\xd6\xe9\xa7\xfb\x36\x36\x0a\x1b\xfa\xf9\x2d\xa7\xaa\x84\xc2\xc8\xa9\xd0\x11\x74\x4b\xee\x40\xe3\x79\x49\x79\xab\x0e\x29\x2d\xa6\xe9\x96\x72\x58\x23\x1c\x2c\x5d\x19\x53\x2d\x6e\x44\xa2\x8c\xd8\xab\x34\x50\x98\x48\xe9\x41\x10\xbb\xb0\x8d\x11\x61\x53\x74\x0d\x59\xa5\x3b\x18\xc1\xfe\x52\x65\xd2\xb1\x68\x13\x43\xa3\x55\x7b\xfd\xb6\xc9\xe9\x47\xcf\x0c\x9c\x4f\x37\x6d\x28\x45\x55\xc3\x38\x03\x83\x3f\xd9\x23\x8b\x26\xce\x8f\x7c\x64\xd1\x8a\xb0\xfc\x91\x45\xa5\xd8\x4b\x1f\x59\xb4\x21\xd1\xb7\xba\xd8\xe1\x90\x5d\x21\xf5\x80\x17\xda\x23\x8b\xb6\x52\x25\x8f\x2c\x2a\x45\x5e\xf4\xc8\xa2\x8a\x21\x7f\x5b\x4f\x49\xfe\xc4\x8f\x2c\xa2\x55\x8a\x47\x16\xcd\x8a\x2d\x8f\x2c\xe2\x58\xf0\x1d\x1f\x08\xd2\x17\x3c\xb2\xa8\x60\x39\xe1\x91\xc5\x4a\x13\x6a\x8c\x4e\x23\x0a\x8a\x8d\x11\x7d\xd3\xb7\x19\x81\xac\xa5\x16\xe4\x10\x82\xac\xb5\x7b\xe6\x9c\xbe\x6c\x96\x73\xba\x79\xd6\x8d\x86\x3d\x36\xd6\xfb\x88\xc0\x18\x3e\x37\x2e\xad\x52\x9f\x47\xe8\xb5\x8e\xd4\x48\xdd\x27\x3c\x8f\x21\x7c\xf3\x62\xbf\x82\x66\xfb\x0a\x43\x27\x03\xd3\x25\xfd\x74\x23\x97\xe9\x9b\x11\xbf\x7e\x0f\x29\xf5\x21\x55\x4a\x8d\xcc\x52\x8a\x03\x0d\x93\x18\x05\x1e\x79\x02\xb8\x7c\x7e\x2e\x23\x32\x97\x77\xcd\x79\x42\x1e\xf0\xab\x21\xcd\xf4\x40\x75\x81\x14\x89\x38\xb1\xe3\xfe\xd2\x04\x46\x8a\x60\x99\xde\x85\x5a\xec\xef\x2a\x12\x75\x2c\x14\xc2\x8c\x3c\xe1\x25\x22\xca\x57\xe4\x8f\x7e\x23\xe6\x25\xf9\xa3\x97\xd6\x66\x69\xda\xb6\x04\x2b\xa0\xe6\x22\xe2\x30\xea\x7a\x32\x5d\xba\xaf\xde\x87\x80\xa1\xa3\x7d\x58\x83\xb4\xdc\x27\x3c\x01\xb6\xa2\x25\x5b\x75\xd3\x87\x74\xef\xc8\x8b\x5a\x42\xd0\xa9\xcb\x0a\x95\x50\x35\x08\x2c\x59\xc2\x47\xb6\x50\x94\xcb\x01\xc5\x27\x5f\x13\x52\x0f\xae\x0e\x95\xb6\x7d\x2c\x74\x07\xe8\x8b\xe4\x42\xd9\x56\x26\xee\x10\xe4\x3b\x22\xec\x05\x2a\x68\xe5\x40\xd6\x9b\x0d\x2b\xf1\x4b\xf3\x7a\xb3\xf8\xd5\xd5\x95\xb5\xb8\x11\x47\xd5\x01\xa8\x15\x3d\x69\x58\x53\xc6\x4b\x3b\x7b\x2a\x60\xea\x74\xa3\xb2\x0f\xa8\x8e\xa8\x55\x7a\x25\x48\x35\x25\x93\xda\x7a\x83\xbb\xf6\xf4\xf6\xb4\xb2\x9f\x4c\x0d\xe0\x75\xd4\xd2\x0d\x15\x45\x5f\xda\xbe\x4f\xac\x45\x2c\x95\xd4\x53\x2d\x95\x85\x5f\xdc\xc8\x17\x2b\x21\x6b\x5b\xe9\x79\xee\x1a\x42\x69\xde\x5e\x49\xdf\x37\xd4\xa1\xf3\x23\xe2\x65\x28\x17\xda\xe5\x9e\xd6\xfc\xfa\xf5\x99\x57\x78\xd6\x80\xb4\x5f\xe9\x59\x41\xf1\x49\x45\xf4\x8e\xca\x1b\x11\x6e\x21\x23\x0d\x10\x35\x3b\x18\xe8\xd7\xd9\xf7\xae\xc8\x1f\xbd\x28\xee\xff\x5c\xfb\xe4\x4f\x39\xac\xc6\x25\x1c\xa6\x7a\x93\x0c\xa6\x2e\x74\x5c\xb2\xff\x53\x41\x9a\xee\x02\xd5\x04\xaf\x68\x0c\xee\x05\xbd\xb8\x3d\xb8\x17\x54\x0a\x55\x83\xc0\x93\xb6\x26\x55\x48\x83\xcd\x0b\xaa\x80\xab\x43\xa5\x4d\x01\x8d\xc8\x93\x6e\x2f\x92\x0e\xcc\x0b\x92\x87\x3a\x5e\xa0\x82\xd6\x0a\x2f\xa8\x1a\x7f\xa9\x17\x44\xef\x73\xb6\x14\x37\xbc\x20\x1d\x00\xf1\x82\xfa\x3d\xf2\xa7\xbc\x3b\x35\x2f\xa8\x04\xa6\x4e\x37\x62\x5e\x50\xa9\xa8\x55\x7a\x41\x48\x35\x36\x1b\xa6\x5d\x06\x77\x92\xa2\xb3\xa1\x2d\xae\x80\x7c\xc9\x68\xa9\xf6\xd7\xaa\x35\x51\x6d\x97\xed\xb4\xb2\x9f\x4c\x67\xd5\x75\xd9\x4e\x2f\xfa\xd2\xf6\x7d\x62\x95\x57\xdf\x65\x7b\x49\xe1\x17\x37\xf2\xc5\x1a\xd3\xda\x56\xd9\xbf\xaa\x90\x4b\xd3\x01\x41\x75\x97\xee\xb5\xd9\xb0\x5a\x1c\x37\x33\xbf\x7e\x95\x56\xc7\xad\x0c\xb2\xd2\x71\xb3\x51\x7c\x52\x11\xbd\xbb\x8e\xdd\x45\x02\x2a\xcb\x4b\xf6\x9b\x45\xbe\x0a\x77\xa5\x2d\xc2\xc9\xdb\x06\x6b\x5c\xeb\x4b\xaf\x60\xc5\x96\xe2\x8b\xaa\xe4\x4d\xb6\xea\xc2\x8e\x02\x73\x11\x85\xd3\x45\x00\xd6\x25\xdf\xa4\xc5\x2e\x41\x9a\x49\x53\x84\xfc\x9a\xc9\x57\x6f\x7a\x3d\xb7\xd7\x54\x50\x88\x3d\x99\xb2\xe7\xbe\x73\xa1\x4d\x74\x23\x06\xbe\xac\x81\x9e\x7c\xa2\x8d\x6f\xa0\x9b\x71\x0b\x7c\x66\xab\xb4\x5c\x32\x5e\xd5\x04\x18\x18\xe5\x17\x2e\xce\x8c\x03\xc1\xfa\x79\xad\xca\x1b\x79\xe9\x0d\xb4\x75\xef\xcf\xb5\x9d\x1f\xd1\x5a\xa2\x1c\x58\xd3\x5b\xa5\x64\xd2\x16\x62\xcb\x05\x65\xb1\x75\xdb\x6d\x41\x6a\x35\xd2\xc9\x36\x83\x04\x29\x8f\x52\xf0\xc2\xa0\xbd\x59\x6b\xa1\x36\xf5\x64\x7e\x45\xa5\xd9\xc1\x78\x01\x9a\xa3\x1e\x1d\xcc\x3b\x8d\x3f\x02\x51\xe7\x4c\x97\xde\x37\x92\xf5\xc3\x52\x11\x5a\x34\x9b\x85\xe6\x11\x62\xad\x19\x25\x38\x91\x46\x0e\x66\x92\xac\x55\x1e\x68\x42\xdf\xc1\x16\xc7\x18\xe4\x0a\x65\x9b\x88\xa7\x63\x64\xea\x96\xcc\x92\x6b\x36\x5f\xc9\x2a\xc5\x2c\xb1\x40\x3a\x26\x58\xe7\x44\xa0\x34\x1a\x2d\xbd\x4d\xee\x0c\xd1\xd5\x0a\x4f\x63\x9a\xe5\x45\xd7\xc5\x98\x35\xd8\x87\x3b\x92\xaf\x8f\x37\x79\x14\x4f\x4a\xc7\xf8\x44\x1d\x6d\x1c\xb7\x6d\x98\x9b\xd9\xa5\x23\xdd\xac\x5a\xcf\x56\xea\x4e\x37\x26\x67\x59\x9a\xc2\xd9\x9a\x97\xa2\x98\xa8\x4b\x58\x6a\xe6\x97\xb1\x74\x58\xca\xd2\x21\xd6\x2c\x3b\x4b\x8d\xec\x52\x96\x9a\x55\xeb\xd9\xb4\x6e\x90\xfc\x52\xa3\x6a\x5e\x55\x61\x1c\x2f\xa6\x58\x1a\xb8\x7d\xa5\x19\xbc\x1d\xec\x9b\x12\x5d\x66\xdc\x59\xb7\x8d\xb0\x1d\x88\xd5\x47\x28\xc5\x7e\xbf\x71\xde\xbc\x86\x66\x16\x44\xca\xe9\xe7\x92\x59\xe1\xee\x16\x8a\x14\x2d\x62\x3f\x69\xa3\xa4\xf5\xcb\x1c\x78\x97\x04\x0f\x61\xbc\x4f\xa5\x02\x79\x92\x54\x88\x6d\xd6\xe2\x00\x9a\xb6\x54\x93\xd4\x96\xe0\x3a\x52\xc9\xa0\xb5\xbc\x40\xb9\x1d\xbb\x6c\x7f\x87\xda\x55\x79\x27\x75\x07\xc1\xa6\xd1\x9d\x90\xbf\x86\xc1\x46\x1a\x61\x97\xe3\x2f\x94\x8b\x50\x2e\x6d\x17\xa1\xe4\x37\xf5\x2b\xd2\x55\x7d\x3f\xcb\xc2\x4d\x03\xf6\xd8\x92\xd2\xe5\xdd\xc1\x38\xd8\x1c\x5d\x46\x35\xe7\x92\xf8\x55\xef\x85\x00\xce\x19\x7e\x69\x1a\x6f\xff\x34\xd8\xec\xb2\x27\xed\x68\x11\xb9\x92\x8d\xb3\xc7\xf4\x0f\xc5\xa9\x21\x8e\xa0\x64\xe5\x99\xba\xbc\x0a\xd0\xdd\x3a\x09\x96\xf9\xcc\x04\xcb\xb2\x3e\xc7\x4b\x57\x8c\x05\xba\x5d\x12\xc2\x30\x7e\x42\x43\x51\xcc\x3c\x2b\x70\x58\xb5\x6a\x96\xad\xda\xc1\xd5\xa4\x47\x6e\xac\x67\x65\x90\xc7\xfb\x05\x79\xf4\x05\x75\x0d\x0e\xab\x56\xcd\xb2\x55\x3b\x1a\x5d\xfb\x64\x82\xc4\xca\xe8\xef\x55\x8b\x3a\xe9\x6b\xc3\x32\x10\x56\xa1\x94\x6e\x0d\xdf\xd1\xd7\xc9\x05\x22\xe4\x7d\x56\x21\x59\xf4\x91\x4c\x0d\x0e\xab\x53\xcd\xb2\xde\x11\x40\xdf\xed\xcd\x25\xc4\x78\x6e\x50\xb8\x1d\xf4\x19\x38\x15\x0c\x95\x23\x39\xc7\x56\x27\x7b\x78\xf2\xc8\x1f\x9a\xc3\xb7\x96\x15\x0f\xd1\xc8\x5b\xf3\xc9\x35\xbf\x97\xa6\xad\xfd\x5d\x55\x81\x78\x27\x08\x1b\x59\xba\x45\xa0\xbb\x6c\x68\xb3\xec\x43\x9a\xb5\xba\x6c\x48\x2f\xf4\x77\xc6\x78\x21\xf1\xdc\x98\xc0\xa1\xec\xd4\x12\x6f\x8f\x81\x76\x62\x04\x08\xed\xc4\x7e\xbd\x50\x3b\x11\x33\xcc\x48\x01\x36\x6d\x84\x53\x2f\xc8\xd9\xe6\xc7\x90\xf3\x29\xc4\x8d\xfa\x7c\xa0\xf0\xde\x2d\xca\x5f\x45\x2f\xca\x2a\x36\x0e\x87\xb9\xe0\xa0\xca\x4e\x9c\xb1\x7e\x9c\xba\x20\x47\x9e\x7f\x52\xaf\xe4\xed\x7e\x03\x1e\x4b\x52\x5c\xb8\x45\xf7\x34\x0d\x91\xad\xf1\x43\x73\x37\x15\x4d\x62\x0d\x09\xb7\xeb\x20\x09\xb1\x89\x0b\x35\xe7\x79\x35\x8d\xee\xba\xef\x48\x3f\xd7\xfd\x83\x82\x40\x06\xd5\xf7\x00\x6a\x67\x51\x06\x7d\x4d\xe4\x07\xbd\x9e\x54\xfc\x66\x9d\xc8\xfe\x9a\x18\xc0\x63\xf2\xe7\x28\x9f\x19\xc9\x4b\x18\xe7\xa2\xa4\xbc\x03\x72\xd7\x96\xd4\xa8\xbc\xe0\x41\xbb\x12\x9a\xc7\xd6\x53\x2f\x09\x82\x2d\x3b\xc7\x66\xee\xdd\xc2\x3b\x61\x74\x65\x76\xc2\x88\xee\x7a\x3b\x99\x78\xf5\x64\x9f\xfc\xa4\x15\x13\x85\x49\x4f\x6b\x8f\xd1\x49\x05\xdb\x27\x43\xba\x6b\x3d\x5b\x43\xf6\xd6\x0d\x23\xcb\x83\x2f\xe6\x2e\xba\x81\x7e\xb6\x42\xbe\x90\xe4\xc5\xde\xa7\xfc\x66\x95\xf4\x74\x1e\x03\x6a\x74\x07\x69\x83\x3c\x02\x07\x96\xa7\x13\xef\x33\xed\xf9\x3d\x0b\x50\x25\x84\xd4\xfa\x06\xbd\xe8\xc5\x29\x12\xf8\xbd\x2f\xd2\x70\x94\x8f\x78\x14\xa7\xf0\xdd\xa2\x88\x78\xbd\x43\x4a\xca\xb5\x56\x91\x82\xdd\xb6\x22\x1c\x8c\x82\x9c\xae\xe7\xee\x68\x48\x4f\x3a\x95\x34\x93\x57\xc6\xdc\x08\xd4\xfa\x41\x3e\xe3\x75\xea\xa1\x68\x2c\xf6\x47\xb1\x36\xd6\x23\x75\xc7\xaa\x36\xb2\x19\x10\xfb\xc7\x7c\x2e\xf5\x92\x8c\x5e\x9a\x77\xb3\x73\xf8\xc7\xde\xd8\xc2\x9d\x83\x5c\xec\xf4\x27\x1f\x39\x62\x10\xc7\x4d\x98\x52\x87\xdc\x51\x93\xc8\x89\x5a\x6d\x28\x0c\xf1\x82\xc0\xc6\x28\x4e\xb1\xf2\x3c\xc7\x66\xb7\x88\x15\xe6\xbb\x27\xa9\x7a\xc2\x38\x90\x7b\x6e\xa2\x5b\xbc\xcb\xc9\x10\x9b\x18\xf8\xcb\x65\xcf\xd7\x37\x4b\xfa\x93\xe0\xda\x9b\x68\xa8\x1a\xa8\xae\xf3\xae\x83\xc1\x62\xa8\x83\xca\xfc\x17\x8e\xe5\x62\x3c\x22\x8e\x08\xcb\xa1\x1e\x5e\xee\x8d\x5d\xf6\xae\xf0\xd7\xc5\x03\x7f\xa9\x87\xa3\x16\x5e\x70\xb5\xec\xcb\x78\x70\xc2\xdc\x49\xd0\x0f\x94\xfa\x50\xaa\x46\xe3\xc1\xe4\x5a\x40\x09\x4f\x50\x6c\x56\x73\x27\xfe\x70\x81\xe9\x0d\x6f\x79\x15\x0c\x35\xc2\x96\x6e\xb0\xf0\x3c\x0d\x15\x4e\xdb\xf2\x32\xe8\x2f\xc6\x3a\x28\x42\xde\x64\x32\xee\x17\x4c\x53\x1f\x1a\x77\xaf\x47\xa3\xd1\x00\xa3\x6e\xe0\x07\xbe\xf1\x22\x3c\xd0\xe6\xf7\x55\x4c\x38\x71\xc1\x68\x71\xed\xf5\x34\x48\x84\xb6\xab\xd1\x10\xfc\xd4\xe3\xbf\x09\xc5\xf8\x2e\x78\x5a\x26\xee\x26\x48\x1b\xe4\xa9\xb1\x04\xc4\x80\xac\x7e\x77\xd2\x2c\x09\x77\x41\x7a\x58\x26\xe4\x24\x69\x41\x6c\x2e\xdc\x23\x1a\x97\x38\x66\x31\x9a\x4b\x4e\x94\x42\x1d\xf1\xef\x8a\xfe\x77\xc4\xdd\x15\x18\x0f\xd2\x41\x34\x4c\x1b\x56\xdf\xfe\x65\x5b\xeb\xa9\x3a\x33\x65\x3c\x96\x68\x3d\x12\x65\x42\x16\xf4\xd3\xad\x0c\xc6\x55\xdd\xf9\x13\xa0\xf4\xce\xaa\x92\xb0\xdc\xa0\x70\xe3\x2c\xb3\x03\x6b\x38\xba\xa4\x79\x1d\xe9\xac\x96\xf2\xe2\x64\x5d\x48\xc4\xaa\xd3\x86\x35\xba\x13\x66\x8d\x35\x6b\xae\x65\x5a\x73\x54\xbe\x71\x49\xf2\x9d\x22\x95\xa7\x34\x54\xfe\x1a\x07\x09\x05\x7d\xec\x61\xde\x4e\xfe\x44\xdf\x68\xec\x07\x2b\x07\x39\xa3\x36\x6e\x37\x06\xe3\x2f\x1c\xc9\x94\x1a\xbf\xc7\xbd\x2f\x2c\x25\xed\x39\x97\x1a\x0e\xed\x77\xdb\x3c\x3f\x0c\x7c\xfb\xff\x1e\xd1\xff\xed\x29\x46\x9e\x70\xa5\xe3\x8d\x6a\xa2\x51\x4f\x8d\xb1\xaa\x39\xaa\x48\xe6\xaf\xb9\x89\x44\x9e\xa0\x09\xa4\xa8\xcf\xdd\x02\x83\xa8\x9c\x63\x1a\xb2\x31\x10\x4f\x47\x37\xc0\xd0\x86\x5b\x98\x3c\x92\x71\x73\x7a\xa1\x93\x4b\xe8\xe3\xac\x32\x5e\x55\x3e\x00\x31\x04\xff\x1c\x88\xff\x1c\x88\x06\xc5\x9a\xdc\x55\x04\x2c\x2b\x84\x4e\x2f\xfd\x4f\x89\xfb\xa7\xc4\x55\x49\x5c\x75\xd0\xba\x42\xe8\x10\x04\xff\x94\xbb\x7f\xca\x5d\x95\xdc\x55\xae\x5a\x54\x88\x9d\x59\xfe\x9f\x52\xf7\x4f\xa9\x43\xa4\x8e\xc6\xb4\xf5\x33\xd0\x3c\x19\x7b\x8f\x96\xbf\x20\x41\xf3\x1d\xf6\x0f\xcc\x18\xfd\xa7\x83\x3e\xb1\xfe\x2d\x26\x61\xfe\xa3\x0c\x92\xc7\xd2\xe9\x95\x6c\x3c\x27\x5e\xbc\x0d\xbc\x4c\xbf\x61\x52\xce\xeb\x86\x9b\x55\xa7\x88\x51\xeb\x17\x71\x33\x50\x1a\xa9\xe3\x04\xdd\x48\x0f\x81\xab\xbb\x34\xfa\x52\xc5\x24\x41\x2d\x40\x0f\x5c\x6b\xb7\x35\x4a\x05\x48\x1b\x1c\xb3\x30\xaf\x07\xb9\x5f\x55\x5b\x75\x03\xd6\x09\x54\x6c\x01\xee\x60\xb9\x50\x42\x54\x47\x6f\x05\xd3\x57\xf1\x69\xaa\x80\x21\x5b\xf3\x89\x75\x29\xb9\xb6\x62\x2c\xb5\x38\x4c\x33\x7d\xd7\x8a\xb1\x2b\xa5\x58\x9c\x2a\xbf\x2f\x9f\xdd\xf4\xa3\x2d\x65\x9d\x7e\x03\x3e\x72\x13\xfa\x69\x5b\x38\x35\x0a\xea\xbc\x09\x58\x71\xe1\x81\x89\xd3\x7e\x29\x45\xc5\x3e\xcb\x8a\xbd\x9f\xae\x5e\x93\xc3\x5e\xb2\x33\xd8\x5a\x9c\x92\x34\xcb\x34\xf4\x04\x21\x15\x16\x64\x56\x78\xf9\x00\x9f\x51\x4b\xb1\x33\x44\x4b\x67\xdb\x67\xf0\xaa\x78\x21\x4b\xa6\x71\x00\xb4\xee\x7e\x5e\x1a\xa0\x3b\x5a\x58\x25\xbf\xd8\x58\x04\xbf\xd8\x46\x21\x7d\xed\x57\x6c\xf6\x71\xac\x39\xf9\x56\x00\x5b\xfe\xcb\x36\x41\xd2\x85\x54\x1b\x4e\x7b\x87\x56\x90\xf9\x92\x82\x94\xfe\x2a\x91\xc8\x17\x3d\xea\x93\x4c\x78\x7f\x3a\xbd\x15\xa5\x2c\xc4\x1a\x37\x37\xe0\x6b\xfc\x26\x62\x96\x6e\xeb\x63\x9e\x5b\xb2\xd3\xf7\xc4\xad\xbd\x78\x05\x27\xf4\x5a\x45\x81\x9b\x6e\xba\x01\x99\x3b\xbd\x5c\x69\xb1\x93\x65\xab\x56\xb1\x0a\x5a\xab\x4a\x97\x17\x2e\x17\xea\x17\x16\xab\xa2\xb8\xa2\x34\x2d\x5c\x35\x9e\x6c\x1d\x85\x8f\x8b\x72\x56\x95\x96\xa9\x31\x92\xbc\x4b\xf0\xe3\xcc\x1d\x2d\x27\x2e\x79\x9a\x96\x44\x20\xb0\x98\x05\x1c\xbf\x1d\xcd\xa9\xe6\xaf\xb2\x9c\xd6\x47\xd6\x8a\x6d\x16\x31\xcf\x2f\xb3\x8c\x1a\x92\x0a\x20\xf5\x7c\xbd\x95\xe1\x3d\xba\x9c\x6c\x25\xa8\xd8\x9b\x50\x0e\x50\xd5\x30\x45\x86\x2a\x48\x17\x75\xd6\x82\xaa\xc5\x0c\x55\x2d\x97\x2b\x63\xce\x29\x55\x19\x33\x79\x32\xd0\x9f\xb0\x54\x8e\xb0\x98\x94\xb6\x11\x6e\x62\xb6\x20\x38\x59\x94\x4b\x0b\x55\xca\x31\x29\x6d\xed\x6b\x9a\x59\xda\xc3\x52\xf1\x32\x08\x55\x76\x6d\x8c\xf5\x46\xc1\x70\x89\xb8\x9d\x14\x87\x5d\x70\xa5\xdc\xd2\x96\xd4\x12\x59\xb9\xaa\x6a\x90\xea\xa6\x9f\x22\xa9\x9c\x2f\xaa\xa4\x32\x59\x31\x70\x9f\xb6\x7d\x02\xe1\x29\x47\x60\xa3\x1d\xc5\x6f\x47\x73\xb2\xd4\x56\x95\xab\x14\x5c\x8e\xc0\xda\xe3\x22\xbf\xb4\xb7\x55\x24\x15\x40\x4a\x17\xda\x19\xee\x2e\x07\x9e\x67\x27\xd8\x2e\xc7\x2a\x40\x55\xc3\x6a\x49\xb3\x56\x67\x2d\xa8\x5a\xcc\x38\x41\xac\x05\xa7\x14\xb1\xe6\xf2\x64\xa0\x3f\x69\xdb\x0d\xc2\x64\x56\xde\x46\x3c\x86\xdd\x8a\xe4\x64\x91\xae\x28\x56\x29\xd1\xac\xbc\xb5\xdf\x79\x76\x69\x7f\x2b\x28\xca\x61\x94\x9e\xb3\x32\x9a\x6c\x65\x42\xa5\x99\x61\xb1\x0b\xb3\x92\x5f\xd1\xa6\x5a\xa2\xac\x56\x58\x07\xa8\x0e\x1b\x4e\x90\x63\xc1\x23\x45\x8e\xb9\x0c\x59\xfb\xbc\x2a\x26\x87\xfa\xde\xe6\x9b\x94\xca\x59\x46\x72\xd6\x69\x6b\x5c\x86\x3b\xe8\xd5\x0f\x9a\x95\x6e\xfe\xc4\xf6\x00\xb1\x2d\x4b\x7d\x6d\xcb\x52\x4f\xdd\xfe\x63\x05\xe2\x04\xb3\xf8\xaf\xbc\x53\x55\x64\x08\x6e\x99\x81\xc1\x3a\xd7\x58\x57\x1f\x1f\xc4\xce\xf7\x69\x75\xa3\x2f\x6e\xf1\xfb\x6e\xb4\xf9\x1a\x2b\x97\x85\x59\x14\x94\xf5\x6f\x4f\xde\xa2\x35\x31\xf7\x8e\x4a\x68\xf2\x59\xa5\x99\xc6\xce\xb1\x15\xa9\xda\x4f\xa4\x1c\x2f\x86\x53\xbd\x8c\xe3\xac\x38\xb5\x28\x33\xba\x62\x0b\x9c\x7a\xd3\x38\xf2\xf0\x62\xc5\xf9\x49\xe4\xe8\x26\xd0\x73\x23\x0d\x00\x47\x24\x31\x4a\x3d\x7e\x37\x8f\x0c\x62\x6e\x1e\x36\xb0\x18\xea\xb7\x06\x5a\xa3\xcc\xc1\x7c\x6c\x63\x66\x3c\x9c\x6e\x54\x2d\x47\x9d\x0d\x94\xea\xab\xd9\x95\x24\xd5\xc6\x75\x50\x5e\x48\xfa\xa8\xa1\xa0\xd4\x5f\x44\xbb\xcd\xea\xe5\x47\xa5\xab\x5b\x52\x0f\x93\xfe\x8a\xdc\xa7\x91\x2e\x65\x88\x5f\x9c\x22\x02\x75\x96\x10\x4a\x6f\x6a\xd6\xaa\x7e\x41\x55\x7c\xd7\xa7\x6c\x24\x2e\xd4\x61\x8c\x01\x5b\x3a\x24\x63\xfb\xe7\x79\x2e\xf2\xab\x93\x04\xe9\x2e\xde\xa6\xf4\x1c\x14\x4d\xb1\x8e\x36\x14\x77\x83\x1f\x54\x50\xb1\xe2\xa9\x66\x5d\x0d\xed\x98\x43\xe9\x3b\x69\x47\x1b\x32\xf5\xb5\x69\x9a\x8b\x8e\x3b\x23\xa7\xc6\x11\xf4\xd2\x81\x73\x22\x21\x37\x19\x31\x85\x6a\x4a\x62\xa7\xf4\x14\xc4\x44\xe0\x6a\x23\xfe\x08\x9a\x4e\xaa\xf5\xbf\x1b\x7b\x1b\x99\xff\x69\xb8\x5d\x59\xcf\xfa\x1f\xd2\xab\x9f\xac\x3d\x95\xf5\x94\xb4\xe7\xd3\xf5\xc0\xa7\xe3\xf1\xa7\xe3\xe2\xc7\xf0\xa9\x44\xfc\x7f\x57\x11\x47\xec\xf4\xef\x21\xe1\x9f\xa2\x9a\x1a\x5d\xf3\x0f\xa9\xc6\xde\x9a\x4f\xc6\xfd\x4f\xc6\xdf\x4f\xc6\xc1\x8f\xe0\x51\xd9\x0d\x2a\x76\xd9\x96\xae\x61\xe1\x14\x58\x49\xb3\x79\x88\x2f\xf5\x08\x4f\xa2\x85\x77\x8f\x9c\x90\xd4\x92\xc3\x72\xa4\xc4\x7b\xab\x89\xf4\xa5\xc4\xd4\xaf\xef\xbf\x1f\x5b\x6b\x5b\xb3\x8f\xaa\xa3\xa6\x65\xfe\x88\x9e\xfc\x44\xed\xa8\xa8\xa3\xcc\xfa\x7d\x1a\x96\x7f\x22\xae\x7e\x22\xc6\xbd\x98\x37\x87\xff\x1a\x49\xfe\x78\x75\x51\xc9\xf2\xdf\x59\x23\x7d\x9a\x56\x54\x76\xd5\xc7\xab\xc0\x52\x1b\xf7\x49\x38\xfa\x69\x98\xf6\x52\xbe\x54\xa8\x6a\x6d\x7e\x4e\x1a\x79\xa1\xcd\xf4\x8d\x1c\xa9\xff\x54\x1a\x2f\x24\x58\x6b\x97\xcb\x40\x07\x6b\xa0\x50\x1d\x5a\x75\x7c\x27\xe7\xd4\x12\x6b\x25\x0c\xa6\x8d\x65\x96\x15\xd8\x25\x57\x07\x3c\x88\x67\xbf\x2c\x88\x18\x41\x40\xc4\x4d\xa9\x86\x47\xc0\xcb\x8c\x4e\x01\x4e\x44\xe2\x04\xec\x39\x78\x3d\xec\xc4\xbf\x3b\x01\x7b\x0e\x5e\xcf\x60\xbe\x90\x57\xb5\x10\xbc\x94\x82\x5a\xfc\xac\x85\xe0\xa5\x14\xd4\xe2\x79\x2d\x04\xa8\x49\x13\x8f\xf9\x55\x4b\xab\x55\x8f\xa3\xec\xae\x01\x2d\xf1\xf6\x14\xe8\x5a\xb8\x25\xae\x9d\x02\x5d\xcb\x20\xbe\x8c\x4b\x35\xc5\xf4\x45\xe5\xeb\x70\xb2\xa6\x90\xbe\xa8\x7c\x1d\x6e\xd7\x14\x51\xd3\x64\x89\x27\xe5\x2a\x84\x4e\x55\xf2\x95\x32\xaa\x4d\x5c\xab\x44\xa3\x2e\x76\x14\x5c\xc7\x5e\x43\x14\xca\xeb\x3b\x19\xc1\x29\x14\xd4\x6a\xf1\xc9\x08\xd6\xfa\x2a\x4d\x65\x7f\xca\x8e\x4d\x75\x77\xca\xd0\xf6\xde\xe4\x82\x5e\x13\x37\x06\xfd\x92\xbe\x2c\xab\xed\xd4\xf2\xa7\xd4\x5f\xa7\xb5\xa7\x96\xaf\xea\xc7\x02\x9f\xe5\xa8\x4b\xb1\xc0\x85\xad\xcb\xb2\x53\x41\x52\x7e\x83\xfd\xb0\x9d\x9b\x51\xaf\x24\xd7\x4b\x5d\xa8\x85\xf3\xdb\xa1\x4c\xc8\x7c\x1f\x01\xde\x3a\x14\xb6\x6c\x51\xd0\x39\xa9\xdc\x09\xae\xb0\x8a\xd1\x58\xcc\xb3\x50\xcc\xe0\xf4\x8a\x1b\x48\xc5\xc6\x76\x09\xb9\xee\xfc\x4a\x55\xf5\x1a\x2a\x03\x40\x5b\x3d\x2d\x7d\x89\x4e\xdb\x2c\x50\x17\x67\x4d\x26\xd6\xc6\xd7\x50\x2f\x69\x14\x44\xe1\x4f\x0a\xa1\x88\x70\x1e\x63\x74\xf1\x49\x98\x49\x5a\x7e\x7d\x2c\x7a\xfc\x43\x81\xb1\xb0\xf8\x05\xa7\x4a\xca\xd0\x9e\xc8\xe5\x3a\x28\x1b\xa7\xdc\x86\x89\x22\x7a\x29\xa3\x55\xea\xf2\x2b\x44\xd0\x2b\xd5\x14\x18\x9b\x38\xbf\xe8\xb2\xb6\x32\xcc\xa7\x0a\x75\x0d\x94\x1a\xbb\x05\x69\x96\xbd\xee\x16\x5c\x2f\x16\x6d\x85\x40\x76\x7f\x06\x7a\x4b\x5c\x01\x60\xe3\xf5\x8b\x2e\x9f\xb3\xa2\x3d\x91\xd1\x95\xf8\x74\x2e\x73\xa2\x2c\xfb\xb4\x31\x44\x2f\x65\xb1\x4a\x5a\x7e\x5b\x04\x7a\xe5\x9d\x02\x63\x61\xf4\xcb\x2e\xd3\x2b\xc3\x7c\x22\xaf\xeb\xa0\xd4\x95\x35\x27\xcd\xb2\x7f\xd8\x82\xeb\xa5\x1c\x57\x09\x14\x17\x25\xa0\xb7\xf8\xc9\x20\x16\x7e\xbf\xec\x7a\xc0\x12\xc4\x27\xb2\xbb\x06\x46\x9d\xdb\x9c\x30\xcb\x2e\x57\x1c\xd5\x4b\x99\x2d\xc8\x0b\x36\x8b\xc0\x97\x9d\xcb\xaa\x83\xe2\x7c\xcf\x6b\x71\x17\x74\x4f\xbf\xba\xcf\x44\xda\x30\x52\xf8\x36\x40\x03\x90\x26\x20\xe9\x21\xbd\x9f\x10\xc9\x60\x37\x11\x20\x19\xe4\x31\xbb\xb8\x68\x8d\xbb\x00\xaf\x6b\x9f\xb1\x2b\x44\x89\x97\x2b\xf6\xf1\xb2\x23\xf4\xd2\xe1\x64\xf9\x42\xbf\xc2\xb3\x36\x1a\xd0\x9f\x2c\x9e\xae\x0f\xda\xd5\xc1\xe3\x49\x77\x30\xfe\x02\x81\x1e\x2d\x9e\x86\x3a\xf0\x25\x81\x7c\x0c\x22\x70\xa3\xc3\xad\x72\x4f\x60\xbe\x15\xf4\xda\x72\x73\x6c\xb9\xaf\x27\x3b\x99\xc1\x90\xfc\x39\xfd\xd2\xc4\x8a\x7d\xc5\x15\xa0\xac\x5d\x0d\x2a\x31\xef\xf7\x20\xa1\xa6\x67\xab\x0e\x40\xed\x5e\x42\x56\xbe\x13\x15\xdb\x8f\x07\xd2\xa1\x7d\xf9\x7e\x68\x0a\x97\x6e\x94\xab\x78\x55\x30\x1a\x85\x67\x17\xca\x4a\x97\x7d\x97\xdd\x71\x6d\xbd\xd6\xbd\xd7\xe3\xef\x87\x28\xbb\xab\x7b\x0d\xea\x1d\x2e\xc3\x08\x46\xe2\xd4\x8d\x76\x6b\xb7\x15\xef\x5c\x2f\xcc\x9e\xe6\x83\x5e\x7b\xc6\xbf\xa7\xdd\x01\xa7\x43\x9c\x6b\x66\x3f\x94\x6d\xee\x79\x0d\xe5\xb7\xa5\xe3\x95\x8d\xe5\xca\xf2\x73\xf8\xac\xe9\xf9\x45\x76\xbb\x5d\xe0\x26\xee\xd6\xe3\x4f\xaa\x15\xa3\x58\xab\xa1\x90\x31\x72\x91\xa7\x34\x12\x36\xb1\xef\x46\x1d\xf2\x54\x9f\x7e\xb5\x08\xcf\x2b\x06\xdd\x32\xfc\x10\xf8\x7c\xc4\xf1\x68\x93\x31\xf2\xc4\xf9\xed\x7e\x6f\xdc\x9b\xc9\x57\xd8\x1b\x37\x82\x8a\x26\x88\xf4\x4e\xea\x25\xa0\xef\x08\xf5\x59\xbc\xf7\xd6\xb3\x78\x9f\x91\x6e\xcb\x89\xec\x2e\x5d\x1f\x74\x0f\x23\xd8\x0f\xdd\x28\x5e\x1d\x90\x0b\x2f\x95\x24\xf2\xba\x68\xa3\x3b\xe4\x57\x51\x9b\xd7\x59\x8b\x5f\x26\x9c\x04\x64\xc3\xa4\x57\xc4\x00\x41\xcd\x06\x20\xfb\x1d\xd0\x1c\xed\x59\x67\x93\x96\xe7\xc7\xa5\xd9\x25\x79\x82\x29\xe1\xb6\x8c\x25\x46\xd9\x5e\x19\x4d\xbd\x12\x82\x7a\x36\x6a\x7a\x6d\x59\x88\x38\x31\xb9\x2c\x75\x3e\x88\xfe\xce\x53\x9e\xd8\x6d\xde\x2a\xd5\xa6\x9d\x62\x3a\x5c\xba\x09\x5c\x5c\x12\x43\x8b\xf1\xa7\xfb\x90\x72\xf8\x01\x0d\xe4\xa6\x49\x2f\x0a\x77\xd3\x42\x89\xab\x7a\xd8\xc8\x33\x54\xf1\xf5\xf5\xb5\x99\x2a\x2b\xbe\x41\xdb\xd4\x70\x85\x50\xe3\x67\x40\xc8\x2b\x15\xd7\x9a\x02\xd6\x8f\x80\xe0\x30\x82\x31\xa4\x11\xe4\x74\xc5\x4b\x87\xed\xa8\x87\xbd\x36\xda\xeb\xe9\xf8\xe9\x68\x3c\xa0\x8a\x4b\xd2\x5b\x66\xb1\x70\x8b\x17\xd2\xb4\x1d\x2f\xc6\xdf\xc4\x95\x2c\x6a\x7f\xd2\x1d\x0d\x65\xa3\x5a\x76\x86\xe5\x33\xfa\xea\x8c\x86\x4d\xdc\x47\x2e\x45\xbb\xc8\x25\xe4\x02\x48\x3e\x75\x62\x9c\x0c\x12\xb7\xef\xe7\xcd\xa2\xe7\x6d\x0c\x19\x54\x4f\xe0\x30\x50\xfd\x5c\x08\xa1\x5b\xba\x39\x85\x99\x31\x3c\xac\xa5\xb6\x82\x21\xa2\x0f\x73\x5e\x90\xbf\x8c\x98\x9f\x7c\x71\xbe\x41\x40\xa3\x78\x23\xc4\x44\x91\x3f\x0c\x89\x95\xa1\xe6\xff\xa2\xf8\x54\x5f\x66\x14\x25\x98\x16\x27\x77\xa3\x6d\x40\x53\xee\x93\xc0\xe2\xb4\x75\x60\xfc\x10\xeb\xce\x86\xf9\x98\xf8\x41\x9c\xcb\x63\xe5\xfe\x68\x86\xaf\x78\x70\xd9\x78\x09\x42\x51\x23\x2c\x6b\xd2\x2b\x6e\xa5\xa6\x2f\x6e\x34\x64\x8d\x23\x54\x07\x3a\x00\xc7\xfc\xb4\x4e\xe9\x08\xb4\x00\xe5\x2c\x10\xb7\xe3\x0c\xe9\x05\x5c\x08\xed\xd7\xd7\x03\x89\xf6\x48\xd0\x7d\xcd\xe0\xbb\x59\x1c\x47\x59\xb8\x43\x38\x57\x8c\xd3\xcb\x9e\xe6\xc9\x53\x97\x67\xe9\x6e\xc2\xe8\x69\xda\xfc\x3e\x88\x1e\x02\x72\x9f\x55\xe3\x4f\xc1\x3e\x68\x3a\xf9\x6f\xe7\x9b\x04\x38\xe5\xa4\xa0\xbf\x3b\x69\x90\x84\x4b\xf4\x41\x1c\x71\x51\x55\xb2\x71\x23\xc5\x97\x1a\xe9\xbe\x54\xf1\x1e\x85\x76\x0b\x90\xfc\x3b\xcd\xdc\x24\xc3\x1d\x21\xd9\xff\x2a\x12\x0a\x4b\x43\xd3\xa2\x20\x03\x29\xa4\x4f\xed\x90\xa1\xc3\xe9\x7a\x84\xb1\xd2\x21\x0f\xb6\xbe\x53\x52\x30\x28\xf2\x38\x4f\x9e\xa0\x3c\xdb\xc3\x5a\x58\xa5\xc5\x58\x9b\x59\x5d\x4c\x94\x78\x17\x59\xd5\xd9\xb5\xac\xce\xae\x0b\xf8\x2c\xde\x29\xef\xff\xe5\xa3\x95\x8e\x09\xea\xdc\x0a\x50\xe5\x5e\x35\xfe\x78\xad\xf1\x18\x8d\x00\xe6\xb7\x98\x59\x51\x2b\xc0\xf2\x05\x6c\x08\x62\x85\x0c\x10\x38\xf5\x8d\x96\x41\x4f\x7f\x56\xe9\xea\xf4\xbb\xd0\x89\x63\x8c\x2c\x4d\x88\x3a\xdd\x24\x89\x1f\x11\xf1\xd7\x6e\x69\xef\xa9\xb3\x0e\xe4\xc4\x22\x13\x64\xaa\x46\x95\x3e\x68\x68\x55\xa9\xf6\x70\x0c\x73\x45\x85\x21\x92\x8d\xe1\xfa\x8a\xbd\x98\xd4\x50\xce\x27\xc9\xc6\x52\xaa\x8b\xe2\xd0\x2b\xcc\x9f\x1d\x9a\xe9\x6a\x5b\xdc\xd0\xf6\x71\x75\x52\xfc\x15\xad\x34\x6f\x85\x7b\x79\x9d\x68\x7d\x74\x21\x09\x78\xa9\x5e\x6c\x47\x25\xdd\x5a\x93\x52\x1b\xdb\x7f\x85\xd5\x87\xf1\x54\x54\x27\x9c\x9c\xca\xfa\x7a\xa2\xc6\x99\xb4\xcb\x03\xad\x8e\x31\x08\xab\xb0\xb6\xc8\x18\x95\xa9\x11\x1c\xa4\x3a\x54\x70\x64\x3f\x4e\xea\x41\xbc\x91\x2f\xa8\xd3\xda\x91\xa6\xd4\xbc\xbc\xce\x5d\xbc\xa3\xd3\x64\x5b\x3c\xc7\xf0\x4a\x27\xda\x64\x52\x52\x47\x97\x13\xd9\x1b\x14\x16\xec\xe3\x0c\xe1\xe8\xff\xa7\x86\xf0\x1f\x35\x77\x22\x8f\xaf\x9f\x3e\x77\xb2\x3b\x6c\x3d\xcd\x17\x1b\x60\x0e\x1b\x02\x64\x98\x75\x2e\x98\xd4\x4c\xcb\x52\xce\xa6\x9e\x22\x97\x59\x66\x79\xb8\xab\xf9\xdc\x18\xcb\xb7\xbd\x2a\xf9\xd4\xfe\xaa\x2e\xb7\x9c\xcf\xa7\x20\xca\x93\xfa\xc5\xdb\x60\xea\xa9\x77\xcb\x3b\xb4\x97\xe4\x4f\xc9\xb4\x68\x41\xfe\x68\x2c\xce\xb5\x6f\xa3\x18\xa1\xc5\x3c\xbb\x08\xc8\x51\x62\x72\x88\x9b\x2e\x55\x11\x8e\xf6\x7b\xea\x2e\x33\x74\x80\xab\x4e\xeb\xc7\x19\x74\xb5\x4a\xed\x48\x79\xdf\x24\x92\x13\x95\x3f\xfb\xdf\x54\x35\x97\xda\x49\xd0\x6d\x05\x62\x7e\x69\x2a\x7d\x32\x1f\x55\xf7\x34\xcb\xb4\x91\x45\x90\x40\x4a\x55\x84\x70\xdc\xd6\xf4\x64\x71\xcc\xd8\x20\x84\xd3\x5f\xf4\xe7\xcc\x10\xa2\x59\xde\xb8\x46\x13\xa1\x47\x7a\x15\xdc\x56\x1d\x15\x6e\xd1\x72\xc5\x82\xb3\x46\x2a\xc3\x42\x6a\xb5\x62\xab\xa5\x76\xcb\xe9\x96\x96\x53\xb3\x5b\x4a\x88\xda\x72\xd6\x52\x36\xf0\xf0\x26\x2b\xc4\x48\x8d\xc6\x6b\x62\x68\xe5\x36\x9f\xd2\xd5\x42\x86\x51\x73\x27\x31\x42\xc9\xd0\x38\x61\xa1\x85\x37\x9b\x87\x03\xea\xf7\x76\x29\x49\x6c\xc7\x80\xa4\x8a\xf4\xce\xe6\xaf\xb1\xd5\xe8\x6d\xad\x1e\xd9\x7d\x92\x1a\x2e\x25\x5b\x9b\x2d\xd1\xc1\x1b\xcd\x8f\xa7\x17\x1e\xb2\xb5\xc5\x95\xb4\xd0\x16\x7b\x2e\xa8\xc8\x14\x7b\x12\xb9\xc8\xe3\x93\x1d\x5b\x30\x92\x2e\x22\x19\x51\x72\xb5\xf0\x4d\x97\x5e\x6f\x61\x5f\x77\xa3\x86\x1c\x89\x5b\x8b\xb7\x96\xf8\x83\x89\x0d\xea\x3b\xa8\xd1\x6a\x14\xa4\x22\x1f\xa7\xef\x86\xbf\xc1\x88\xe6\x91\xe7\x18\x15\xdf\x46\x44\x30\xdc\x28\x62\xef\x71\xe6\x6e\x49\x67\xe8\xb7\x9d\x96\x11\x72\x26\xc9\x07\x9c\x31\xf5\x22\xf6\x93\xb2\x37\x28\xd5\xa0\xfd\xc4\xfa\x12\x65\x09\x3e\xc9\xa3\x59\x82\xff\xd3\x79\x08\xd3\x70\x11\x46\x64\xb6\x2e\x3d\x58\x66\xc9\x12\xa5\x77\x41\x92\xee\x02\x76\xbb\x51\xbf\xc7\xa6\xc5\x46\x12\xce\x7f\x7e\x29\x52\x97\x5f\xa7\x8e\x82\x90\x97\xdb\x0f\xdc\x13\x2e\x09\xea\x0f\xfd\x16\x91\x4b\xc7\x16\xa2\x97\xf3\xcb\x89\x61\x97\xad\xa3\x10\xe4\x51\xf8\x7a\xb4\x74\xaa\x88\xe9\xd4\xa3\xa6\x84\x29\x55\x84\x72\xff\xac\x16\xb9\xbd\x32\x52\x59\xe6\xd1\xa4\xd3\x46\xe2\x96\xde\x05\xab\xa7\x52\xe6\x69\x17\xef\xe3\x18\x0f\x22\x96\x7a\x02\x62\xdb\x1c\x4a\x7a\x51\x17\x45\x77\xe0\x8e\x2b\x96\x5f\x74\x77\xc7\x8e\xc0\xd2\x0d\x46\x0f\xd8\x1a\xcb\xdc\xe0\xb2\x5a\xe4\x41\x82\x92\x4b\x8c\x41\x12\x47\xa7\xee\x0b\x18\xcb\x6f\xfb\x55\x3f\xe5\x67\xae\x11\xeb\x2f\x0b\x4e\xda\xb5\x96\x70\x0d\xc2\x19\x0b\x6a\xbf\x1e\x42\x19\xae\xc6\x9c\x1b\x3d\x25\x01\x54\x4e\xbf\xdd\x20\x5c\xaa\xf7\xb4\xc7\xc7\x62\xe4\x84\x16\xf8\x28\x7e\x87\x06\x2e\xa0\x0b\x1c\x16\x4d\x20\x5f\xe4\xd5\xc9\x96\x5a\x53\xdb\xc9\xe2\x96\x51\x57\xbb\xc6\xfb\x1e\x59\xdc\x60\x9a\xb3\x36\xe9\xbc\x7b\xc8\xe3\x2d\xa1\x3f\xfd\xf6\x6f\x3f\x10\xbc\xbf\x88\x51\xdf\xfd\x29\xf4\x92\x38\x8d\x97\x59\x37\xaf\x83\xce\xd5\x5f\x13\xb9\x48\xb3\x64\xfe\xe5\x67\x57\x3d\xf6\xbf\x2f\x9d\x46\xb0\xf5\xa5\x8c\x5e\x91\xf1\xef\xbc\xf0\x2f\x4f\xbb\x60\xde\x57\x1a\x92\x04\xbb\x80\xec\x56\xa0\xff\x74\x3e\x20\xb2\xc0\xc4\x5c\x04\xaf\xf2\x67\x8f\xed\x5c\xaf\xec\x4c\xc6\x80\x9e\xce\xa5\x8f\x10\x8f\x13\x31\x7e\x84\x78\x30\x59\xd0\x25\x64\xfc\x72\xf1\x28\x25\xfd\xe3\xc5\xa3\x67\x13\x8f\xab\x4f\x23\x1e\xf9\x2e\x13\x3d\xbd\xde\xf3\xfc\xf6\x45\x8a\x7c\x41\x5a\x5e\xae\xd0\x6b\x69\x74\x57\xd1\xd3\x6e\x1d\xc2\xcf\x8e\xb7\x0e\x1e\x92\x78\xdb\xd1\xd4\x7f\x09\xa4\xee\xe5\xe4\xa0\x14\x4a\xb3\x6d\x6a\x66\x89\x89\x23\x53\x15\x11\x21\x1c\xe7\xee\x75\xb8\x65\x41\x1d\x1a\x5e\x30\x43\x38\x1f\xd3\xb0\x82\x20\xcb\xc4\xb0\x76\x0d\xd5\x0c\x11\x0b\x04\x45\x1d\x62\x56\x66\xa9\xa4\x26\x2b\xc5\x1a\x4e\xb1\xdc\x4a\xbf\xe5\x98\x29\x8b\x86\xaa\x13\x80\x32\x9c\xd3\x45\x00\x83\x24\xc8\xc3\x2a\x5f\xbe\x19\xf4\x86\xd7\x5f\x96\x12\x89\x96\x71\xbf\x54\x5c\x00\x3f\xf4\xdc\x0c\x46\x11\xd2\xfd\x22\x02\xd2\x93\x27\xe9\x79\xb4\x78\x3c\x13\xcb\xc0\x5f\xcc\xf0\xb7\x75\xf8\x32\x97\xfa\x76\x09\xb7\xf6\xf4\x70\x8a\xfc\x52\x0f\x42\x52\x23\x0a\x0f\xa8\xc0\x15\x81\xa4\x62\xe3\x61\x11\xb9\xeb\x8b\x25\x7f\x42\x28\xb4\xba\xc3\x96\xc0\xad\x5b\xb5\xa4\x98\xf9\x9b\x6b\x33\x5d\xd2\x64\xbd\x36\x12\x65\x95\xe2\x1e\x3c\xc4\xd7\xd7\x27\x24\x79\x83\x84\x03\xca\x1b\x30\x90\x1a\x30\x90\x43\x8f\x96\x03\x08\x45\x57\x8b\x4b\xe6\x8c\x3e\x13\xd7\xcd\x7d\x31\x93\xf7\x3e\xf2\x1b\xe7\xa4\xde\xcb\xb7\xa2\xd2\x61\x2b\x6f\xa0\x54\x36\x4d\x7e\xb4\xc7\x66\x12\x4d\xb7\x39\x1c\xf4\x40\xbc\x98\xfc\xa6\x5e\x12\x04\x5b\x36\xff\x35\x77\x21\xfc\xf7\x52\x98\x62\xfb\x41\xd1\x8b\xc3\x9e\x1e\xcc\x19\xe7\x6b\x1c\xc4\x0b\x1e\x7e\x42\xed\xa8\x2a\xc5\xf1\x27\x54\x8a\x9a\x2a\xd4\x50\x73\xd1\x4b\xb8\x5a\xe3\x51\xcb\x81\xa4\x05\xb8\x00\x0d\x6d\xc3\xe0\x20\x1f\xaf\x3b\x16\x3b\x65\x3a\xe2\x75\xb0\x9b\x22\x8d\x85\xa9\x9c\x0a\x20\xa6\xe7\x18\x14\x59\x53\x5b\xb8\x89\x5c\x50\x24\x09\x30\x2f\x02\x47\x66\x19\x7e\x10\x30\xf9\xef\x1c\x00\x98\xe2\x82\xbe\x49\x3a\xcb\x68\x0f\xae\x8a\x80\xd3\x92\x0d\x70\x03\x30\x07\xf1\xa3\xce\x3a\x4e\xc2\xdf\x48\x46\xd4\xf0\x73\x94\x46\xba\x28\x40\x03\x3c\x52\x16\x4b\x50\x78\x52\x06\x22\xd0\xc8\x1b\x8c\x44\x39\x25\x4d\x00\x6e\xdd\x07\x91\x4f\x3e\xa5\x64\xb2\xcb\x48\xec\x91\x97\x40\x94\x64\x0d\x9c\x6d\x01\xd3\x80\x79\xa2\x0a\xaa\xc2\xe4\x99\x3b\x77\x55\x94\x67\x3f\x8a\x2c\xb1\x49\xbf\xc8\xcf\x53\x04\x50\x1e\xe0\x64\x9f\xdc\x0e\x2a\xaf\xda\xc9\x31\xce\x13\x84\x50\x13\x2f\x43\x94\x2a\x24\xc7\xda\xef\x35\xfa\x14\xeb\x3e\xa9\xcb\x2c\x5d\x83\x76\x82\xca\x75\x85\xcf\x26\x53\x25\x46\xf2\xa5\x1d\xd2\x68\xf2\x78\xdf\x1a\xc6\x37\xb5\x05\x7c\xaf\x9a\xba\xec\xa4\xe8\x11\x69\x8b\x69\x27\x9f\x75\x1d\xe5\xb7\x0d\xa5\x8d\xe6\x67\xe1\x66\x17\x27\x99\xbb\xcd\x8e\xd2\x63\x86\x0c\x80\x7c\xca\xf9\xeb\xd0\x2f\x7a\x96\x98\x12\x39\x33\x5d\xc7\x8f\x2a\x55\x72\x6e\xb8\xa5\x61\x47\xf2\x76\xa1\x1e\x7e\x3c\x76\xa9\x85\xa2\xc8\x89\xfe\x9e\xf6\x5e\xf5\x1a\xee\xcc\x5c\x31\x33\x56\x94\x0d\xdb\x6d\xae\xaf\x91\x68\x0d\xab\xc6\x4a\xb8\xbb\x04\xa1\xd2\x76\x97\x1e\xff\x8d\x6c\x2a\x7e\x08\x83\x47\x02\xc6\xcd\x8f\x1f\x3c\x84\x5e\xc0\xec\xe4\xb1\xcb\xdb\xd3\x89\x56\x4e\xfe\xbd\xf1\x8b\xef\x74\x53\x7c\x7f\x48\xad\xb5\x17\x68\x58\xc7\x3a\x72\x0a\x73\xc5\x90\x24\x1d\x76\xe3\x23\x29\x7a\xe9\x3c\x49\x87\x4d\x37\x48\x8a\x5e\x3a\x4f\xd2\x61\x3f\xa4\x48\x8a\x5e\x3a\x4f\xd2\xc4\x57\x63\x47\xbe\xb3\x30\xdf\x0e\x71\x39\xb9\xa4\xfe\x08\xc2\x4a\x5d\xc8\xa8\xae\xc1\x00\x69\x86\x0c\x98\x58\xa1\x3a\x30\xf4\x64\x48\x5f\x82\x74\xb2\xb5\xbd\x1c\x79\xb8\x53\x2a\x58\xab\x25\xd8\x50\x3e\x19\x07\x63\xab\xe6\xbd\xbf\x10\x8b\x46\x90\x9c\x88\x62\xd4\xbc\x46\xee\x4b\xe6\xf5\x5c\x5f\xf7\x95\x7a\xd2\x4d\xcd\xbe\x93\x00\x4b\xfa\x4e\x87\xb2\xf7\x1d\x8c\x45\xa9\xef\x8c\x72\xd6\xbe\x3b\xb9\x7d\xb5\x7b\xf4\x74\xcc\xf5\xfb\xf9\xa5\xb8\x5f\xdc\xfb\x6c\xf7\xaf\x5e\x4f\xbf\x4f\x26\x83\x52\x45\x1b\xbf\x66\xf7\x4b\x80\x25\xdd\xaf\x43\xd9\xbb\x1f\xd4\xb2\xd4\xfd\x46\xb9\xea\xee\xaf\xdd\xc0\xd3\xfb\xbf\x3e\xea\x17\x08\xc0\xa9\xc8\x5f\x2c\x01\x7d\xba\x89\x56\x42\x19\xad\x6a\xf6\xb5\x04\x58\xd2\xd7\x3a\x94\xbd\xaf\xc1\x1c\x4b\x7d\x6d\x94\xab\xee\x6b\xa4\x29\xa7\xf7\x2a\x86\xe4\x05\xfd\x67\x47\x73\x6a\x4f\x19\xba\x9f\x39\x45\x25\x9e\xc9\xc9\xfa\x84\x63\x94\xb4\x6b\x35\xc6\x0a\x01\xe5\x28\xa5\x11\x5b\x8d\x32\xe7\x19\x2f\x2c\x89\x80\x5e\x38\x67\xeb\x2e\x09\xb7\x59\x85\x4f\xc2\x60\x2c\x45\xca\x65\x5c\x85\x2d\x11\x73\x04\xd0\x2e\xe9\x14\x58\x16\x76\xac\xb4\x2e\xef\x2a\x70\x2d\x67\x0c\x6b\x78\xd5\x88\xd0\xa0\x35\xd1\x3f\xa1\x9e\xca\x41\x83\xc2\xbf\xbc\x5d\x2f\x19\x5d\x1c\x11\x97\xb7\x52\x59\x3a\xfe\xeb\xbf\x34\x1a\x5f\xbf\xa2\xd1\xd8\x9b\x7f\xfd\x97\xaf\x5f\xd1\x3b\xb3\xfe\xf5\x5f\xe0\x93\x5e\xfa\x44\xbe\x00\xc0\x0f\x1f\x1a\x5e\xe4\xa6\xe9\xbc\xa9\xcd\x72\x9b\x37\x04\x40\x05\x21\x93\x49\x3e\xdb\x14\xd9\x00\xb0\xee\xe7\xdf\x8d\xc6\xf7\x4f\xbb\x20\x01\xf0\x30\x69\x24\x01\x21\x26\xcd\xe1\x5e\x49\x80\x5f\xaf\x07\x52\x21\xba\x66\x34\x6d\x1c\x0e\x5d\xfa\xf5\x27\x77\x13\xb0\x06\xf0\x72\x02\xf6\xeb\x57\x40\x0c\xff\x2e\xa8\xbb\x81\x72\xaf\x61\x6e\x96\x7d\x13\x45\xff\xb9\x8f\xa0\x05\x2e\x9d\xf6\x85\x41\x7a\x3c\x8a\x22\x1c\x9c\xca\xaa\x68\x0e\xfd\x21\x35\x24\xe3\x3c\x12\x64\x7d\x9d\x25\xd2\x2f\x0a\x20\x8a\x3e\xec\xa3\xd7\x71\xd4\xbc\x21\xa4\x7e\xfd\x2a\x5b\xeb\x70\x37\x3f\x07\x0f\xe4\x69\xa3\x27\x2c\x53\x20\x09\x17\x14\xc7\x0f\x24\x58\xe7\xef\xbd\xe0\x0f\x28\xf4\xcd\xb7\x41\xea\x25\x21\x8d\xd0\xa1\xf9\x3f\xba\x4f\x41\xa2\xe5\xc0\xcf\x82\x76\x92\x27\xb7\xec\xeb\x8c\x8b\x00\xfb\x79\x38\x24\xe4\x26\x85\x46\xf7\x67\xe8\x2e\x83\x81\x0a\x3b\x04\xe5\xc0\x71\xd1\xc0\xe3\xb1\xa9\x51\xe4\x93\x0e\x61\x7d\x08\x35\xfb\x58\x6e\x51\xd8\x06\x21\x31\xc5\x0e\x24\x71\xc6\x0e\x44\xd9\x63\x64\x2b\x0c\x3a\x1c\x82\xad\x2f\x4b\x9c\xcc\x20\xf8\x45\x2f\x7a\x65\x03\x8a\x49\xd3\xd7\xaf\x38\xc0\xd7\x8c\x80\x9b\x57\x5f\x9d\x35\xde\xfe\xaf\x7d\x90\x3c\x35\x1e\x06\xdd\x7e\x77\xd4\x78\x6e\xb4\xbc\x76\x03\x4c\xc4\xd8\x81\xbf\xfb\x63\x91\xfd\x47\x12\x45\xa0\xcb\x8b\x4e\xe3\x87\xad\xd7\x05\xc0\xb7\xef\x49\x4e\x37\x4e\x56\xaf\x22\x98\xf7\x6f\xd3\xa0\xf1\xd5\x2b\x52\xdd\xd9\x72\xbf\xf5\x08\x68\xcb\x75\x16\xed\x43\x93\xdd\xf1\xd0\x9c\xcf\x33\x18\x65\xf1\xb2\xb1\x01\x0e\x45\xc1\xf9\xb9\x25\xa3\x1b\x7c\xa0\x23\xf0\x56\xfd\x39\x77\xbb\x7e\xec\xed\x37\xc1\x36\xbb\x5d\x00\xe6\xb3\x5e\x7b\x5a\x54\xd4\x3e\x84\xcb\xd6\x59\x01\xd2\xce\xd6\x60\x18\x1a\xdb\xe0\xb1\xf1\x5d\x92\xc4\x49\xab\xc9\x1b\x92\x04\xef\xf7\x61\x12\xa4\x0d\xb7\xf1\x18\x6e\x7d\x80\x79\x0c\x41\xb6\xdd\x86\x28\xd9\x6c\xcf\x92\x20\xdb\x27\xdb\x06\xd4\xd2\x3e\x4e\xe9\xdf\xad\x26\x34\x3f\x58\x82\x9e\xf1\x9b\x67\x82\x5c\x56\xfe\x96\xfd\x33\xcd\xd6\x61\xea\xa8\x2d\x7f\x70\x41\xf4\xe6\x77\xf7\x8e\x3f\xf7\xba\x29\x61\x92\x13\xc0\x17\xa8\x2c\xcf\xcd\x9c\x25\x7c\xee\xf6\xe9\xda\x59\xc1\x07\x5d\x0b\xf9\xf3\xd2\x59\xcf\x0f\x47\x27\x9c\xaf\xbb\x59\xfc\x73\x96\x90\x97\x11\xdf\xc2\x8f\xb5\x9b\xfe\xf9\x71\xfb\x97\x24\x06\x2d\x95\x3d\x39\xef\x08\x50\x24\x31\xc4\xd9\xcc\x9b\xb4\xff\x9a\xce\x76\xae\xd2\xc0\xdb\x42\x18\xb1\xed\x2e\xb7\x50\x51\x98\xd1\x9c\xa3\x13\xcf\x5f\xfd\x7a\xf7\x26\x7d\xb3\xff\xe3\x77\x7f\xfc\xe3\x9b\x0f\xdf\xf4\xee\x2f\x9e\xb5\xdf\x9f\xbf\x5a\x39\x3b\x00\x23\xd1\x9e\x57\xce\xfb\xf9\xab\x4e\xeb\xee\x8d\xef\x76\x7e\xbb\x6f\xbf\x5a\x85\x4e\x82\x57\xb6\x00\xea\xff\x63\x07\xb4\xbe\x76\xd3\xa0\xd5\x3e\xce\x48\xcd\xf3\x6d\x77\x97\xc4\x59\x4c\x98\x37\x3f\x30\xe1\x99\x6e\x1c\x60\x46\x9a\x25\x7b\x2f\x8b\x93\xe9\xd6\x49\x83\x28\xa0\x9f\xcd\xa6\x13\x05\xdb\x15\xd9\xe0\xe9\x64\xf1\x37\x49\x02\xb6\x22\xaf\x2b\xaf\xc8\xef\x7a\x6e\x14\xb5\x08\xeb\xa1\x3d\xab\x20\x53\x24\x42\x34\x7d\x0f\x26\x7e\xee\xde\xf6\x6e\xdc\x5b\x02\x79\xe7\x5e\x90\x7f\xba\x0c\xff\xfd\x94\xa5\xdd\x4f\x55\x64\xa4\x67\x7e\xce\x5c\xef\x9d\x82\x92\xf4\xe8\x02\x5a\xb2\x09\x92\x55\x40\x41\xbb\x52\x03\x5a\x6d\xc7\x2d\xa4\x87\x6e\x8c\xfa\x33\x15\xf1\x39\x15\x8e\x05\x8d\xbd\x06\x1f\xd8\x4f\xf1\xc3\x59\x1c\x9d\xc0\xf5\xd6\x53\xbc\xdf\xba\x24\x8f\xd6\xe4\xb0\x5e\xdb\xb8\x3b\xac\x95\x14\x65\x4e\x74\x0b\x48\x74\x77\x2d\x55\x26\x17\x8e\x97\x83\xbb\xac\xb1\x90\x44\x90\xb6\x01\x2f\x95\x4f\x84\xc7\x1a\x62\xbf\xeb\xee\x76\xd1\x13\xa7\x28\x59\x51\xf9\x4b\x09\x02\x7a\xad\xa5\x0d\x41\xf0\xbe\xd5\x03\x18\x72\x63\x62\x09\x48\xa7\x0f\x30\xc1\x7b\x84\xe5\x52\x8f\x39\xde\xfc\xc2\xbd\x68\x91\xee\x5c\x4c\x7b\x39\xbf\x35\x3a\xbd\x9b\x79\xef\xfc\x7c\x71\xe3\xdd\xde\xd1\x0e\xf6\xee\xef\xa7\x77\xf7\x04\xfd\xd6\xb7\xb6\x32\xef\xb0\xe7\x67\xa3\x6f\x89\x18\x71\xb9\x98\x2e\x9d\x14\x54\xd2\x14\x06\x35\xfc\xe3\x80\x27\x43\x58\x07\xbf\xe8\xc7\xd1\x81\x4e\xfb\x90\x41\x3d\x73\x3a\xe2\xf8\xb7\x54\x27\x69\x12\x74\x26\xf0\xde\x77\x02\x67\x09\x0a\x20\x67\xe4\x5d\xef\xfe\xf9\x19\x46\xf7\x7a\xde\x07\x35\x90\x27\x8b\xa6\xbf\x9d\x9f\xf5\x67\x4b\xa2\xce\x16\x71\x1c\x05\xee\xb6\x50\x9e\xab\xf3\xf3\xd6\xdb\xf9\x4a\x41\xb6\xe6\xc8\x2e\x2e\xda\x8e\xa1\x6d\x57\xcf\xcf\xa0\x0e\xd2\x3f\x0a\xba\x56\xed\xe7\xe7\xd6\x0a\x54\x4b\x1b\x6a\x9f\xcf\x43\xc0\xb7\x62\x82\xbb\xee\x74\xda\xb3\xf0\x66\x3d\x23\x88\x40\xcf\xb2\x11\xd5\x72\x95\x9a\xda\x6d\x42\xd7\xa2\x11\x82\x70\xb5\xbd\xf9\xea\x6e\x41\xf4\x9e\x4b\xfe\x59\x9d\xcd\xe7\x3e\x21\xef\xfc\x9c\xfc\x43\x6a\xfd\x0b\xf8\x5a\x5b\xc6\xeb\x96\x4f\x2a\x0e\xe6\x24\x99\x0e\x74\x48\x68\xb7\x6f\x5b\x01\xfc\x1f\x9a\x4b\xf4\xe4\xf9\x79\x91\xe9\xb5\x6f\x3d\xd2\x93\xd3\x3c\x5d\xc6\x45\x73\xa1\xc9\xa4\xfa\xb9\xe0\x7d\xeb\x2d\x30\x19\x90\x4e\x1f\xe2\xd0\x6f\xf4\x38\x35\x14\x04\x52\x85\x00\xad\x8a\x8e\x6b\x1d\xc0\xe8\xc0\xa4\x2b\x9e\x72\xb3\xd1\xbc\x68\x6d\x2e\x7e\x72\x61\x32\x91\x90\xe4\x4d\xab\xdd\xee\x82\xa3\x18\xb9\x5e\xd0\x7a\xf5\xe6\x5b\xd0\x92\xcd\x66\xdb\x09\xd3\xbf\x82\xc3\xf2\x34\x3d\xeb\x39\x01\x31\x3a\x8a\x1c\xeb\x06\x09\xac\x8a\xb3\x8d\xe3\x9d\x2c\x8c\xa0\xfa\xf3\xfe\x40\x06\x79\x53\x24\x41\x27\x42\xe3\x48\x3f\x52\x34\x9c\x35\x53\xfa\xb7\x60\x14\xa4\xfe\x6f\x66\x99\xec\x3a\xf1\xfc\xdc\x05\x4c\x6e\x97\x99\x30\x82\xe8\x4f\xd0\x9f\x49\xe8\x21\x65\xce\x8a\x2e\x70\xdb\x50\xb0\xb3\x73\x93\x34\xf8\x23\x59\x08\x81\x84\x8b\x3e\x8c\x37\x82\x40\xea\x0c\xac\x05\x5c\x08\xcf\x24\xfa\x9f\x9f\xdd\xee\x36\xf6\x03\xb2\x49\x8a\x89\x24\xa3\x1b\xb2\x6e\xcf\xfa\x53\x57\x1e\x85\xe7\xe7\x67\x6f\x99\xe6\x52\x92\x0b\xcb\xe2\x34\x81\x04\xf1\xe3\xcf\xcb\x26\x45\x71\x46\x29\xfb\x6e\xb3\xcb\x9e\x10\xca\xa8\x82\x99\x49\xc2\xcb\xdb\xdb\xe7\x82\x41\x4a\x13\x6c\x36\x3e\x02\x03\x6f\xdd\x8b\x66\x73\x6a\x8c\x30\xf7\xf9\x59\xee\x32\x91\x7a\xbb\xbe\x0b\x79\x23\xda\x30\x40\x45\xb1\xa9\xc8\x07\xe9\x8d\xe2\x85\x1b\x7d\xf7\xe0\x46\x26\xa5\xa0\xfe\x02\xc8\x98\xb9\x84\x83\x49\xb8\x81\x0c\x07\x3a\xb2\xd5\xa7\x3d\xc9\xfd\x08\xf0\x57\xc0\x1d\x03\xf6\x84\x80\x18\xc6\xd2\x62\x1e\x75\xbd\x24\x70\xb3\xe0\xbb\x28\x20\x23\xb6\xd5\x64\x2e\x20\x48\xed\x82\xae\x2f\xcd\x5d\x27\xea\x12\x7f\x9b\xe8\x77\xb2\xa1\x8d\x5c\x6b\xdb\x5a\xb4\xbb\x6c\xb9\xe8\x4f\xd0\x41\x20\xf1\x9b\xf8\x21\x10\x39\xed\xa9\x07\x75\x83\xf8\x79\xe0\x34\x47\xc4\xd4\x63\x1c\x72\xf3\x71\xb2\x73\x9a\xe0\x45\x34\x8b\x81\xf3\xde\x49\xe8\x18\xf0\xe9\xd4\x09\xb7\x7f\x4c\x34\x48\x3e\x88\x5c\xfe\x0d\xfe\xc5\x8f\xf1\xa3\xf0\x2f\xa0\xe1\x0b\x35\x05\xb1\xa8\xc4\xf6\x11\xfe\x81\xc6\x9d\xf7\x40\xa7\xb8\x42\xa5\xae\xe6\x29\x90\x3b\x03\xb5\xe6\x51\x27\x72\xd5\x3e\x10\x59\x98\x2d\x6f\x82\x59\xc0\xf4\x9d\x0f\xf8\x99\xd5\x73\xef\x82\x7b\xc0\x04\x8a\x6d\x0e\xaa\xa9\x4d\x4f\x12\x1e\x83\x08\x78\x4d\xca\x04\x4c\x7e\x6a\x96\xb0\xd7\xc5\x64\x83\x14\x0c\x1c\xf2\x4f\xbd\xfa\xca\x4b\x09\x2d\x07\xd2\x45\xa4\xa6\x4c\x98\x41\x94\x5b\x44\xa0\x8b\x9e\x8a\x89\x7a\x23\xae\xc7\xbb\x40\x73\xc5\x24\x3f\x77\xf1\xfc\x7c\x77\x3f\xd3\x15\x4c\x2b\x6d\x71\xd5\x0c\xb2\x72\x2b\x3c\x27\xcf\x69\xa6\xd4\xbd\x95\x87\x05\x71\xc2\x5c\xd0\xeb\xac\x25\x1e\xf8\x52\x6d\xc7\x83\x91\xbb\x35\xeb\x94\x3c\x19\x46\xf5\xe2\xb6\xd3\x9f\xae\x84\x53\xe3\x42\x3e\x90\x4b\xaa\xd2\x48\x25\x6c\x63\xe4\x5e\x2c\x84\x04\xf8\x20\x10\x41\x2e\x10\x33\xef\xc6\x9f\xf9\xd0\x19\xc0\xc3\x8b\x8b\xfb\xf9\xe2\xce\xcf\x5b\x25\x60\xe6\xc0\x61\x18\xa5\xc0\x1e\x83\x2a\x51\x01\x91\x33\xf0\xfc\x97\x80\x7b\x55\x08\xdb\x7a\x7e\xe6\xcd\x56\x37\xcb\xd9\x12\x2a\xf0\xe7\x67\x30\xb9\xb8\x5b\x02\x14\xf4\x15\xa8\xc4\xf5\xf9\x79\x40\x5d\x18\x9a\x9a\x1b\xa6\x40\x77\xfa\x64\x69\x36\x2a\x20\xd2\x0c\xae\x03\x74\x05\xc8\xc5\x9a\x1a\x65\xa9\x46\x51\x21\x11\x49\xd6\x47\x60\x0a\x43\x56\xa9\xdf\x9e\xe5\xa2\xb5\x64\xa2\x55\x59\x40\x90\xc8\xa5\x1d\x5a\x1c\x12\x4f\x9c\xec\x37\xe8\x3b\xa0\x95\x3f\xa0\xb2\x42\xbc\x1e\x5e\xd4\x90\x83\x05\xc8\x8c\xc7\xfc\x86\x05\x28\x25\x77\x4e\x2a\x96\xfd\x14\x97\xf8\x06\x73\xee\xad\xe7\x1e\x88\x33\x68\x03\x2f\x4c\xc7\xce\xe5\x94\x2d\x98\x4b\xe7\x04\x7c\xfa\xd5\xd2\x11\xb4\xa9\x0f\xdb\x25\xa4\x03\x3b\xa5\x7f\x88\x4d\x22\xff\x5e\x5c\x40\x3f\x71\x17\x82\xa8\xad\xc7\xe9\xb7\xa0\x4f\x41\x27\x3d\x3a\xe9\x7e\x47\xe6\xa8\xd3\x77\x47\x42\x2b\xf5\xd8\x9b\x7f\x60\x0e\x5a\x03\x2c\xea\x22\x48\x1a\x6c\x36\xd7\x10\xad\x68\x50\x99\x6e\x10\x0c\x8d\xbf\x06\xab\xef\x3e\xec\x1a\x6c\x98\x30\xef\xa0\x49\x7d\x49\xd0\xd2\x0d\x50\xd0\x2a\x03\xd7\x77\xcd\x3b\x66\x31\x1a\xcd\x8b\xc5\x45\xf3\xbe\x79\x6f\xa8\xbf\xf6\x4c\x94\x69\xa4\x85\x0f\xdd\x64\x32\xd2\x24\x3d\x4b\xb4\x69\xee\x4e\xe7\xa6\x78\x86\xf8\x19\x1e\x62\x93\x99\xad\x11\x46\x1b\xdc\xec\xdb\xb3\xde\xb4\xe9\x92\x26\xf1\x22\x3d\xa2\x94\xc1\xb6\x6d\x69\xeb\x95\xde\x5d\xdc\x10\xc7\xbc\xd3\xa7\x12\x76\x24\xa4\x65\x73\xc4\xca\x09\xdf\xd8\x59\x3b\xa1\xf3\xd6\x79\xe7\x44\xce\xc6\xd9\x3a\xb1\xb3\x73\xc0\x70\x38\xa9\x93\x39\xfb\x79\x33\x0d\x7f\xfb\x2d\x0a\x9a\x17\xfd\xaf\x88\x67\x45\xd8\xe9\x3c\xc8\x13\xe3\x47\x18\x1e\x1f\xe0\xbf\xa7\xf9\xda\x85\xe9\xd9\x6f\xec\x9f\x6f\xd8\x3f\x7f\xc0\xa7\xaf\xc4\x27\x22\x52\x18\xcd\xcf\x7a\x6d\x07\xfa\xfa\xf5\xbc\xff\xf5\xd7\xc3\xbe\xf3\x2d\x38\xc7\xfa\x5c\xfc\x3b\x32\xca\xff\x38\xff\x8e\x1c\x6c\x74\xfe\x9d\xfc\x4b\xa6\xf4\xdf\x8b\x8f\x1f\xe0\x83\xcd\xfc\xff\xc7\xdc\xa6\x89\x7a\xc4\x4f\x16\xda\xc7\xbf\xf1\x66\x1e\x33\x05\x2e\x4c\x5a\x08\x29\xdc\x21\x69\x78\xbc\x7b\x3a\xfd\xa3\xf3\x3f\xe7\x4d\x6f\x1d\x78\xef\x02\xff\x99\xcd\x99\xe1\xc3\x4d\x9f\xb6\xde\x33\xd9\xcc\x42\xb7\x8e\xd3\x2f\x12\x64\x7d\xe6\x1b\xeb\xd2\x67\x3f\x58\x06\xc9\xb3\x1f\xa6\x24\x34\xe4\x3f\xb3\x88\xec\x73\x98\x82\x7a\x79\x8e\xc0\x17\x7d\xde\xec\xc9\x25\x10\x51\xf0\x4c\xae\x76\x7b\x06\xbb\xe1\xc7\xdb\xe8\xe9\x99\x07\x4d\xa0\x2e\x0f\x32\xfc\xa6\xf3\xe3\xbc\x79\xf7\xe6\xcd\x87\x41\xef\xcd\x9b\xec\xcd\x9b\xe4\xcd\x9b\xed\x9b\x37\xcb\xfb\xa6\xf3\xd3\xbc\xd9\xba\x9d\xbe\x81\xff\x75\x9f\x01\xe0\xb1\x73\xff\x7c\xf7\x2b\x00\xf6\x7a\x1d\xf8\xdb\xed\xdd\xb7\x2f\x9a\xce\x9f\xe6\x3f\xe5\x96\xa5\xf9\xd8\x74\x9a\x8f\x9f\x81\x94\xff\x79\xde\x7c\xf3\xe6\xae\x79\xf1\xe3\x45\xf3\xab\x56\xf3\xe2\xa7\x8b\x66\x1b\x50\xf1\xdf\x77\x5f\xfd\xfa\xf9\xf3\xd9\xdf\xef\x6f\xe7\x6d\x9e\x72\x3b\xfd\xb2\x55\x54\xf5\x2b\xf9\xf7\xcb\xfb\xf6\x57\xed\x2f\x9f\xdf\x34\xf5\x8c\x37\x4d\x92\xf3\xa6\xf9\x0c\x78\xff\x04\x78\xdb\xcf\x1c\xcb\x9b\x37\x40\xf3\x5f\xe6\x60\xef\xf2\x0a\xdf\xbc\x69\xb5\x5a\xa7\xa3\x6e\x3f\xeb\x39\xad\x36\x30\xe0\xfe\xfe\xb9\x79\xf1\x67\xc0\xfc\x55\xfb\xb9\x0b\x70\x6f\x48\xd5\xce\xff\x9a\x13\x61\x65\xc3\xbe\x05\x74\x00\x4f\x9a\x2b\x60\xc1\x5f\xe5\xf4\xe6\xaf\x94\xc6\x0b\x8a\xf8\x57\x8e\xf4\xbe\x2d\x6a\x01\x8c\x2c\xff\x73\x5e\xf8\x67\xa4\xf0\x57\x0e\xfb\x07\xb2\x7f\xc1\xb2\x5b\x77\x37\x17\x7f\x27\x24\xc2\x8f\x76\x0e\xfa\x1f\x0a\xe8\x5c\x80\x02\x01\xf7\x5f\x42\x7b\xbf\xba\x95\xb9\x47\xeb\xfe\x4f\xb9\xc4\x5f\xda\xce\xff\xd6\x2b\x03\xae\x7f\x0e\x70\x7f\x9b\x1f\x7e\xf8\x76\xaa\xe4\x7d\xc6\x59\x0f\xb9\xaf\x7f\xfc\xe6\xe7\x9f\xd5\x5c\x68\x68\x91\xff\xcb\x37\xff\xae\xe6\x92\x2c\x4d\x92\x80\x7e\x06\xfc\xcd\x2f\xbf\xfc\x75\xaa\x51\xf1\xe7\xb6\xf3\x97\x9f\xbf\xfb\x8f\x6f\xff\xac\x67\x00\xc9\xaf\xbf\xff\xe1\x47\x8d\xb4\x69\x8b\x0a\x3f\x8d\x6b\x3c\x93\xc8\xc5\xf3\x36\x5b\x93\xff\x3a\xe4\x47\xbb\xd3\xa2\x4f\x3f\x3c\xc7\xcb\x0e\x51\x6e\x5c\x78\x38\xb7\x82\x07\x18\x3f\xb1\xef\x43\xef\xdd\x5d\xc0\x28\x68\xb7\xde\xbc\xf1\xbf\x6a\x6f\x9f\x0b\xf9\xe5\x19\xfc\x37\x64\x5f\x80\x70\xe4\xac\xa5\x82\xd2\x0c\x89\x7f\x0e\x86\x44\x6b\x37\x19\x17\xff\x13\xda\xf9\x39\x07\xd9\x06\x81\x9f\xbe\x66\xf1\x24\xbd\x6d\x04\x1d\xeb\xe6\x69\x41\x55\xf0\xfe\x79\x05\x6d\x62\x2d\x2a\x1a\xa8\xb6\x01\x7e\xc0\xa8\xf5\xdb\xb7\x94\x74\x89\xb0\xd6\xed\xfc\xee\x57\xa0\xfd\x73\x4e\xe2\xd1\xf9\x3f\xf3\x57\x84\xaa\x70\xbb\xdb\x67\x5c\x21\x3d\x13\x62\x60\xee\xe0\x3e\xb3\x8b\x4c\xdb\x9f\xbf\x0a\x9d\xff\x07\xe0\xd6\x6f\x7c\xf2\xf9\x39\x89\x3e\xfe\x7a\xb8\xbf\x78\x73\x78\x93\x7e\xf5\xe6\x6e\x4b\x4f\x4d\x37\xde\x3c\xbe\x72\xfe\x2f\xc3\xf6\x59\xeb\x8e\x68\x10\x60\x4b\xeb\xcd\x23\xfc\x0d\xb2\xc0\x13\x00\x97\xe3\xba\xf3\x57\x77\xd0\xac\x57\xce\x02\xbe\x60\x6c\xbe\x81\x59\xb8\xe7\x2a\x92\x47\xc7\x21\x0c\x43\xdf\xed\x2c\xef\x0f\x7d\x67\x72\xa4\xad\xb8\x7d\x66\x4d\x84\x31\x49\x5b\x40\x44\xd8\x77\xe7\xa8\x83\x35\x6f\xf6\x3e\x80\x9d\xed\x4c\xc6\xe3\xe1\x44\xb8\x3b\xc4\x59\x03\xbf\xc0\x23\x01\xa8\x1b\xff\x96\xd9\xf6\x2e\x39\xd2\xf4\x7a\xed\x26\xaf\xc1\x2e\xb6\xfc\x0b\x5a\xa2\x3d\x45\x33\x6f\x6e\xfa\xbd\xe7\xf1\x78\x70\x3d\x71\xfa\xbd\xc1\xf0\xdc\x7f\x1e\x4f\x86\x83\x1e\x9d\xb8\xc8\x4e\xcc\x86\x44\x4f\xb3\xe4\xe9\xf0\x3d\x77\x63\xbe\x9b\xff\xc0\xfc\x96\x87\x2e\x95\x3e\x32\x2f\x4b\xdb\x8e\xfa\xeb\xbb\x3b\xf9\xb7\x08\x74\xe6\xf6\xfa\x08\xee\x0f\x78\x28\x4b\xb0\xb5\xdf\xcf\x0f\x14\xef\xf4\x3b\x0e\x75\xab\x1a\xa9\x7f\x17\xb3\x18\x87\x57\x0b\xd3\xbe\x23\xea\xfd\xbb\x92\x37\x4d\x6e\x9a\x89\x02\x62\xbf\xb8\x03\x0d\xff\xb4\x67\xb9\xf3\xec\x81\x01\x3b\x1e\x73\x0f\x65\xe5\x52\x86\x83\xb9\x67\xb8\x96\x60\xf1\x99\xbd\x8f\xa9\x9d\x7f\x74\x3e\x10\x57\xb6\xb5\xb8\x5d\x74\xe3\xc7\x6d\x90\x7c\xcb\x8d\xfb\xf3\xf3\x62\xfa\xd0\x26\xa1\x84\xf3\xf3\x0d\x50\x06\xfe\x22\xb8\x1c\x5b\xa0\xc0\x27\x53\x11\xe7\x1d\xf8\x45\xa2\xcd\xf9\x7c\xe3\x4c\x9a\x9c\x9f\xc1\x7f\x7d\x28\xff\xee\xfc\xfc\x9a\xfd\xd3\xa7\x3f\x85\xc1\xf5\x49\xbd\x67\xe0\xdf\xec\xe8\xcc\xb0\xcf\x61\x5b\xcb\xf9\xff\xed\x06\x1f\x02\x3a\xfd\x25\x86\xfa\xed\x7c\x79\xd7\xbf\xa7\x30\xd7\x73\x52\x9e\x7c\xad\xa1\xf6\x55\x90\xf1\xf9\xf6\x1f\x9e\x7e\xf0\x5b\x6f\xdb\xce\xd9\x1a\xaa\x5d\x4b\x93\x6a\xa5\xae\x35\x5d\x80\x02\x14\x6f\xf3\x64\xe6\x69\xaf\x41\x40\xf3\x59\xa3\xc6\x06\x20\x88\xd4\xa5\xa4\x99\x35\xb7\xcf\xcf\x33\x98\x19\xad\xe1\xdf\xea\x5a\x08\xfd\xcb\xbb\xc1\xbd\xc8\x17\xd2\xe7\x3b\x72\x9b\xd2\x3f\x3c\xfd\xe2\xae\x08\x2e\xc2\x08\x87\xb6\x80\xf2\x62\x78\x0f\xb5\x78\x2a\xe4\x6b\xb2\x04\x47\x60\x2b\x71\xe6\x90\x84\x6a\x20\x88\xcc\xcc\xbb\xef\x53\x32\x97\x3c\x7b\x0f\xdc\x7b\xdf\xcd\x82\x94\x4e\x27\x29\x9f\xd3\x79\x32\xdf\x83\x9f\xb7\x00\x3f\x8f\x77\x90\xeb\x10\x07\xf5\x5d\xb1\xc2\x74\x36\xe7\xa2\x60\x06\x0f\xda\x87\x78\xbe\x22\x53\xa6\x56\xc2\x3a\xec\x9b\x0c\x04\x05\x54\x16\x58\x94\xd0\x07\x5f\xe1\x16\x2a\xc8\x8d\xcc\xc2\x75\x40\xa9\x7c\x7e\xde\x6c\x4f\x17\xdd\x54\x07\x76\x60\xec\xa5\xe0\x19\xc1\xd4\xe1\xcb\xe6\x45\x7a\xd1\xfc\xf2\xbe\xd1\x74\xa2\x79\x2c\x9c\x3b\x36\x2e\xa2\x4e\xa7\x1d\xdf\x45\xf7\xf3\xf4\x22\x71\x5b\xe4\xab\x3d\x7b\x9c\xbb\xae\x68\x17\xc8\x9b\x0b\x9d\x2c\xc9\x08\x48\x3a\xb4\x2e\xee\xbe\x8d\xc3\x6d\x0b\x34\x56\x9b\x30\xe5\x43\x9b\x28\x06\x83\x9b\x8f\x5d\xba\xb4\xf2\x33\x5f\x49\xf9\x06\x06\xed\x07\xca\x47\x36\xea\x9f\xda\x87\xe3\x32\xdc\xc2\x58\x86\xb2\x80\x97\x07\x75\xb4\x56\xc3\xf8\xe4\x88\xc3\x56\x11\xc1\xf9\xab\xd3\xfc\xbc\x4f\x2c\x12\x1d\xac\xc5\x08\x26\xce\x34\x0b\x6a\x93\x69\x67\x9e\xbc\x80\x39\x7c\x20\x4d\xc4\xa8\x8c\x79\x17\x64\x4e\x73\x43\x66\x5f\xe0\xc0\xfe\x48\xf9\x72\x7e\xee\x03\xb5\x30\x13\x5a\xdc\xb9\xdd\x74\x1d\x2e\xb3\x56\x1b\x66\x7f\x77\x14\xf6\x7e\x1e\x08\x5a\x16\x45\x95\xa1\x2b\xc7\x98\xee\xf6\xf7\xe0\xab\xc3\x9c\x3c\xcf\x7f\xeb\xca\xcb\x35\x5a\xe8\xcb\x0f\x1f\x9a\xed\x59\xc1\xbd\xb3\x33\xe0\x77\x9b\x33\x28\x8f\x2c\x9c\xf5\x73\x46\xc9\x9d\x01\x73\x17\x7b\x4c\x0c\x54\x10\x99\x24\x4b\xda\xed\x9d\xab\x6a\x49\x3e\xaf\x7b\x06\x36\x4a\x31\x07\x26\x18\x01\x08\x86\xdf\x75\xa1\x2b\xbe\x77\xb7\x7e\x14\xdc\x79\x77\xc1\x3d\x28\xd0\x02\x5b\xa4\x60\x5b\x10\x51\xf7\x49\x18\x5c\x9f\x90\xf5\xe7\x73\x49\xf9\xc1\xc8\xf9\x3b\x88\x6b\xbc\x4f\xbc\xe0\x07\x12\x20\x7c\x7e\x7e\x0d\xee\xcb\xdf\x5d\x3d\x8d\x8c\x60\x5f\xd1\x48\x5e\x9b\x91\xe6\xcd\x3d\x7a\x07\xc0\xcf\xe1\x82\xdc\xd8\x4d\xb4\x9e\x27\xcd\x4d\x3a\xfd\x3c\x44\x72\xdb\x9f\x82\x7e\xcf\x29\xde\xc8\x1d\x55\x2c\x45\xe5\x4d\xb0\x0c\x4b\x31\x13\xa5\x1e\x05\x9d\x53\x12\xbe\xd3\xb5\x43\x68\xa9\xc4\xdf\xed\x47\xe1\x6f\x49\x15\xc0\x6c\x95\x79\x2a\xf4\x57\xdb\x52\x5f\x2c\xd7\x07\x52\x28\x57\x29\xc4\x74\x7e\xb1\x70\xe4\x2c\x98\xcb\x32\x7a\x02\x12\x78\x24\x41\x12\x4f\x58\x4b\x10\x99\xd5\x7c\xa9\x8a\xc1\x0a\xc4\x00\x7a\x1e\x14\xe9\xea\xfe\x9e\x44\x43\x40\x0a\xe6\x67\x2d\x9f\xfc\x43\xbe\xc1\x04\x93\x3f\x39\x49\x3b\x65\x2c\x80\xd6\x43\xd6\xaa\x5d\x54\x6f\x83\xfc\x1c\xbd\xf9\x0a\xe4\x80\x05\x30\xc8\xba\xf2\x92\xfc\x0e\xd3\xbf\xfd\xf4\xa3\x39\x2b\xa7\x01\x3d\x57\xb7\xc2\x6e\x3b\x9f\x6f\xf3\x1a\xf2\x35\xd0\xdb\xe6\xf7\xbf\xfc\xf4\xa3\xaa\x7f\xa7\x30\xb0\x9c\x0d\xad\x35\xc8\x04\x16\x24\x02\x10\x90\xb8\xd6\xad\x59\xdb\xf4\x21\x5f\xb1\x61\xb6\x9f\xd8\xdc\x95\x24\xec\x2b\x9d\x9c\xdb\xd6\x76\xbe\x72\x40\xcf\xeb\x19\x30\x04\x21\x8d\x3d\x57\xf5\x9f\x61\xf0\xe8\x40\xe9\x00\x90\x12\x61\xd9\x41\x53\x83\xae\xeb\xfb\xdf\x81\xd3\x9c\xfd\x18\xa6\x59\x00\x74\xdc\x9a\x49\x64\x6f\x40\x14\xbb\xa0\xfe\x03\xd7\x39\xeb\xb7\xa7\x01\x19\xc2\xa0\xdd\x28\x14\x09\xe9\x49\x3f\x5b\xcd\x78\x5b\x80\x83\x5e\xde\xcd\xcf\x48\x1c\x18\x24\xc2\x15\x2a\x38\x9d\xbf\x95\x84\x47\x0e\xa5\x7b\xc2\x34\xce\xc1\xed\x76\xce\x5c\xcd\x5e\xe5\xd9\xa0\xc0\x09\x46\xac\xcb\xad\xb8\xe5\xb0\xff\x8a\x6b\xcc\xd7\xf1\x86\x69\x4c\xb0\x83\xbc\x3a\xd3\xf6\x93\x39\x23\x17\x60\xb3\xd6\xdc\x98\xcf\x3f\x67\xe6\x6d\x65\x73\x0b\x58\x49\xe2\xad\x58\x48\x8c\x15\x12\x41\xe8\x28\xda\xbd\x73\xa6\xa1\x24\xc9\xe0\x26\x20\xa9\xad\xbd\x4e\x28\xa9\xee\xb6\xe5\x77\x61\xb4\xf8\x0c\x9f\xea\xdb\x86\x4b\x74\xe7\x87\xee\xd9\x51\x0f\x51\x28\x1c\xcd\xf5\x2a\x76\x04\x78\xc4\x29\x2a\x4c\xc7\xed\x9d\x47\x96\xa4\x8f\x47\x87\xd4\x4f\x4e\xeb\xeb\x14\xe4\xa3\x2e\xb7\xc0\x1e\xe8\xfb\x02\x21\xda\x8f\xa6\x0b\x43\xf4\xf4\xf1\xd8\x9e\xb6\xb8\x95\x95\x9a\xfb\x49\xaa\x66\x0d\xb7\x6a\x9d\x9c\x1a\x66\x3d\xcd\x34\x46\xa5\xc2\xa5\x07\x37\xda\x07\x9c\x6e\x87\xd3\x0b\xd3\xff\x39\x2e\xd3\xb7\x58\x18\xaf\xaa\xdf\xa4\xe2\x56\xa7\x76\x4a\x1d\x4f\xc8\x37\x5c\x2a\x37\x8f\x04\xa3\xf1\x6d\x9f\x44\x05\xd9\x42\x93\x15\x39\x31\xaf\x30\x76\x88\x7d\x69\x1f\x84\x95\x5d\xd2\x45\x87\x36\xb1\xdf\x9e\xa4\xd2\xb8\x83\xee\xe5\x5c\xf2\x85\x4f\xb4\x3c\x0a\xfe\xd0\xf0\x89\xce\xa1\x7c\x7c\x9d\x9f\xa3\xb1\xce\x9d\xde\xf8\xc2\xfb\x2e\x9a\xe8\x24\xa4\x39\xef\xc9\x5f\xcc\x15\x2f\x06\xb3\xce\x18\x32\xcf\x68\x69\xe3\xd7\x18\xb8\xf4\xb6\x1f\x62\x18\xe6\xcd\xaf\xdd\x06\xf3\x96\xf7\xe0\x2d\xdf\x7c\xfd\xca\xbd\xf9\x9a\x85\x0f\x8a\xe4\xce\x9b\xe5\xfd\x97\x8d\x4d\x0a\x9e\x58\xfc\x48\xce\xfc\xee\x93\x60\xfe\x25\x00\xc7\xec\x10\xb7\x88\x7f\xd2\xb4\x57\x2c\x11\x3e\x58\xf2\x4d\xd3\x71\xcd\xde\x6b\xde\xa9\xe8\x7e\x85\xb2\xf7\xb9\x16\x3b\x3f\x7f\xcf\xd8\xdd\x24\x61\xc7\xfb\x79\x11\x71\x24\x11\xc0\x37\x34\xbc\x84\x22\x15\x94\x14\xa8\x9e\x9f\x05\xaa\x22\xb6\x79\x3b\xa5\xd2\xfd\xcc\x42\x38\x36\x5c\xa1\xff\xf7\x39\x6b\x3e\x86\x0d\xf2\xf0\x72\x53\x1e\x15\x46\xca\x14\x59\x68\x49\xf7\x33\x5a\xdd\xc5\x57\x48\xd1\xee\x67\xdd\x0b\x12\x6b\xa1\x76\x45\xeb\x5d\xa6\x27\x56\xba\x8f\xcd\xfc\xaa\xf6\x4c\x9f\x26\x91\x91\x08\x33\x18\x16\x7a\xa6\xa4\x68\xeb\xcd\x2a\xf8\x96\x58\x33\xa7\xf9\xad\x8d\x4d\x24\x7f\xee\x63\x7d\x47\x4b\xb2\xe8\x57\x1e\x3c\xb6\x31\x2d\xd8\xd2\x80\x38\xc6\x34\x91\xe5\x34\xa7\x22\x6e\x6e\xc1\xf2\x95\x33\xfd\x00\x59\xa2\xa4\xd3\xfd\x6a\x4a\xf8\xd5\x26\x63\x66\x43\xa6\x16\x41\x2a\xe0\xc5\xf8\x49\x61\x4e\xc7\xb3\x9e\x9f\xe3\x2e\xbb\x3d\xe7\x27\x15\x96\x64\x6c\xe2\xdf\x90\xd4\x18\x83\x4c\xb5\x44\x32\x20\xb5\x1e\xf3\xba\xd0\x12\x2f\x86\x41\x48\x84\x95\xc2\xcf\x53\xbe\x1a\xe6\xb0\xc9\x91\x53\xfc\xbe\x4b\xcf\xc8\xe8\xa0\x6d\x4b\x78\xdb\xce\xe6\x4d\xe7\x2f\x44\x16\xde\xcf\xdf\xe7\x8c\x97\x02\x6f\xef\xf9\x4c\xf5\x99\xf8\x0d\xc9\x3c\xc1\x60\x12\x19\x66\x21\x38\x12\x77\xbd\x78\x43\x6c\xa4\x70\xf8\xfe\xc2\xcf\x9d\xb6\x9d\x8c\x44\x77\x24\x30\xba\xef\x3b\x6d\xdf\x62\xd1\xa8\x6b\x65\x3e\x74\xeb\xea\x8e\xdf\x94\xcc\x9b\x16\xea\x54\x6e\x26\x2d\xff\xf8\xe0\x40\xb4\xce\x7c\x16\x1e\xf2\xa5\xed\x29\x67\x2d\x2f\xaf\xfa\xb6\xf8\x84\x59\x13\xdd\xa8\x82\x92\x0e\xd3\xb1\xc9\xb9\x35\x97\xee\x76\xd2\xad\x08\x89\xf2\xf0\x99\xd7\x62\xae\x84\x02\x48\x0e\x35\x19\x62\x73\xca\x2c\x9f\xad\x3a\x7f\x98\x2f\x6e\x0d\x3c\xae\xbc\x84\x44\x96\xb4\x9c\xde\x8c\x45\x36\xcf\xac\x34\x75\xce\x16\xb6\xac\xdc\x00\xdd\xfa\xe0\x50\xcc\xb1\xd9\x00\x54\xa8\xc7\xa8\x9e\x9f\x17\xed\x5b\x3b\x0b\x16\xed\x69\xdf\xe9\x9f\x13\xae\xb3\x3d\x75\xdf\x06\xc4\x63\x0e\x7c\xd2\x43\xb6\x42\xb4\x22\xff\x96\xb4\x6f\x45\xf6\x10\x29\x15\x42\xe2\x03\x89\x78\x3d\x38\x6e\x9b\x6c\x0d\x58\x30\xa8\x85\x0d\x0a\xc8\xeb\x4f\xdf\xdd\xfe\x8f\xd6\x3b\x28\xd0\x21\xff\x00\x4d\xbd\xe9\xe8\xdc\x27\xa5\xfb\x58\x07\xd9\x18\xeb\xe5\x1b\x0a\x8a\x6e\xa3\x7e\x80\xf4\x73\x3d\xbf\x73\xef\xc9\x2a\xfd\xe2\x9e\xc5\x18\xa1\xe5\xcb\xb6\x24\x80\xab\x9c\x68\xa0\x2b\x20\x3f\x96\x18\x81\xa4\x30\xf1\x93\xf2\xb2\x3c\x40\x30\xf3\xe6\xee\xac\x98\xb9\x4b\xf2\xb3\xee\xee\xb7\x2c\xc4\xe2\x11\xa8\x05\x0e\x15\xca\x50\x0c\x62\x7d\xe7\x93\xd5\xc8\x10\xfe\x69\xfb\x17\x17\x85\x1c\x40\x95\x24\xcf\xa1\x39\x53\x0e\xf6\x40\x48\x0e\xc5\x77\x7f\x0a\x4e\xc4\xaa\x3d\xdd\xc2\xdf\xae\xd0\x78\xf8\xe2\x2b\x8d\x06\x93\x18\x0a\xfb\x8b\xec\x78\x2d\x8a\xe4\xfa\xd3\xe8\x0c\x4c\x0e\x45\x64\xd8\xa5\x91\xe1\xdc\x91\xfd\x0f\xa7\x39\xff\xf2\xf3\x3e\x31\xf8\x0e\x0c\x72\x43\x39\x43\x57\xec\x9e\x9f\x93\xf3\xf3\x84\xe9\x9a\x45\x1b\xcc\x01\xb1\x2b\xfc\x57\x9b\xc6\xdd\xd8\x10\xca\xd5\xe4\x82\xc5\x4e\x9e\x9f\x11\xe5\x4a\x84\xd3\xcf\x83\xb5\x34\x8a\x5c\x24\xe4\xba\x25\x0f\xbb\xf0\x38\x54\xd0\x3e\x1c\x0b\x9e\x2c\x9c\x2d\x63\x08\xc8\x8d\xb0\x52\x37\x3d\xca\x1b\xa1\x83\x50\x7e\x56\xf0\x45\x6c\x05\x07\x34\x64\xfa\xa9\xa1\x28\x2f\x4c\x85\x9d\x6c\xc4\x90\x02\x56\xda\x46\x04\xb2\xff\x05\x3c\xcf\x6f\x19\x97\x64\x48\x47\x83\x6c\xdf\x06\x74\x15\xe0\x6c\x27\xbc\x4e\x21\x60\xf9\x9e\xcd\xe5\xed\x72\x2a\xcf\x92\x49\x3f\xdd\x6a\xf3\x1d\x18\x13\x2d\xb2\xb7\xcb\x98\x62\x2c\x88\x1d\x5c\x76\xc9\x5d\xad\xe1\x32\x0c\xfc\xdb\x25\x9b\x63\x4c\x69\xb8\x8e\xb4\x9f\xee\xd8\x9c\x97\xed\xd8\x6c\xfe\xfc\x04\x9c\xfe\xd0\xa0\x90\x4e\x63\xbf\x4d\x02\x2f\x5e\x6d\xc3\xdf\x02\xbf\x11\x7c\xd8\x25\x41\x9a\x92\x7d\x9b\x8d\xe6\x85\xcb\x58\xba\xdf\x86\xe0\x26\x90\xf3\x29\x48\x78\x43\x9a\x22\xd0\x61\x0c\x1a\x04\x64\x07\xe6\x67\x5e\xf6\xed\x9e\x6c\x24\x06\x6f\x2a\x75\xde\xcd\xb9\x46\xfc\x99\x1e\xe7\x20\xd3\x27\xba\x9d\xa0\xd5\x23\x4e\x08\xc9\x68\xfd\xa1\xed\x44\x62\x02\x01\x13\xb6\xbb\x25\x99\x40\x50\x1b\x71\xb7\x24\xe1\x23\xd2\x45\xd4\x6c\x2f\xdb\x6d\x29\xd0\xe8\xf2\xed\xca\x34\xae\xe4\x80\x86\xe3\xfc\x7e\x47\x23\x98\x64\x7f\x53\x40\x62\x34\xc0\xc9\x5f\xc8\xf6\x40\x6c\x1f\x62\xb3\x49\x55\xdd\x52\x32\xb5\xa4\x25\x4b\xb6\x5a\x42\xd4\xd2\xf3\xf3\x35\xfb\xa7\x4f\x7f\xb2\x09\xb5\xb1\xf3\x8b\x6e\x40\x7c\xcd\xee\x40\xc9\x95\xa0\x9c\x48\x77\x67\xba\x50\x0d\x5d\xaa\xa4\xae\xe2\xcc\x9d\x91\x04\x39\x26\xe9\x5d\xcc\xe9\x7e\x58\xb1\x4e\x32\x64\x55\x8f\x64\xfd\xc8\x28\xfd\x4f\xd2\xf5\x0c\xae\xe0\x1b\x5d\xa5\xa2\x38\x16\xc5\x64\x14\x66\x57\x2c\x52\xc5\x74\x43\x3a\x3f\x48\x71\xeb\xe9\xb8\xe7\x30\xb7\xf7\x2f\x69\xb0\xf7\xe3\x69\xe8\x3a\x54\x99\x4c\xff\xe6\x14\xa2\x4e\xb6\x23\x93\x09\x1a\xf9\x57\x5c\x0e\x3d\x3d\x34\x6f\x9a\xd3\x83\x1f\x26\xd3\x66\xa1\x76\x9b\x7c\x0f\x3d\xd9\x71\xda\x6c\x20\xf9\x90\x7c\x91\x27\x27\xc1\x43\x18\xef\x53\xde\x7a\xa5\xec\xdf\x6d\x40\xc7\xa3\x03\x49\x7f\x64\x77\x03\x1e\xe8\x1a\x39\x16\x44\xb8\xeb\xdf\xcf\xc9\x5f\xda\xe4\xdf\x71\xef\x86\xf7\x60\xf2\xe1\x6f\x50\x05\x77\x23\xfa\xf7\x98\x6c\x61\x95\xf6\x0a\x72\x50\x32\x45\xa1\x32\x38\x20\x32\x48\x0b\x36\xc9\xc8\x80\x0f\xba\x02\xe0\xe4\x82\xec\x8c\x60\xb4\xb0\xe5\xf7\x52\x5a\x14\x7d\xe1\x34\xb7\xd9\x9a\x55\x00\x59\x02\xd3\xb0\x7d\xcb\xa9\x13\x03\x1a\x7e\xf6\xee\x09\xe1\xa3\xfb\xf9\x45\x8b\xfc\x73\x4b\x48\x26\x9f\x13\x00\xeb\xb7\xa7\x83\xaf\x5a\x4d\xb2\x2e\xce\x90\x0d\xe9\x86\x5c\xdf\x17\xbf\xda\xa4\xec\x98\x95\xbd\xbc\x07\xf2\xaf\x0c\x80\x29\xf9\xe7\xfc\x5c\xaf\xf1\x28\xf6\x1a\x60\x23\xe7\x8c\x54\x0f\x83\x19\xb8\x23\x44\xed\x6f\x5d\xca\x03\xbe\x08\x44\x70\xdc\x92\x81\x38\xa5\x0d\xba\x25\x90\x73\x95\xe5\x53\xef\xfc\xfc\x3f\x19\x38\x89\x56\x83\x0c\xaf\x5a\x1e\x39\x16\xc5\x7e\x78\xc5\x5e\xe0\x76\x33\x0f\x38\x77\x16\xed\x8e\xf8\x6e\xd3\x8e\xe9\x11\xbc\xbd\x82\x87\x0b\xd2\x62\xa8\xcc\x93\x52\xe4\xde\x1a\x82\xb7\x4a\x04\x9a\x89\x10\xd9\x93\x51\x1d\x35\xc2\x63\xfb\x2c\xf6\x71\x6b\xec\xd9\x3b\x53\x82\x2a\x27\x6f\x05\x06\xea\xd8\x4e\x12\x93\xae\xa7\x3b\x97\x2e\x29\xe5\xf1\xe9\xe7\x67\xe0\x94\xbc\x63\xa0\xf5\x6b\xbe\x1b\x06\x40\xd9\x36\x01\xb2\xcf\x81\x30\x95\x2c\x83\x23\x74\x2d\x58\x1f\x20\x6a\xcd\x2b\x82\x2f\xd2\x0f\xe8\xbb\xca\x50\x99\x1e\x26\xe3\xb1\xdd\x66\x9b\x8e\xb5\x23\x0c\x18\x6d\xec\x2a\x5b\x62\xf3\x64\xb1\xec\x30\xe7\xf6\xbd\xe5\x4b\x07\x94\xd8\xc6\xd9\xe0\x96\xcc\xe6\x08\xdf\xa6\x8b\xdb\x56\x70\x41\x94\x7a\x93\x25\xdc\x12\xcf\xd2\x9b\x8a\xfc\x5b\x12\x19\x87\x9f\xbf\xf2\x9f\x20\x7e\x64\x97\x5f\x90\xcb\x99\xd7\x9e\x36\xbf\x2a\x32\xe5\x8c\x1b\xf0\x06\x9b\x9f\xcb\x79\x4c\x9c\x0a\x59\x64\x55\xfd\x9d\x83\x90\x8d\x8f\x17\x41\x2e\x45\xff\x8b\xa8\xc3\x36\xd5\x1b\x3a\xd2\x67\x99\xd6\xe7\xe7\x20\x97\x53\x81\xf9\xa2\x4f\x71\x5f\x34\x3b\xcd\x29\x89\xce\x83\x74\x99\xea\x46\x1c\xc6\xe1\x3b\x10\xe6\x54\xbb\x50\x3f\xad\x10\x7b\x67\x35\x6f\x92\x4d\x32\x72\x7a\x67\x44\x0e\xcb\x34\xf9\x16\x20\x4a\x89\x60\x2f\x31\x78\x3e\x67\xd1\x2d\x72\x9c\xe2\x4c\x9e\x1f\x48\x02\x4f\x28\x09\x19\x1d\xca\xae\xc7\xf9\xf2\x8c\xcc\x06\x9a\x92\xc5\x6b\x22\x56\xe0\xbd\x3a\xd1\x48\xc8\xa6\x62\xdb\x22\x98\x93\xce\xcf\xc2\xf3\xf3\xb3\x35\xb1\xda\xef\xa9\x71\x5e\x0a\x4f\x62\xd7\x3e\x44\xf9\xec\x20\x9a\x47\x77\xbb\x7b\x32\xf7\x5c\xdf\x46\xf6\xa1\x97\xd0\x8d\xa1\x91\xee\xd2\x9e\xf5\x67\xf1\x7c\x07\x5c\xda\x46\x74\x7b\xa8\x0b\x55\xc6\xe7\xe7\x4a\x4b\x8e\xf9\xd0\x87\x4a\xe2\xf9\xdd\xea\xf6\xbd\x64\xec\xa7\xef\xbb\x84\xf3\xf4\xfb\xde\x59\x9d\x9f\xa7\xed\xc3\xbb\xf9\xfb\xbb\x3d\x28\xc2\x16\xf9\x87\x9e\x5a\x7a\x3b\x7f\x07\xde\x31\xdd\xfa\xb1\x9d\xbf\x25\x8a\x6d\x3e\x7f\x3c\x3f\x7f\x0b\x16\xc2\xd9\x28\x09\x83\x7b\x27\x22\x6e\xec\x7b\x69\x9b\xcc\xdd\xf6\x3e\x6f\xed\xc5\x05\x64\x46\xf0\x7f\x68\x35\xd4\xb0\x99\x6f\xe7\xbd\x36\x09\xaf\xec\xe2\x5d\x8b\x6e\xf9\x50\x1b\x7a\x7e\x7e\x71\xb1\x01\x70\x3a\x23\x3c\x10\x2a\xe6\x77\x8f\xd0\x6d\x9b\xfb\x19\xdb\xb2\x9f\xfb\x24\x29\x3d\xa5\xd5\x5a\x30\xd2\x17\x9c\xf4\x36\xf1\xea\x09\x61\x8c\xc4\x36\xa1\xb6\x7f\x3f\x93\x1c\x94\x3a\x34\x9d\xd8\x39\x9c\x68\x4a\x52\x2b\x62\x04\x45\x12\x41\xa4\x09\x1b\xb0\x64\xac\x55\xea\x29\x82\x4d\x67\x1e\x00\x4f\x69\xa0\x64\xf3\x05\x39\x67\xd0\x83\x49\xc1\x2b\x9f\x1c\x02\x3a\x22\x96\x4f\xda\xf9\x4d\xbc\x51\xea\x2d\xa5\xb4\xb3\x7c\x12\xf0\x63\x0e\x09\x24\x68\xd3\x07\xc9\x8e\x83\xce\xe4\x8b\x94\xe0\x6d\x33\x04\xcc\xd3\xce\xb7\xa0\x03\xe9\xb7\x74\x06\x10\x88\xf9\x51\xff\x16\xe6\xb5\x77\xae\xe3\x3a\xa0\xd4\xc8\x71\x34\xa9\x2e\x6d\x1f\x6f\xcb\xd5\xe7\x23\xf2\x02\xae\x2b\xef\xb7\xa7\x13\x15\xcb\xb2\xad\x3f\xff\x1f\xc4\x48\xdc\xad\xa8\xcf\xe1\x93\x65\x5b\x8f\xfc\x43\x53\x8e\x6d\xcc\xac\x11\x74\xbd\xff\x97\xb9\x7f\x6f\x6e\xdb\xc8\xd6\xc5\xe1\xff\x4f\xd5\xf9\x0e\x12\xc6\x5b\x21\xcc\x16\x25\x39\x99\xb3\xf7\x80\x86\xf9\x26\x4e\x32\xc9\x8c\x3d\xc9\xc4\xce\x4e\x32\x34\x93\xc2\x8d\x17\x89\x22\x29\x92\xb2\xec\x88\x3c\x9f\xfd\x5d\xcf\x5a\x7d\x05\x40\xd9\x99\x5f\xed\xaa\x33\x53\xb1\x08\xa0\xd1\xe8\xeb\xea\x75\x7d\x16\xe2\x15\xa8\xe1\x60\xcf\x64\x6c\x92\xfb\xc5\x72\x9b\xcc\xda\x54\xad\x30\x1f\x4b\x50\xf1\xb4\xe9\x9b\xe1\x0c\x04\x18\x8e\xb0\x0f\xa0\x2c\xd6\xc7\x6a\x92\x96\x46\xd0\xae\xd4\x70\x04\x32\x56\xf3\x46\x40\xd4\x1f\x09\x53\x13\xc4\xf6\x31\xa7\x30\x45\x77\x72\xfc\x19\xc7\x61\x67\xe0\xa9\xed\xce\x43\x66\x29\x54\x09\x99\x15\xd5\x73\xe8\x00\xdf\xe4\x4b\x92\x67\x78\xc5\xc2\xb2\x43\x73\x50\xef\x63\x8b\x25\xdf\xd7\x0c\xe4\x9e\xf0\x0b\x23\x9e\x96\x7d\x0f\xd4\x92\x35\x38\x11\xd5\xac\xb8\x93\xfb\xa2\x06\x74\x44\x6c\x9f\x80\xd4\x43\xe7\x09\x24\x47\x7b\xe6\x64\x38\x73\xf0\xdd\x79\xb6\x98\x1c\xf8\xe6\x4f\x9a\x83\xe3\x93\xfa\xd0\x02\xe6\xf7\x79\xf9\xaa\x66\x1b\x6b\x44\xba\xe1\xd4\xd0\x2f\x97\x47\xec\x7f\x01\xe3\x0d\xd7\x54\x77\x5c\x7a\x77\x3d\x4f\xf0\x00\x0d\xa8\x3f\x93\xfb\xd6\xa7\x9c\xf8\xbc\xf0\x73\x70\xeb\xc8\xc4\x81\xdf\xb1\x90\x19\x8e\x4f\x23\x3d\xd6\x55\x92\x75\x77\x93\xd8\xa9\x24\x69\xa8\xb6\xd9\x3a\x08\xcc\xf6\x3d\x06\x97\x45\x26\x0a\x52\xf7\x1b\xfb\x72\x1a\xd8\x02\xe5\xa4\xbd\x90\x30\x2f\x06\x68\x50\xeb\xe5\xb2\x35\xd4\x1b\x9a\xb3\x25\x31\xa7\x70\x7f\x3f\xf4\x7c\xa1\x91\x8f\xb5\x26\x18\x5e\x65\xfc\xd1\xaf\xd9\x67\x7e\xe7\x7e\x77\xc0\xf3\x1d\x1f\x83\x32\xb0\xea\x37\xeb\x4d\xd7\x15\xc9\x93\xff\x97\x6e\x64\x39\xfb\xcc\x70\x38\x31\xdb\x04\xda\x19\x56\x63\x31\xe0\x38\x2c\x12\x25\xf5\xe5\x87\x0b\x93\x10\xa7\xad\x35\xad\xdc\xf5\x47\xfa\xcc\xe4\x68\x3f\x71\x9e\x3a\x50\x80\xe4\x96\x95\x89\xea\xd0\x8f\x8c\xc5\x6a\xaf\xcc\xaf\xf6\xb6\xf9\xee\x4f\xfe\x95\xad\x80\x87\x43\xb9\x0a\x75\x27\x2a\xc4\x5c\x06\x55\x7e\x94\x24\x0f\xed\xaa\x5d\x4e\x4f\xff\x4f\x5b\x44\xa6\xb4\xa1\x2d\x4e\xd5\x9e\x2f\x3d\xfe\x3a\x47\xc8\x6a\xac\xd1\x96\xbe\xfd\x4b\x6f\x57\x3b\xa6\x88\xa7\xc5\x00\xb6\x15\xfe\xa5\xa5\xb0\xf8\x0c\xfd\x7f\x9c\x26\xcf\xf3\xc8\x2c\x37\xef\x56\xbe\x57\xec\xd9\xdd\x8c\x5a\xad\x57\x75\xe8\x9b\xf4\x05\xd4\xe0\xea\x47\x18\x36\xf3\xff\x50\x7d\xd4\x28\x04\xb3\xb2\x31\x44\x0d\xf3\x4e\x5d\x59\x67\x82\xfd\x97\x1e\x05\x34\x83\x44\x84\x9e\x09\x64\xed\xb1\xa7\x93\x1c\xe6\xa7\x17\x28\x53\xdd\xd4\x4b\x38\x19\x66\x78\xfe\xac\x18\x14\xdd\x3c\x29\xb8\x24\xc9\xe7\xcd\xda\xbc\x08\x9a\x7e\xce\x61\x33\xe9\x93\x38\xab\x5b\xca\x33\x7a\x9f\xe4\xf5\x87\x5e\xbf\xf8\xc0\xeb\xf3\x46\x57\x82\x48\xbf\xd4\xb6\xb5\x7f\x7a\x0a\x16\xa8\x6f\xaa\x29\x83\x6a\x26\x1f\x5d\x4d\xb7\x5b\x3e\xcd\xdb\x6b\x61\x77\x11\xb3\xc0\x49\x4a\x49\xbd\xe5\x7e\x63\xa3\x98\xef\x81\xff\xbe\x44\x20\x3a\x6f\xfe\x7c\xf9\x0e\xbf\x49\x68\xaf\xf0\x77\x45\xa2\x24\xb2\x83\xe2\xb7\x24\xd4\xa0\x1d\x15\x3b\xbe\x2c\x1f\xa5\xd7\xf0\x88\x74\xd5\x6d\x6e\xf3\xeb\x19\x94\x4b\x6a\x5d\x11\x0f\xd5\x2c\xbf\x90\xf2\xc6\x25\xed\x06\x1e\xa1\xfb\x9b\xcc\x83\xfc\x30\x9e\x26\x1b\xd7\xe2\x80\x21\x63\x31\xfc\x26\x23\xc6\x64\x02\x5e\xec\xaa\x82\x62\x35\x3d\x10\x3c\xe8\xc2\xc2\xd2\xdf\x8d\x4c\x4f\x44\xc3\x7a\x6e\xe7\x83\xf3\xe4\xca\x6a\x4a\xfb\xc4\xdb\x70\x48\x24\x89\x08\x65\xcf\x2a\xc0\x0c\x9f\x13\xdf\x77\x8e\x0b\x86\x20\x78\x25\x6e\xdd\xd3\x98\x75\x28\x15\x7b\x56\x4f\x75\x35\x15\x94\x24\x5a\x58\xdd\xed\xa6\xb1\xd2\x41\x90\x63\xaa\x17\x81\xaa\x80\x2a\xa0\x2a\x5e\xdb\x2a\x38\x8e\xb1\x32\xfe\xac\x6a\x2c\xc5\xef\x45\xed\x5c\x48\x48\x39\x57\xea\xb1\x70\x47\x6c\x61\x77\x1f\xb5\xe2\xb1\xcc\xc5\x04\x31\x73\x66\x20\xe3\x63\xfa\xdc\xcf\xc4\x58\xda\x2f\xee\x76\x97\x74\x49\x94\x9d\x1e\xe0\x57\xa7\xc2\xbd\x0f\xb7\x62\xa2\xb4\x09\x84\x38\xd0\x03\x5f\x87\x91\xaa\xd0\xf1\xc7\x76\x8c\xa7\xfa\x79\x32\x1d\x38\xed\x57\x9c\xfc\x4e\x93\x35\x8b\xed\xe8\xef\xdd\xb2\x58\x67\xe6\x08\x10\x12\x49\xcb\xd3\x0f\x1c\x88\xa2\x7e\xf1\x2c\xef\xe7\x88\x54\xed\x72\x08\xa8\x28\xe9\x9d\xd3\x8b\x0b\x6b\xcc\xc2\x28\x8d\x9c\x8e\xcf\x35\xd0\x75\x88\xd2\x79\x0a\x53\x48\x28\xc4\xb2\xbf\x73\xf6\xaa\x5c\x4e\x9e\x41\x20\x6f\x8f\x9d\xfe\x1c\xe1\xbe\x46\xc0\xcb\x3d\xc3\xaf\xb5\xcf\x64\xfa\x8d\x9a\xc8\x3e\x91\x96\xf0\xaa\x84\xe4\x34\xe6\x05\x39\x69\x56\xdc\x52\x33\x9d\xa9\xba\x0e\x6b\xd5\x0d\x95\xd3\x87\x1b\x05\x99\x7d\x96\xd6\xc4\x49\x45\xcb\x96\xad\x71\x27\x27\x53\x2b\xf5\x4e\xa1\x48\xf5\x34\xe1\x90\x82\xd3\x29\x14\x90\xa8\x02\x42\xca\xa5\xe2\x7b\xcd\xb6\x78\xee\xaf\xdb\xc0\xd7\xd4\x09\x5a\xc1\x58\x58\xb5\x53\x8b\x7f\x33\xc3\x34\x0d\xab\x91\x2e\xd8\x72\xb4\x27\x50\x47\xba\x2f\xde\x66\x2d\x94\x92\x66\xda\x84\x6f\xf7\x2b\x1d\xaf\x2d\xf2\x01\x2c\x91\x85\xa7\xbf\xb7\xf5\xbc\xcd\x7c\x35\x8f\xa9\x0b\x82\x10\xd1\x85\x29\x55\x39\x73\x4b\xf1\x32\x95\x50\xe7\xdc\xa2\x9e\xc0\xaa\xa4\x05\x21\xd0\x8a\xa2\x33\xe6\x7a\x70\x3d\x31\xd6\x15\x75\xc9\x0e\x05\x12\x49\xe1\xc1\x8a\xd8\x26\xdc\x79\x4d\xf0\x04\xa6\x92\x76\x2c\xc4\x35\xaa\xab\x4c\xa9\x0c\x8d\x0a\x1c\x51\x8f\x2b\xb9\x57\xe1\x1e\xca\xc7\x81\x53\xb1\xa6\x81\x81\xa6\x28\x65\xd5\x07\xfd\x03\x5f\x57\xdd\x97\x15\x6c\x20\x34\x88\x88\xc6\x7d\x1c\xa9\xa9\xf3\x8a\xa0\xfe\x24\x53\x96\xfd\x6e\x52\x84\xc2\x1c\x8f\x11\xc9\xbb\x4a\x68\xa4\x56\xea\x9a\xa4\x66\x54\xaf\xd6\x69\x31\xa0\xa5\xd6\x19\x0f\xb2\x64\x49\xf2\x7a\x3c\x18\x8e\x92\x49\x72\xc3\xde\xe1\xc4\x9f\x03\xc6\x41\x4a\xd2\xb4\x5f\xa6\xf4\xf2\x5a\x2d\xe8\xa2\x73\xa9\x30\xb0\x78\x70\x95\x5e\x86\x0b\xe1\x0a\xa2\xe5\x9c\x68\xd4\x15\x8f\xe8\x7a\xb8\xa0\x5f\x90\x2e\x6f\xf4\xaf\x79\xcc\x21\x0e\x62\x30\x02\xef\x2d\x3f\xf0\x01\x0e\xec\x59\xb7\xd6\xb7\x96\xfa\x2e\x65\x0e\x6e\xe8\x8a\x2a\xea\x57\xcc\xe9\x88\x0f\xdb\x25\xc2\xd3\x3f\xf0\x7a\xe7\x32\xad\x06\x7f\xa3\xf1\x9d\xc7\xc9\x35\x6e\x91\xcc\x87\xa0\x9f\xe1\x25\x5a\x38\xc1\x1f\x34\x4f\x76\xe8\x9a\x3b\xcc\x76\xfa\xb5\x31\xa8\x2d\x95\xa9\x3f\x4e\xd6\x34\x95\x03\xdd\x82\x09\x0d\xd4\x2c\x4e\x4c\xa8\xc6\x04\xf0\x17\x9e\x1b\xf7\xbb\x90\x38\x2a\x3e\xe8\x7c\x9c\x8a\xb2\x67\xcc\x47\x43\xd6\xd8\x83\x76\x63\xe9\x4e\xa0\x45\xb1\x8f\x70\x16\xd2\x5a\x86\xdf\xc0\x39\x8d\xd4\xe6\x80\x60\xcc\x5c\xe5\x14\xe6\x02\x35\x3f\x50\xe8\x6f\x40\x52\x60\x89\x57\x17\xa4\xf5\xe5\xab\x44\xdc\x3e\x3f\x06\xf8\x10\x8c\xdf\xc7\x08\x2a\xa2\xc5\x02\xfb\x43\xec\x56\xda\x95\x2e\x9e\xcc\xf5\x0f\x87\x92\x25\x4a\x81\x6a\x3f\xea\x8f\x9f\xcd\xfa\x33\x89\x7c\x2e\xc2\xbe\xce\x74\x5f\x63\x6a\x00\x35\x95\x68\xd0\x35\x1d\xb8\xb1\x28\xc8\xee\x75\x79\x39\x14\xbd\xd2\x7a\x98\xc5\x9a\x89\xbb\xfa\x90\xa3\x57\x69\x63\xc9\x48\x57\x69\xb7\x3b\x0b\xe0\x37\xfc\xef\x56\xe6\xbb\x81\xee\x8b\x76\xe3\xec\x19\xad\x08\x69\x06\xff\xc4\xb9\x66\x35\xc5\xb3\xd3\x8b\xd8\x80\x0c\xe8\x73\x96\xe6\x84\xcd\x45\xb3\xd3\x27\x52\xe5\x80\xb6\x62\x12\x45\x7b\x0f\x46\xc8\x04\xd7\xd0\xb4\x3f\x9b\x9d\x9c\xbc\x73\x55\xce\x40\x68\x14\x35\x52\xee\x5a\xe5\xb3\xbd\xcb\xc7\x6a\xbc\xbf\x36\xbc\xab\x39\xa1\xb9\x85\x6e\x81\xbd\x0f\x83\x47\xac\x22\xc5\x0b\x44\x79\x76\xee\x83\x28\x18\x36\xeb\x4a\xde\x81\x2a\x1a\x8a\xe8\x73\xa2\x17\xd1\x79\x04\xf4\xb7\x93\x13\xda\x54\x1b\xec\xac\x2d\x1d\x1f\xb7\x20\x35\xec\xad\x6a\x1c\x76\xe1\xe0\x4a\xaf\xab\xb7\xe9\x5d\x37\x15\x81\x63\x4b\x0b\x33\x40\x52\xda\xed\x7a\x17\xea\x5d\x7a\x6b\xf6\x24\xe6\xe5\x4a\xc0\xac\xc4\xd9\x60\x12\xf7\x6f\xe8\xd7\xbb\x93\x13\x0d\x3c\x35\x4f\x6f\x87\x37\x23\xba\x4b\x73\xc6\x74\xe1\xe4\x64\x1e\xdf\x5f\xdb\xc0\xc3\x25\x0d\xf5\x35\xac\xb9\xd0\x25\x77\xb0\xf1\xa6\x88\x15\x93\xe1\x21\x8a\x20\x6c\x0c\xbe\x71\x97\xbe\x8d\xf7\x05\x2b\x40\x53\xe8\xa4\xe7\x08\xbe\x3a\x3d\x55\x63\x78\x7f\xe8\xe2\x4c\x89\x56\xdd\xf4\x46\x51\x41\x34\x64\x15\x7e\x2b\x97\x6f\x2d\x3b\x08\x56\xc4\xa7\x9c\x0d\x7c\xf5\xec\x5c\x7b\x71\xdd\x10\x89\x59\x53\xa3\x77\xbb\x0d\xff\xdb\xc1\x9f\xf4\x6b\x71\x8c\x98\xd1\x7e\xd8\x80\x90\x6c\xe2\xbd\xa1\x0e\x33\x04\x93\x51\x13\x41\x94\x37\x76\x76\xa8\x75\x16\xb7\x04\x0b\x2f\x70\x32\xa0\x7a\xac\x11\x5f\xfa\x46\x07\xd9\x96\x28\xf8\xde\x1e\x87\xac\x11\x8c\x93\xb1\x29\x37\x4d\x27\xe2\x95\x45\x6d\x6c\xe5\xb5\xb5\x97\x02\x23\x99\x7c\xee\x71\xda\xc7\xd4\x41\xb1\x9e\x4d\x38\xf8\xcf\xad\x27\xe3\x50\x44\x1d\x26\xc6\x8b\xce\x9d\x61\x41\x27\xcc\x18\xea\x48\xeb\x87\x90\x54\xe6\x57\x9f\xaa\xa5\xef\xbd\xc7\x09\x87\x73\x6f\x6c\x4d\xed\x69\xe6\xb9\x38\xcf\x9c\x11\x3e\x0c\xd3\xe5\x73\x14\x4d\xf5\x30\x22\xd2\x36\xd0\x25\x84\x4a\x2d\x53\x8c\x26\x35\x38\x5d\xd8\xcf\xe0\x6c\x11\x2f\xaa\x8a\x2d\x07\x60\xb1\x4c\xbc\x1e\xcf\xe1\x65\xba\x04\x0f\xb5\xf4\x6c\xa4\x74\xd2\x9b\x39\x78\x42\xfc\xe6\xb7\x5f\x62\x77\x77\xae\xd8\xc4\x10\x6b\xf1\xda\x86\x17\x48\x7c\x8a\x1f\x8c\xb5\xc2\x0e\xb1\x64\xe6\x92\x6d\xdb\x4c\x66\xd8\xed\x2f\xf5\xc3\x11\x3a\x57\x86\x6a\xf9\x82\x82\x56\x65\xc2\x31\x89\x4e\x6f\x7a\xa2\x8e\xad\x23\x5a\xd5\x5f\xb0\xf9\x37\xd0\xd0\x29\x47\x34\x2e\x8d\x28\x20\xac\xb5\xe9\xe9\x7e\x96\xfe\xdc\xf3\xc3\xc8\x4d\x30\x22\x09\x52\xb5\xc3\x7b\x46\x33\x8b\x96\xa2\xbf\x33\x28\xd5\x6d\x57\xe6\xe9\x55\x40\x30\xc1\xed\x5e\xa7\xd2\x1d\x44\x39\x72\xe8\xec\xf5\x83\x7d\x32\x51\x90\x97\xe6\x80\x6b\x8f\x86\xd4\xb1\x9f\x97\xe6\xc8\x9d\xa9\x0b\x74\x72\x6c\x1d\x4d\x89\x24\x22\xda\x36\xab\x47\x9b\x62\xbd\xa8\xca\x58\x65\xf4\x0a\xeb\x2c\x48\xa0\xa3\xe5\xb4\x8c\x89\xcf\x63\x27\x24\x40\x28\x3d\x1c\x8f\x49\xb5\xec\x95\xef\x9a\x43\x04\x4c\xc7\xf6\x45\xb1\x71\xcc\xd1\x2e\xae\x1c\x82\x71\xab\x9a\xee\x3d\xe9\xf1\x31\xad\x58\x28\x5d\x03\xaf\xc7\x03\x01\x30\x17\x0f\x38\x91\xb6\xc7\x38\xb6\xb8\x6b\x5b\xd6\x3d\x74\xc2\x87\x6a\x33\xfd\xe4\x4f\xe2\x82\x1f\xa9\xe8\x4f\xa2\x2a\x72\x5a\xba\x9a\x8e\x08\xe5\x21\xab\xee\x76\x57\x99\x68\x8c\x76\xac\x1d\x95\xec\x63\x3b\x86\x1a\x8f\xd4\x01\xfb\x74\x31\x10\xa7\xae\xa4\xee\xbd\xa5\x22\x6b\x46\x0d\x35\x4e\x74\x66\x3c\x91\x98\x26\xe7\xff\xd5\xf0\x6b\x6e\xed\x1a\xab\xc6\xce\x38\x0c\xc0\xeb\x4c\xe8\x64\xce\x3b\x21\x62\x08\xbf\xe8\x03\xfd\x96\xa2\xb6\xe3\xfa\xcd\x43\xfd\x24\x96\x5b\x54\x73\xc7\x87\x55\x73\x6e\x2c\x4c\x20\x1a\x3b\x27\x1d\x9a\x38\x0d\xd2\x55\x6b\x96\x73\x4d\xd7\x2d\xfb\x7b\xa3\x4d\x2c\x39\xf5\x1b\x33\x00\xe5\x0d\x74\xb5\x83\xda\x88\xc3\xb9\xf7\x90\x1f\x5d\xe9\xf9\xd1\x95\xbe\x1f\x5d\xac\x26\xd9\x1e\xae\x81\x0b\xde\xf3\xe9\x96\x11\x15\x57\xeb\x74\xeb\x3c\xa8\xf4\xad\x21\xf1\x3f\x82\xd0\xb8\x5a\x5b\x7d\xd0\x42\x9f\x66\x54\xde\x1d\x6b\x74\x57\x40\x53\x8d\x2f\x1a\xc3\x41\xfd\xfc\xf2\x05\x6d\x02\xba\xc9\x3f\xe9\x96\x75\x83\xdc\xda\x9f\xec\xa1\x78\x6b\x3e\xc2\x44\x27\xa0\x71\xc4\x96\x9c\xfd\xfa\x94\xc1\x25\x00\x41\x71\x36\x78\xd6\x19\x24\x4f\xdf\x9c\xbd\xb9\x78\xb6\x03\xc4\xc4\x1d\x3d\xee\x0d\x7f\x4d\xfe\xf4\x66\xf8\xa6\xa7\x46\x8f\x1f\x9d\x39\x55\xc6\x3b\x33\xae\xc0\xc3\xf4\xe1\xa9\x72\x6b\x5b\x59\xf4\x80\x10\x16\x38\x8d\x80\x65\x36\xf6\x7f\x83\xd8\xa6\xe0\x94\x01\xd7\x8a\x3d\x1f\x44\x79\xc3\x23\xb4\xa5\x9e\x90\x91\x77\x2f\x37\xd1\xb4\xb8\x81\x77\xd6\x77\xd5\x56\x29\xec\xb2\xc6\x4a\xeb\x23\x48\xda\xdd\xb1\x6c\xc4\x43\x5f\x76\x60\x6b\xf1\xb3\xf4\x5c\x9a\xb0\x37\xb5\x1c\xc0\xd2\x80\x15\xd0\xb3\xed\xd0\x41\x1c\x25\x8b\x25\x51\x2b\x38\xdb\x20\x14\x46\x14\x1c\x86\x88\xb3\x0b\x85\x93\x22\x64\x51\xd5\xdd\x75\xd9\xa7\x65\x40\x62\x7f\x42\x72\x69\x58\x04\x06\x4e\xe9\x41\xde\xd6\x83\x30\x68\x9a\x41\x70\x3d\xc0\xd6\xce\x3d\x3b\xed\xb5\x79\x6f\xf9\x60\xb4\x9a\x41\xc2\x2d\x7f\x02\x9c\x5f\x8f\x19\xf2\x3a\x40\x2f\x02\xa1\xf4\x90\x7b\x3a\x74\xd6\xb8\x12\x73\x69\xf4\x60\xbc\xba\x6c\x94\x41\x05\x54\x34\x06\x28\x76\xca\x19\xad\x1a\xf4\x5f\x92\x51\x80\x59\x96\x41\x58\x9d\x4d\x38\x6d\x80\xe4\x5e\x0c\xcc\x9e\x43\x08\x43\x19\xb3\x4a\x56\x33\x60\x5c\xd8\x5c\x0d\x82\xab\x2e\xfb\xf2\x21\x8a\xc2\xba\x82\xb5\x0c\x70\xed\x6b\xef\x34\x68\x30\xf3\x59\xc7\x17\x3c\xde\xed\x76\xbc\x07\x5f\x3c\x8f\x19\xf2\xb4\xcd\xf4\x73\xac\x4b\x36\x7d\xb1\x4e\x4e\x6e\x2d\x47\x83\x37\x12\xdb\x0a\x13\x11\xba\x17\x87\xe6\xf7\xea\x77\x41\x9f\x21\x8a\xd0\x79\x3a\x7c\x73\xf7\xe6\xa7\x51\xf7\x59\x3c\xfc\xf5\xd9\xe8\xf1\x4e\x23\xd2\x3c\x66\x00\x9a\xcf\x53\x0b\xa8\xdd\xce\x3a\x33\x9f\x1c\xcc\x7f\xeb\x16\x15\xdd\x46\x41\x67\x95\x08\x89\xe7\x23\xe2\x29\x9f\xc9\x6f\x23\x97\x9d\x5e\x8c\x1c\x62\xdb\xb3\xf4\xd3\xc1\x50\xc4\x5a\xb6\xb0\x8f\x92\xdf\x0d\x1c\x89\x82\x72\xea\xb8\x18\xa2\xb8\x61\x09\x8f\x73\x18\x81\x05\x70\x7b\x00\x35\xd0\xfb\x58\xaf\x8f\x38\x69\xa0\x1c\xe7\xf6\x19\xeb\x77\x0c\xac\x09\xf1\x93\x47\xb4\x00\xb7\xd9\xa2\x40\x93\x17\x03\xec\xe4\x24\x57\x3e\x12\x36\x5d\x30\x24\x2c\x0e\x5e\x7e\x53\xe5\xc6\xf5\x88\xb7\x6f\x0b\x7a\xcb\x9c\x67\x53\xbd\xd5\x5e\x8c\xf8\x5a\x13\xd2\x37\x17\x64\xe1\x02\xba\xef\x3c\x0e\x68\xad\x46\x76\x8e\x07\xfa\x87\x08\x1b\xd2\x2b\xf6\x77\x2b\x14\xdf\xe9\x7b\x73\xb0\xb7\x9b\x61\x5e\x0f\xd5\x2d\x00\x79\xa2\x4a\x0e\xb7\xf4\x0c\x9e\x1d\x6f\xbf\xa7\x17\xbc\xff\x20\x11\xd0\x66\xf1\x71\xbc\xd3\xb9\x0a\xb6\x48\x9a\x29\xff\x73\x5e\x34\x52\x27\x78\xcd\x54\x27\xc5\xc3\xcf\xc4\x49\x1d\xf9\xb0\xcd\x75\xf0\x7d\x0f\x40\x6d\xef\x07\xfa\x2f\xaf\xee\xce\x82\x4e\x70\xeb\x3a\xef\x1c\x98\x4d\x6f\x5c\x2b\xed\xcf\xb0\x37\x99\xf9\x05\x44\x43\x0b\xfc\xd9\xc9\x34\xf9\xd9\xf7\x3f\xf7\x6c\x3b\xd8\x08\xea\x7d\xba\x80\x70\x8d\xc5\xff\x85\x6c\x21\x19\xc4\xcd\x0e\x4e\x6a\x74\xf9\xe3\x62\x3b\x9b\xef\x38\x48\xf4\x4c\x3d\x4f\xef\xd9\xf7\x8a\x4a\xb0\x99\x4a\xbc\x2f\x36\xf8\xcd\xf9\xa2\x61\xa6\x42\xae\x69\xa2\x70\x7d\x47\x92\xe1\xd4\xdc\x7e\xb4\x30\x15\xb6\x1d\x2e\x8c\xab\x42\xc6\x66\x84\x58\x00\x7e\xdc\x1c\x18\x65\xba\x77\x47\x2b\x12\x98\x2e\xcf\x36\x9d\xc2\x78\x3c\x69\xa1\xd5\x1d\x8a\x30\x96\x8b\x9d\xfa\x20\xb6\xe8\x70\xd4\x62\xd4\xae\x63\x74\x64\xc7\x6c\xfa\x2d\x4c\xfd\x4e\x67\xcd\x28\x92\xde\x41\x04\x37\x99\xa6\x7d\x79\x61\x26\xc3\x17\xbe\x7d\x02\xda\x7e\xba\x08\x4e\x0b\x0e\x0b\x6a\x62\xe3\x84\x11\xa0\x7a\xb8\xa3\x79\x27\x0c\x09\x3a\xf3\xe5\xa6\xf2\xa1\xdb\xc3\x0e\xeb\x88\x27\xff\x5c\x84\x59\x4c\x4d\x52\x4b\x75\x89\x15\x6e\x1c\x8d\x03\xae\xc7\x61\xad\xf3\x72\x4b\xce\xad\x46\x9f\xb7\xbd\x6c\x90\x72\xd4\x87\xb2\x19\x43\xd6\xaf\xc7\x2a\x01\x1f\xc8\x3a\x0b\x5c\x40\x57\x3b\x19\x4c\xc4\x75\x45\x7b\x89\xd6\xc3\xa9\x0f\x70\x12\x0c\x39\x4b\xdd\xb2\x36\xe0\xc0\xde\x55\x3b\x94\xc6\xce\xf8\x61\x8f\x50\xa8\x56\xd8\x7f\x00\x89\xad\xdb\xb8\xb5\x41\x0b\xec\xad\x66\xa4\x16\x1c\x8f\x23\xc4\x20\x36\x50\xb6\x72\xee\x19\xe2\x8d\xb3\x21\xd1\x54\x9b\x8f\x09\xfd\xc3\x07\x15\xd0\x33\x4f\xe2\x0b\x89\xf8\xd8\x41\x88\x4d\x35\x87\x1c\x90\x59\x54\x56\x96\xed\x58\xcb\x8d\x14\x02\xba\x57\x41\xba\x03\x22\x99\x24\xaf\xca\x8b\x0c\x99\x4a\xd5\x7d\x51\x4f\x93\xe0\x57\x48\xcf\x3b\x06\x59\xb8\x86\xb2\x9f\xd4\xae\xcd\x8a\x85\x32\xd3\xc7\x30\xfd\x52\x9a\x59\xdf\xd2\x17\xe1\x96\x76\x46\x72\x0d\xc1\x7a\xdf\xe2\x23\x62\x5c\x33\x9a\x61\x9f\xb9\x0e\xcd\xf2\x4f\x2c\x1d\x1d\xa4\xe9\x58\x2b\x66\x32\xec\x8e\x08\x93\xf5\x8c\x8e\xb1\x7d\x83\x29\xde\x41\xe0\xe2\x96\x57\x19\xb7\x78\x51\xf7\xf5\xd0\x2f\x60\x18\x02\xa7\xd9\x78\x2f\x34\xf2\x50\xd9\xba\x73\xb0\xae\x9b\x56\xc4\x83\x5d\x69\xf9\xc4\x87\x5e\x39\xf0\xa5\x8f\xeb\xbf\xff\x3d\x1e\x00\xd4\xf6\x91\x43\x57\x77\x7f\xc6\xeb\x9a\x3a\x1f\x98\x2f\xfd\x14\x11\x83\x6e\xe0\x91\x26\x21\xf6\xa4\x7e\xc8\x40\xca\x9e\x4f\x0f\xd6\xe3\x2b\x0b\xf0\x92\x39\xc8\x5a\x35\x13\xfa\xa9\xe3\x81\xcc\xde\x22\x62\x99\xf9\x18\x7e\x08\xb1\x08\xf6\x28\x0e\x04\x38\xe5\xda\xbb\x9e\xf9\xc5\x4b\xf6\x91\x3b\xe3\x67\xc4\x43\x18\x78\xab\xff\x39\x66\x1b\x63\xc1\x4c\x4e\x83\x14\x95\x6c\x6c\xb4\x82\x20\xdb\x37\x7d\xa6\x04\x0a\xe7\xce\x73\xf6\xda\xb5\xb4\xa1\x8a\xd5\x17\x4e\x4f\x06\x8f\xfd\xb7\xd5\x9a\x7d\x84\x54\x8d\x9c\x54\xb1\x61\xb1\xbf\x4a\xcf\xde\xbc\xea\x9e\x4d\xd4\xd7\xe9\xbd\xe7\x1c\xf0\x57\xb7\x3f\xbf\x46\x4f\xef\xad\xda\x5a\xef\x67\x1d\x06\xda\xf9\x8a\xf5\x9e\x2a\xf4\xce\x05\x9f\x07\x97\xb3\x58\xe5\xb4\xff\x9f\x13\xf1\x44\xf6\xe3\x4d\x10\xb7\x46\xe2\x66\x93\xfc\x7e\xcd\x1d\xc2\xc7\x13\x77\xe2\xee\x95\x8e\x6f\x0c\x80\x88\x71\xa4\xcd\x10\x36\xbd\x24\x36\x98\x4d\x1f\x97\xae\xfe\xb9\x11\xde\xa8\x99\xd5\xf5\x72\xfd\xfe\xe4\x64\x0e\xaf\x10\xc0\x73\xd3\xfa\x3a\xd7\xb1\x7e\x53\x27\x38\x1e\x9f\xf7\x49\xc8\x1d\x3f\x9b\xf4\x27\x72\x0e\x4f\xe1\xcc\x21\x7a\xca\x39\xb4\xba\x73\x30\xc4\xec\x3b\xc8\x71\x7f\xdb\xe5\xea\xbb\xc5\xd7\xd9\x7c\x43\xcc\x4a\x8e\x44\x20\x72\x3c\x95\xf0\x3c\xa1\x8a\x3a\xb3\xc1\xcc\x8a\xce\x97\x9d\x99\x51\xf4\xc6\x49\x3e\x40\xd3\x93\x2b\xe3\x62\xc8\x1e\x5c\x57\xe9\x7d\x70\x12\x08\x68\xa1\xb1\x0e\x99\x66\xf6\x6d\x32\xa7\xa3\x49\x87\x97\x21\x4f\x45\x5e\xcb\x2a\x23\x3c\x98\xc6\x91\xa6\x15\x18\x20\x48\x97\x03\x63\xa5\x38\x39\xb9\x82\x7b\x25\x95\xd8\xed\xa6\xe6\x94\x4d\xd8\xcb\xd3\x34\xdc\x71\x09\x88\x9e\x98\xc0\x9a\x15\xef\x3d\x94\x6e\x55\x0e\xdc\x20\x26\x39\x2f\xd9\x42\x5d\x32\x30\xa5\xcf\xe5\x2b\x01\x66\x6b\x49\xf5\x02\x18\x02\xbd\xa0\x2c\x78\x78\x8b\xfc\x66\x38\x48\xc0\x63\x6b\x08\x7a\xe0\x27\x52\x6f\xc1\x52\xc4\x53\xa3\x7a\x2e\xa0\x7a\xc6\xd6\x19\x3f\x83\xf7\xc9\xf8\xf4\x54\x4d\xf8\x17\xfc\xc1\xf7\xb2\x0d\xf6\xaa\xce\xc2\x59\x86\xc0\x55\x9e\xa9\x29\x33\x2b\xc7\x1d\x0d\x12\x69\x54\xf3\x75\x2f\x4a\xd7\x13\x83\x30\x2f\xdf\xd0\xb3\xdb\x5a\x70\x96\xe6\x9a\x3b\x0e\x0b\xb7\xe4\xc2\x39\x9e\xee\x15\x32\xf9\xb5\xd4\x33\x33\x75\x10\xd3\xe6\xad\x26\x5d\x25\x5e\x6a\xad\x70\xc6\xfe\x82\xd5\x4f\xb3\x6d\x7b\x96\x23\xf4\x97\x06\xec\x78\xc6\x06\x25\xce\x23\xa0\x72\x38\xee\xe7\x42\xb8\x06\xfa\x6f\x87\x96\xf2\x88\x16\x80\xb6\xe4\xe5\x71\xc2\xf3\xae\x3f\x8f\x4f\xb4\xb4\xf9\xaa\x67\xbe\x5d\xcf\x59\xe4\xbd\xd7\xd6\xea\x63\x62\xc4\x0d\x05\xba\xf2\x73\xc3\x7c\x09\x14\xed\x75\xab\x6b\xee\x70\x18\xad\xab\xcd\x72\xfe\x16\xea\xe4\x72\xb9\xa0\x3f\x1e\x31\x02\xf8\x57\x51\x1d\x09\x79\x80\xb2\x59\x97\x2d\xa3\x91\xc2\x8b\x8c\x55\xa9\xa2\x71\x46\x64\xfb\x03\xef\x5d\xb2\x97\x2d\xbf\xb7\x58\x6e\x67\xe3\xf7\x11\x0e\xc3\xe5\x04\x41\xc8\xb5\x77\xcd\x6b\x23\xc4\x0d\x44\xc0\x5a\xe1\x93\xb2\x4c\xef\x49\x9e\xdf\xb6\x0d\x59\x41\xe4\x6f\x7e\x97\xbd\xdf\xb4\x3c\xab\x7a\xe8\x96\xb7\x21\x7b\x68\x6e\xa7\x31\xaa\xdb\xa9\x7f\x70\x1a\x78\x48\x5b\xcc\x91\x76\x33\x9a\x1e\x5c\x5e\x3b\x99\xd1\x86\xbe\x49\x1a\xca\xc4\xc2\x0b\xe2\x4f\xbf\x1a\x02\x87\x75\xd4\x69\x7c\x76\x02\x50\xb8\xd6\xbc\x55\xfd\x4c\x14\x0e\xae\x3e\x88\xb5\xd7\x33\xa2\xb1\x03\xfb\xb3\x13\x4b\xa7\x8b\x9e\x9e\x30\xdd\x69\x5c\x63\x22\xc0\x68\xcb\xd0\xb3\x24\x82\xe9\x20\xaa\x46\x8d\x39\x1f\x75\x23\xac\xbc\x68\xc4\xdf\x65\x5a\x58\xb8\x5a\x25\x67\xdc\x44\x12\x5f\xd8\x26\x01\xdc\x4f\x65\x82\x23\x19\xbb\xc2\x60\x8b\xf8\xe7\x43\x39\xce\xec\x22\x85\xa6\x39\x29\xf7\x08\xe2\x76\xe7\x28\x89\xb2\x33\xf6\xc4\xc4\xe4\xa8\xe6\x18\x67\x6e\x8c\x81\xfe\x4a\x07\x1e\xb0\x5c\xfb\xa5\x0c\x6b\x3a\x01\x2f\x8f\x93\x86\x7f\xf8\xa3\x4c\xe7\xc5\x9e\xa4\xc6\x8b\x5f\xb3\x11\xbd\x67\x08\x03\xdd\x79\xc2\xd7\x20\x0c\xb1\xaa\x78\x40\x46\x2d\x39\x1a\xaa\xd6\xa1\xaa\x06\x65\xd2\xbe\x63\xc3\xf2\xd4\x2e\xb3\xc3\x19\x2c\xcc\x8c\x58\xc5\x79\x71\x74\xa2\xb3\x8a\x98\x19\x58\xec\xee\xa6\x55\x9b\xaf\x36\x1c\x11\x1b\x09\x21\x38\x59\x9f\x15\x67\x21\x1b\xc0\x13\xe9\xf0\x7a\xa9\x12\x9c\xf5\x1c\xe8\x3e\xc8\x12\x6f\x65\xc3\xa7\xf2\x00\x27\x6b\x6f\xe3\x4c\x07\xd7\xc3\x3d\x2e\xf0\xab\x9e\xfc\x8b\x04\xcd\x46\x13\x93\x8a\xe3\x35\x66\x83\x89\x5e\x77\x4c\xe7\xf0\x81\xe4\xf4\x74\xbc\xdb\x4d\xcc\x8a\xb5\xf7\x69\x49\xb0\xa9\x9c\x6d\xde\xcf\x2e\x58\xc6\x9e\xb1\xef\xad\x9c\x42\x15\xe2\xe8\x82\xcb\xab\xe0\x92\x84\x73\x51\x32\x17\xb4\xe3\x6a\x63\x81\x5b\x6e\x38\xfc\x2b\xb3\x83\xd0\x86\x2b\x1c\xa1\xb2\x81\x26\xcd\x0d\x84\x12\xf0\xd2\xe2\x0e\x58\xb4\xb9\x7a\x4f\x50\x87\x9a\x78\x9b\x43\xb3\x96\xdf\x70\xaa\x41\xd1\x83\xa5\xad\x6c\x3b\x3f\xaa\x37\x2b\x33\x2b\xcb\x11\x79\x9b\xcb\xeb\x42\xf1\x2b\x3f\x65\xb3\x6d\x42\x7c\xd6\x72\x5e\xca\x83\x80\xb1\x1c\xe8\x8a\x51\xaa\xdb\x4d\xf4\x55\xe7\x18\x88\xde\xeb\x46\x71\x86\x8e\x39\x3e\x1f\x9c\x9e\x7a\xaf\xb1\xaa\x8f\xab\x86\x03\x95\xbd\x60\x5c\xdb\x63\x14\x3f\x39\x09\xca\x3f\x3b\xa7\x62\xdf\x04\xa3\x32\x57\xc3\xc5\x48\xeb\x8e\x88\x8b\x9a\x4c\x2a\x0d\x41\x00\xb5\x1f\x38\xd4\xda\xdd\x4e\xc4\xb5\x01\x40\x1e\x0f\x97\xe3\xb1\xbd\x13\xd7\x44\xf0\x6f\x69\xb7\xce\x35\xd8\x6d\x0d\xfd\xf2\xcb\xef\x5e\xea\xd8\xa9\x17\xcb\xac\x04\x54\xd6\xb7\xd0\xab\xab\xac\xbd\xb8\x60\x5f\x4a\x11\x33\x4e\x30\x1c\x05\x13\x93\xfa\xe1\x42\xc6\x84\x8f\xfe\xa6\xc1\xb6\x8a\x60\x0e\x07\xa6\x61\xc4\xa1\x8d\x5c\xc5\x2b\x1c\x6a\x83\x4d\xb5\x7d\x3d\xbb\xae\x96\xb7\xdb\x8e\xae\x3a\x4e\x3a\xf3\x16\xec\xce\xc3\xad\x6f\x96\xf5\x9a\x4e\x5c\xc7\x37\x76\x15\xe5\x6c\x39\xaa\xad\x2c\x5e\x8f\x7f\xe3\x70\xa3\x82\x16\x76\x8d\x00\x18\xa1\x42\x7b\x0d\xb7\xb9\x9f\x42\x8b\x09\x7b\x81\xcd\x2a\xe6\xf8\xeb\xf8\xbe\x82\xf4\x80\xbd\x3b\x85\x5a\xbc\x88\xcd\x67\xb8\x76\x62\x52\x87\x53\x58\x4a\xf8\x0b\x36\xf6\x34\xc8\x7e\x87\x0a\xc2\xbc\x3a\xa5\xe4\xff\x83\xa3\xdf\x25\xeb\xd0\x3a\xce\x42\x69\x80\x8d\x69\x10\x2f\xd3\x9c\x2e\x0e\x90\xb3\x4b\x4f\x97\x55\x30\xf8\x99\xd6\xde\x5b\x47\xda\x9c\x03\x09\xe1\x60\x4c\xe4\xdd\xd0\x33\xdc\x99\x2a\xf3\x28\x76\xee\x81\x15\x11\xd2\xcb\x81\x69\x47\x9c\xcc\x90\xfa\x15\xa2\x51\x01\x27\xa6\xbe\xf4\x7a\xb5\xfd\x32\xdb\x66\x6d\xdb\x3d\x54\xb9\x0a\x18\x89\x7f\x7d\xdc\xf5\xec\x7f\x6e\xb1\xff\x9d\x16\xbb\xd6\x48\x89\xb2\xdd\x46\x89\x8a\xa6\x12\x4e\x1a\x80\xca\x3d\x57\xf7\x41\x68\x9b\xf9\xee\xfd\x7e\xaf\x19\xff\x9e\xce\x23\x28\x36\x68\xfc\xea\xfe\xbd\xc7\xb9\x84\xf6\xfc\x37\xbd\x50\x7f\xd7\x7d\xd8\xa4\x7e\x6f\xe8\xb6\x97\x2d\xf5\xaa\x7a\xdf\xc8\x75\x6b\xdf\x83\xba\x4c\xf7\x57\x00\xa8\x72\xb4\x0d\x29\x94\xfc\x16\x8c\xb4\x0b\x3f\x9d\xd5\xba\x05\x0c\x80\x9d\x87\x85\x52\x13\x18\xb0\x57\x6d\x03\x30\x63\x9b\xaa\x85\xca\x2e\xe3\xc6\xfb\x85\xf2\x58\x10\x2a\x18\x28\x4f\x79\xe0\x48\x4e\xa7\x75\x16\x5c\xb3\xcf\x7a\x81\x18\xb4\xed\xc1\x9c\x6d\xfc\x02\x8d\x03\x56\xd6\x38\xf5\x5e\xaf\x46\x07\x0c\xdf\x63\xb8\x36\x14\x7d\xb3\xfa\xb1\xd6\xbd\x14\x80\x40\xc3\xb1\x4d\x0d\xaa\x03\x96\x93\xcd\x83\x55\x8a\xd5\x69\x0c\xff\x78\x3f\x13\xd8\xb8\x9e\x6e\xd6\x39\x56\x7a\x95\x79\x8d\x1e\x85\x78\x46\x02\x84\x90\xe0\x8c\x24\x66\x9b\xb7\x6e\x7b\xd7\x9b\xaf\xed\x76\x79\x8b\xf2\x86\xee\xd9\x22\xc5\xa0\xa3\x4d\xbd\xd0\xd6\x72\xb4\xb2\xdb\xfb\x9a\xab\xd2\x8f\x16\x3d\x9b\xbd\x8f\xa1\xad\x12\x63\x1e\xda\xea\x56\xb8\x37\x0b\x6a\x6f\x1e\x37\x05\x6b\xdf\xe4\xc9\x2e\xcb\xfe\x54\x4d\xfc\xe1\x90\x98\x08\xd7\x93\x38\x78\x06\x46\x95\x1d\x7a\x5d\xa2\xc9\x3c\x1e\x70\x66\x3b\x71\xa6\xcd\x59\xcd\xe5\xb5\x18\xcd\x85\xc2\xca\xef\x82\xe2\x24\x8e\x44\x5c\xd2\x61\xae\xaa\x11\xdc\x58\x2a\x64\x84\x90\xbb\x70\x13\x28\x03\x35\x12\xfb\x2e\x96\x4d\xdf\x45\x8d\x95\x3b\x19\x96\x48\x1d\xbb\x67\x09\x1e\x1b\xf3\x50\x66\x4c\x7f\x69\x79\xdd\xaa\x6d\x42\xce\xc7\x1a\xb3\xf4\x5d\x64\xeb\x50\x82\xac\x15\xb5\xa0\xf8\x0f\xd4\x46\x02\x2a\x06\xfe\x05\x73\x68\x7f\x57\x2f\xf5\xdf\x7f\x68\x0b\xf6\xbd\x98\xaf\x1f\xbf\xd9\xef\xde\x0c\xcd\xef\x11\x6c\xd7\xdf\xa5\x67\x9d\xe1\xe7\xa7\xff\x42\x1a\x67\x47\xf7\xbe\x0f\x57\x9e\x3f\x57\x0d\x8c\x79\xc9\x3a\x18\x95\x34\x24\xa7\x51\xd7\xa1\xab\x7d\xa7\xa2\x53\xf8\x31\x37\xa2\x8a\x6b\x2e\x4b\x74\xa4\x34\xd6\x30\x7d\x19\x34\x89\xa4\xd4\xed\xfa\x96\xcf\xf4\x82\x13\x8b\x8d\xa1\xf3\xd2\x97\x17\x49\x84\x83\x48\xae\x18\x20\xa7\x5b\x74\x23\xb9\xec\x16\xc9\x3f\x0c\x20\xce\x40\x5b\xa3\xff\xf6\xea\xbb\x7f\xb0\x92\xc9\x83\x55\x7b\xe9\xad\x6f\x39\x1d\x8b\x34\x04\x1d\x2b\xf6\x81\xf5\xed\xc0\xc4\x1f\xbd\xec\xe9\x87\x6c\xe0\x7a\xe1\x5d\xd1\x14\x87\xef\xc8\xc0\x22\x3d\xba\x7d\xd7\x3b\xb1\x0b\xbb\xaf\xbe\xac\xbf\x16\xdf\xbf\xd4\x8c\x94\xc6\x6a\xfb\xad\xb5\x66\x5d\xeb\x8b\x7a\xad\xbf\x1d\xac\xf6\x45\x50\x6d\xdd\xe6\xd8\xf8\x48\x73\x8f\xe3\x1c\x9e\xc0\x07\x7c\xec\x79\xe5\x05\xab\x46\x8e\x2a\x4f\x85\xcc\x8c\xc7\x4b\xa6\x3d\x63\xf1\xf6\x19\x7b\x66\xb9\xe3\x17\xf2\x44\x45\x7a\x20\xb1\x5c\x36\x60\x46\x69\x4d\x4c\x9a\x7b\x74\x42\x5b\x93\x15\xda\xf8\xd1\x03\xe0\xab\x3a\x67\x97\x21\x8b\x7c\x24\xcb\x53\xb4\xde\x3e\x9d\x28\xb5\x42\xe9\xcf\xb4\xfd\xbf\x97\x58\x1e\xc4\x4b\x11\xe3\xf1\x82\xd7\x46\xbd\x09\xf0\x53\x30\x47\x99\x49\x47\xd1\x4c\xf7\x2a\xf6\x2d\x96\xaa\x3d\x9e\x40\x56\x9b\x48\xb2\x80\x4d\xf8\x5b\x3d\x2d\xb7\xf3\xb5\xf6\x9b\x28\x1e\x18\x63\x8f\xac\xe7\xda\x51\x44\x8f\x1f\xd5\xe6\x11\x67\x97\x24\x2e\x28\x53\x3e\x50\x46\x3a\x2e\x8f\x5b\x8b\xc9\xde\x68\xed\x94\x1c\x75\xf2\x15\xee\x4e\x19\xf7\xbd\x8e\x96\x38\x73\x4e\xc5\x40\x67\x27\x83\x27\xc2\x7d\xe6\xe4\xc4\x1f\x19\x4e\x43\xbe\xd7\xa0\x8f\xaa\x29\xfb\xca\x13\x2d\x50\xb5\xac\xe8\x5a\x2e\xf1\xc6\x1c\xe8\xb5\x6e\xa7\x41\x16\xbc\x59\xed\x37\xb7\xd5\x6d\xf5\xf0\x01\x9c\x21\x8b\x2e\x47\x51\x8d\xdf\x01\x8b\x88\x5f\x81\x1a\xed\x85\x3b\x65\xe1\xd3\x76\x5c\x4a\xc2\x44\x9b\xad\x1a\x25\xbc\x4d\xe9\x7b\x53\x10\xab\x9b\x58\x68\xef\x58\x71\xda\x22\x87\xba\x5d\x56\xcd\x66\x41\xf3\xaf\xdb\x20\x60\xa3\xb4\x66\xb8\x94\x34\xa0\x74\x1a\x0b\x28\x2f\x6c\xd4\x27\x95\xfa\x8d\x8b\x7d\xb3\x5c\x5e\x6d\x2c\x80\x89\x1b\xa0\x45\x4f\x7f\x4d\xa8\x41\x1f\x7e\xab\x46\x9d\x08\x5d\x8c\xe8\xd9\x6d\x85\x25\xed\x3e\xc4\xa8\x75\xd0\x90\x54\xfb\x31\x18\xc8\x50\xff\x5d\x2a\x2a\xa7\xd8\x98\xed\x17\x48\xbf\x29\x22\xc5\x84\x03\xda\x8e\x49\x14\x61\x02\xc2\x2a\x6e\xd6\xe3\x40\xd3\xe5\xb5\xb5\x3d\xd5\xac\x1e\x7e\x2e\x11\xf5\x2d\xed\x93\x89\x28\x98\x16\xdb\x21\x2f\xd4\xbd\x28\xd0\x0f\x6b\x54\xeb\xfa\x2c\x8f\x34\x0e\x73\x3b\xd5\xc5\x48\x12\x6f\xd4\x49\x65\xdb\x2c\x49\x3b\x9f\x18\x53\x5c\xc3\xf5\x81\x7d\xf4\x91\xdd\x14\x03\xa8\x40\xcc\x1a\x6b\xfe\x29\x9d\x6f\x7a\x6e\x0d\xb5\xb5\x90\xec\xcc\x3e\xe2\x6e\xf2\xc0\xee\xf4\xdf\xe6\x0d\xd6\x0f\x57\x81\xde\x0b\x4a\xcf\x21\x32\x87\x78\x33\x87\x2d\xca\x4e\x06\x6e\x69\xb8\xcd\xd3\xb2\x36\x1f\xde\x80\xad\x95\x14\xf3\x2a\x5b\xff\xf3\xc1\x7a\xf4\x9a\x94\x15\xaf\x38\x81\x7f\x53\x0d\xea\x87\xab\x5c\xa8\x2a\xd4\x11\xc8\x59\x65\x18\x51\x9b\x26\xd7\x6b\xdb\xe9\x69\x09\xe0\x30\x5f\x93\x32\x56\x48\xc0\x4b\xdb\xe0\xf0\xc4\x19\xba\x99\xa5\xba\x75\x7e\xf6\x16\x4d\x14\x00\xfb\xa3\xb2\x60\xb1\x32\x91\x28\x64\xbd\xe3\x58\xea\x76\x95\xbe\xe2\x45\xe8\x05\x8e\x4e\xa9\xf1\x95\xaf\x63\xd0\x3a\xae\x7f\x22\xef\xdd\xe9\x68\x00\x0e\xaf\x7c\xfc\xa6\xb7\x8b\xdf\x94\x5d\xba\x18\x56\x5f\x8d\xf8\x01\x5d\xee\xe2\x33\x9d\xdb\x47\xfd\x90\x0e\xa3\xd7\xcb\x55\xa4\xa2\x1f\xe0\x9a\x4f\x7f\xbf\x58\x6e\xb7\xcb\x6b\xfa\xf1\xa2\x1a\x6f\xa3\x91\x7a\x75\x28\x0d\x2a\x11\x1a\x98\xe7\x61\xc6\x60\xed\x43\xc1\xfb\x09\xce\xe6\x48\x2b\x0a\x70\x99\x63\xcf\x75\xa8\x06\x16\xcb\x26\xf4\xd7\xc2\x89\x1a\x10\x82\x1d\xc3\x12\x20\x13\xa0\xb3\x2b\x5a\x25\xbd\xc9\x50\x6e\x2a\xf8\x7a\x9d\x4d\x38\x96\x01\xca\x87\x10\x26\xbe\x91\xcc\x5c\xa2\x1d\x88\xcb\x6c\x3c\x31\x38\xf4\x45\x3b\x0e\x3d\x37\x28\xe2\x00\x8c\x10\x6e\x4f\x63\xe5\xab\xc8\xa1\xe6\xd7\xcb\x68\x6c\x7a\xc9\xa1\xee\x37\x8f\xa4\xa6\x2b\x41\x5d\x79\x3e\xa7\xc1\x83\x04\x83\xbf\xec\x40\x4f\x27\x58\xed\xca\x22\x9b\x19\xa0\x16\x95\x07\x11\x0c\x26\x8f\xe2\xb3\x77\x4f\xcf\xec\xef\x88\xbe\xb0\x58\x72\xf5\xcf\xe5\xad\x94\x3d\xca\x0f\xd4\x1c\x84\x16\x68\xdd\xd4\x8f\x7e\xca\x8e\xfe\x55\x8f\x51\x73\x66\x8b\x2f\x6e\xf3\x7c\x5e\x6d\x00\xd7\xa6\xef\x70\xc2\x60\x7e\xe5\xbf\x69\x3a\x49\xb0\x3b\x53\x3f\xc9\xbc\x5e\x2f\x6f\x37\xd5\x6e\xb5\x9c\x2d\xb6\xd5\x7a\xa7\x3d\xb8\x68\xdc\x6f\xe3\x5d\x41\xfc\xd5\xd5\x99\xfa\x59\x0a\xea\x9a\x24\x2f\x2d\xff\xbb\xbc\xdd\xe6\xf3\xdb\x35\x84\x11\x4e\x1e\x39\xfc\xb5\x37\x7a\xcc\xf9\x27\x7b\x9d\x1e\x32\x61\xfa\xce\xf6\xff\xf2\xb1\x21\xed\xdd\x47\x1d\x3f\x55\x97\xb9\xfb\x5b\x47\xa4\x08\xbd\x8a\xe7\x21\xdc\x8f\x96\x02\x88\xca\xec\xc1\xe2\x43\xbf\x97\xde\x4b\xba\x7d\xe0\xb3\xd6\x7d\xa3\x02\x54\xc0\x5a\x2e\x62\x9d\x89\xd8\x9c\xff\xcc\xae\xad\x81\xae\x3f\xb5\x3a\xd7\x71\x5a\xd0\x9a\x1c\x9b\x3b\x44\x9a\x5c\x7c\x1b\x67\xa0\xe1\xf4\xd2\x1d\xf9\x91\x9a\x34\xd3\xb1\xea\xcc\xd2\xb5\x34\x6e\x03\xa5\x9c\xbb\x92\xe8\xfe\x09\x5d\x4b\x95\xa2\xb2\x33\x57\x6d\x5a\x53\x4d\xb7\x16\x44\xce\x7f\x64\xc3\x37\xea\x31\x7a\xe0\xaa\x64\x87\xa7\xad\x78\xd7\xcb\x23\xec\x6e\x8e\x94\x30\x99\x1f\x3d\x6b\x83\xe6\x4c\xb0\x21\x99\x13\xa2\x93\xd3\x93\xa5\xa3\x08\x0e\x11\xb5\x38\xc0\x4b\x22\x87\xd3\xf4\x17\x71\x50\xce\x87\x97\x23\x71\xde\x58\xa6\x37\x29\x10\x09\xd4\x2a\xed\x00\x84\x40\x2a\xd3\x01\x54\x3d\x13\x41\x15\xab\x25\xe7\x61\x36\x6d\xe3\xb0\x93\x6c\x3e\x5c\xb2\x1c\x4d\x95\x74\xaa\xc1\xbc\x07\x0e\x63\x42\x7b\x1e\x42\x44\x32\xef\xe5\xc4\x70\xb2\x84\xba\xdb\x2d\xd5\xc1\x77\xaf\x52\x77\x80\x33\x08\xc6\x52\x2d\x69\x50\xb8\x8e\x1b\x11\xde\x4a\xa5\xe7\x2d\x29\x24\xa3\xb9\xcc\x93\x32\x33\x98\x54\x61\xe2\x55\x76\x2c\x3c\x10\x6a\x22\x62\x69\x45\x9c\x03\x11\x0d\x1a\xe0\xa2\x4a\x56\x3a\x3a\xac\x07\x6f\x29\x92\x86\x3a\xd7\xe9\x8c\x5a\x17\x33\xb8\x1f\x7e\xc1\xba\x7f\x6d\x7b\xf7\x7c\x79\x4b\x6b\xf5\x5c\xcd\x41\x85\x6e\x57\x27\x27\xfa\x87\x8b\x22\x59\xa9\x09\xe2\x48\x8e\x2f\x80\x55\x55\xd7\x5e\xc3\x12\xd6\xd0\x68\x2f\x69\x49\x43\x99\xad\x58\x33\x8e\xa1\xc6\x5f\x53\xe3\x15\xc8\x98\x1e\x02\xb3\x54\xc3\x1b\xa9\x8c\x08\xf0\x0a\x06\xd7\xc6\x21\xa2\xd6\x64\x3a\xe0\xce\xa9\xaa\x44\x47\x27\x5f\x31\xdb\xcd\x33\x22\xdb\x0e\x1d\x05\x5b\xdf\xaa\x58\xfa\xb8\xfd\xe7\xc4\xee\x93\x93\x60\x37\xc2\x29\xc6\xed\x24\xf0\xce\x7f\x64\xd9\x72\x12\xcf\x7f\x7f\xe5\x02\x40\xf3\xf0\xc2\x2d\x3f\xb0\x70\x65\x09\xf0\x17\xa7\x0c\xd3\x11\x24\xcf\x00\x4e\x2d\x92\x40\x47\x5d\xb3\x8a\x90\x29\x79\x90\xf4\x1e\x23\x01\x75\x0c\xf9\xa4\x83\x5f\x40\xae\x05\xa3\x9f\x5e\x87\xdd\x1b\x53\xf7\xae\xd2\x6b\x64\xf6\x47\x7e\x53\x44\x35\x5f\xf5\xcc\xfa\x67\x67\x0c\x99\x59\xbe\x2f\x53\x3f\x05\x50\xa8\x2c\xe3\xab\x9e\x5d\xc5\xd4\x56\xf8\xcb\x73\x39\xcf\xc7\x3c\x7a\xfc\x38\x92\x1c\xb9\xc7\xee\x3e\xaf\x6c\xb3\x4a\xc6\x70\x9b\xf1\xdf\xa9\x2d\x9b\xd3\x53\x65\xec\x4d\x58\xea\xf2\xcb\xad\xcc\xb8\x3f\xa1\xf6\x5c\x3b\xb5\xc2\x9c\x9a\x96\xad\x4b\x62\x41\x50\xdc\xfc\x36\x2f\xac\x94\xa5\x98\x7a\x87\x2c\x7c\xeb\x14\x62\x3f\x5d\x09\x23\xb2\xf0\x6e\xdc\x5b\x55\xf0\x12\x2a\xc4\x59\x6c\xa6\xd4\x4a\x08\xcb\x2e\x16\x07\xaf\x54\x5a\xc7\xfd\xba\x32\x70\xc6\xda\x07\xa9\xd1\x7c\x42\x79\x02\x46\x24\xab\x33\x62\x58\x65\x4d\x97\x43\x68\x99\xc6\x0e\xb8\xd2\x81\xf8\x43\x1a\xdf\x39\x12\x33\x5d\x9a\x58\x2c\x8d\xdd\x35\x10\x9a\x9e\xe4\xb4\x3d\xdc\x33\x3b\x69\x5c\xc0\x5e\x79\x6b\x37\x19\x0a\x6a\x4d\x3a\x4d\x39\x89\xee\x5c\x7d\x1a\xe4\x3f\x39\x39\xf9\xaf\xda\xf5\xf1\xcf\xb2\x24\x6e\xba\x8d\xa3\x05\xfd\xbe\x71\xd2\x3f\x55\xff\x0c\x28\xa1\x9d\x75\x7a\xe3\x7d\x92\x5a\xbf\xb6\x62\xe5\x5a\x6f\x1e\x18\x9d\xbd\x57\x93\x28\x7e\x7a\x8e\x6c\xae\x8b\xa8\x7b\x83\x5c\x0e\x43\x6b\x4e\x19\xc1\x49\x97\xf6\xc5\xa2\x27\x13\x79\xa3\x1a\x6a\x19\x44\xa1\x80\x43\x9b\x6d\x5e\x4b\xd3\xd2\x6a\xf0\x24\xf9\x54\x79\x43\x90\xae\x1d\x2d\xf6\xef\xff\xb6\x06\xf3\x66\x2f\x07\xad\x3b\x70\xfd\xc1\x1d\x98\x88\x56\x03\x12\x06\x31\x61\xd6\x87\xaa\x27\xd0\x88\x70\x7a\xd2\x3f\x11\x53\x52\x18\xe3\xdf\x60\x98\x23\xa0\xcd\xd3\x16\x28\xf8\xba\xa8\x65\x83\xaa\xdc\x08\x55\x81\x41\x6b\x69\xc6\x1f\xc8\xb0\xfa\xa7\x4d\x0d\x5b\xc8\xe2\x97\xd8\x69\xec\x7b\x2a\xbe\x58\x0a\xc3\x47\x17\x58\xb9\x3f\xd1\xa0\x2f\xef\x00\x41\x73\x2f\x9e\x01\xcb\x80\x4a\xed\x76\x37\x4a\xcf\xf8\xac\x7b\x23\xdc\xc7\xc4\x77\xc6\xef\x4f\xfa\xb5\x3b\x2b\xa1\xfb\x13\x38\x41\x4c\xfa\x53\x44\xca\x97\xf5\x48\x20\x86\x5d\xd0\xc8\x39\x7e\x3e\x46\xf6\x12\xe4\xaa\xa4\x5d\x08\xd6\xdf\x8f\x2d\xf6\x02\x7d\x7c\x25\xe9\x0e\xa8\xf5\x98\x60\x98\xa9\xb2\x09\xe3\x48\xbe\xda\x2e\x89\x23\x27\x01\x30\xd6\x69\x3c\xc7\xcf\x2e\x06\xb3\x64\x69\xa9\x2c\xba\x72\x9d\x76\xe4\xbc\x98\xb8\x6d\xc8\x1a\xfa\xa1\xbc\x34\x32\xe7\xc9\x04\xfa\x40\xec\x5c\x5a\x1f\xd7\xa0\x55\x06\xc2\xa5\x00\x2a\xca\xd5\xc9\xc9\x64\x78\x35\xf2\x9e\x80\x13\x70\xc6\x3c\xea\x3c\xc4\x46\x33\xff\xc1\xdb\xf6\xae\xb8\x79\xe6\xec\x0e\x0f\x17\x61\x19\x85\x8e\x07\x95\x22\xfd\xb8\xc1\x3c\xa3\xb3\xba\xc4\xf7\x52\x1e\x5d\xc5\x9c\xff\xa6\x87\xef\xe4\xc4\xfd\xd6\xdf\x5b\x09\xf0\xaa\x59\x06\x2c\xbd\x79\x8d\x84\xfd\xf7\xaa\xe6\xd1\x51\x02\x67\xa3\xbe\x34\x18\x16\xad\x44\x87\x41\x78\xf1\x43\x6c\xc3\xaa\x41\x02\xa8\xb1\xa8\xa1\xd3\xf6\x48\xef\x02\x5b\xc5\x34\x76\x83\xb1\x67\x0b\x09\xb3\xa1\xa1\x89\xc4\x2e\xfd\xf1\xec\x5d\xc7\x73\xd1\x0d\x1c\x74\x9b\x8e\x3c\x97\x66\x9e\x25\x3a\x30\x9c\x6a\x01\x44\x1c\xe9\x94\xe1\xf5\xbd\x65\x9f\xde\xef\x05\x28\x8b\x43\xb5\x32\xb7\x2b\x64\xe3\x72\xc5\x74\xd6\xd1\xec\x7d\xa9\x5b\x0e\x17\x49\xef\xd2\x0f\xe8\xd0\xfb\xf0\x7e\x6a\x3f\xa7\xb9\xaa\x8d\x5f\x4a\x5d\x82\xd1\xb6\x8b\x7d\x4c\x6c\x40\xae\x17\x7b\x76\x68\xb1\xdf\x67\xbd\xe2\x76\x8d\x1d\xa3\x1b\x36\xee\x51\x43\xaf\x55\xe1\x6f\x1a\x2b\x90\x6c\x38\x43\xbb\xa9\xf0\xdb\xeb\xeb\xaa\x9c\x21\x9b\x45\x5b\xcd\x1d\x2a\xe3\x13\x46\x30\x99\xfe\xb5\xc9\x08\xe8\x58\x03\x46\x0d\xd6\x9f\xa2\xc3\x30\x9d\x60\xd8\x60\xa9\x9f\xf0\x1f\x92\x86\x3a\x9d\xfa\x70\x4f\x2c\x17\x22\xa6\x32\xfd\x3a\xfc\x7f\x74\x9b\x63\xbd\x9a\x75\xc7\x66\x9e\xe6\xba\xe2\x0f\xea\xfd\x54\x19\xcf\x69\x76\xd1\x0a\xf7\x94\x12\x6f\x6a\xaf\x9f\x9d\xd8\xf9\x0f\xd3\xb4\x2d\x37\x5b\x33\x6f\xf0\x59\xf6\xaf\x83\x79\x54\x99\x5b\xb1\x66\x4c\x0f\x5b\x4d\x0c\xd6\x58\x1e\xb2\x3a\xec\xfa\x21\x07\x00\x27\x81\x3f\x39\x99\xf9\xa9\x9b\x69\xdc\x05\x0a\x94\x38\x4d\x96\xaa\xc5\xa5\x9f\xc1\x31\xb4\x6f\x05\xdd\x90\xf0\xd2\x74\x16\x04\x35\x70\x78\x18\x56\xad\x05\x97\x65\x4f\xa2\x96\x8a\x98\xda\x97\x82\x2d\x7d\xde\x9f\x32\x1c\x66\x37\x1e\xa7\x70\xab\x0f\xc4\x56\x44\xfe\x2a\xab\x84\x44\xee\x18\xde\xc0\xd5\x08\x96\x1c\x4f\xe0\x19\x2c\x3a\x95\x84\xa7\xe9\x48\xac\x19\x8e\x7f\x1d\xa0\xad\x1f\xe9\x8c\x46\x33\x9b\xd1\x88\x58\x2f\xae\xd0\x02\xc5\xf4\x4b\xcb\xe1\x69\x98\xb5\x7b\xcc\x7a\x32\x73\xa3\x5d\xee\xed\xc4\x4d\x9f\xe6\xed\xc5\xf9\x63\xf6\x0d\xe3\x4d\x3c\x85\xa3\xe5\x84\x15\x8a\xab\x4d\x12\x65\xf3\xed\xdf\xab\xf7\x47\xb9\xe8\x3f\x8e\x0a\xc4\xba\xce\x31\x68\x47\xc5\x76\x3d\xc7\xa3\x60\x67\x1d\xf1\x92\xfa\x9e\x64\x0f\xe8\x91\xb7\x19\x0a\x30\x12\x4a\x55\xea\x02\xcc\xd5\xe0\xb6\xcc\xed\xd1\x76\x76\x5d\xbd\xda\x66\xd7\xab\xa3\xb7\x74\xb6\x01\xdc\xaf\x98\x46\x86\x15\x42\x4a\x14\x22\x6a\xa2\xf3\x86\x7c\x5a\xbd\xd7\xbf\x75\xf3\x8a\x29\x16\x12\xfd\xf3\x9c\xa6\xf6\x88\x1e\xe3\x3f\xfc\xae\x55\x51\x0b\xc6\xf6\x14\x7a\x06\x3a\x82\x3f\xcc\xfb\x82\x7f\x19\xac\xbb\x9e\xa9\x7c\xe0\x7e\xd2\x58\xe9\xaf\x20\xa3\xc9\x5e\xb1\xc2\x27\x6c\x97\xac\xcd\x23\xf9\x43\xc3\x36\x9f\xd1\xb0\xfc\xac\xff\xfe\x72\xb4\x1c\x8f\x49\x4c\xfd\x59\xff\xfd\xe5\x88\x36\x5c\xf5\x33\xff\xfb\xcb\xd1\xa6\x58\x57\xd5\xe2\x67\xfd\xf7\x97\xa3\xed\x52\x6b\x69\x3e\xdc\x25\xdf\x16\x99\xeb\xfd\xd1\xaf\xf5\x93\x3f\x65\x40\xa3\xa0\x1b\xe3\x96\x31\x2c\xa7\xd9\x6f\x0d\x46\x84\x2d\x28\xcd\x2c\xd1\x45\x2f\x5f\x96\xef\x95\xae\xd3\x55\xd6\xed\x70\xb4\x30\x75\x60\x39\x9f\x43\x9d\xca\xf8\x57\x55\x70\xe3\x3c\x3e\x95\x52\xf2\x8e\x57\xca\xbf\xc1\xf9\x9c\x78\x58\x6c\xed\xbf\x04\xb5\xbf\x5e\xae\x82\xca\xf9\xba\x56\xb7\x2b\xe3\x5d\x9f\x73\xfa\x16\x9e\xea\xdd\xce\xee\xdc\x31\xf1\x6e\x66\x01\x5c\x9c\x20\xb9\xdc\x13\xfa\xf7\xd3\xe4\x33\xfa\xf7\x49\x72\x2e\xd3\x4d\x0b\xb2\xee\x77\x94\x79\xbc\xb7\x85\xc4\xf4\x43\x65\x34\x45\x01\x74\x9d\x51\xba\x9b\x75\x0d\x5f\x9d\x89\x71\xfe\xf1\x6e\xa6\x93\xf4\x27\xa3\x20\x11\x1b\xaa\xb7\xce\xfe\x3b\x7c\xe2\xf6\x05\x9c\x7d\x53\xf6\x01\x5d\x6d\x4c\x64\x21\xfd\x34\xde\x22\xfa\x49\x9c\xb8\x47\xf0\xaa\xf6\x64\x85\x31\x8e\xd7\x9a\xeb\x47\xce\xda\xfb\x12\xb8\x09\x19\x3c\x93\xc6\xf4\x8f\xb5\x00\x3a\x86\xdd\xfc\x4c\x89\xeb\xf9\x54\x40\x95\x65\x3d\x79\x74\xdb\x96\xb1\x0f\x7d\x44\xa6\x89\x0e\xb3\x1a\x4c\x6c\xd4\xa3\x1a\xc7\x49\xb6\x57\xfa\x28\x4c\xee\xe1\x6e\x88\x3c\x00\xc2\xa0\x73\x66\x27\x41\x36\xbf\x6f\x88\x89\x81\xd1\x84\xa8\xfa\x6f\x80\x7c\x96\x61\xc6\x1b\x3a\xe4\x7c\x2c\xb0\xe6\x9c\xa4\xdc\x19\x19\x3d\x1d\x44\x64\x34\xbe\x7b\x05\xe5\xec\x87\x3e\x94\xfa\x1f\xc2\x0b\xfa\x3b\xf8\xf9\xe1\xcf\x2c\x6f\xb7\x11\x6c\x40\x74\x10\x3d\xf0\xa1\xc8\xd8\x0e\x60\x82\xe0\xda\x05\x5f\x4b\xbc\x62\xf0\x32\x58\x56\x03\xad\xa3\x19\x3c\xad\xf4\x37\x91\xf6\x28\x55\x6b\x8f\x61\x8d\xdb\x63\xfb\x6c\x75\x66\xea\x54\x94\x45\x90\xcf\xf3\x8a\xce\xc9\x4a\x12\xb8\x13\x05\xf4\xd8\x82\xd0\xa9\xdc\x05\xde\x0b\x7b\x00\xed\x1b\x18\x9b\xd9\x22\x9b\xeb\xb4\xf0\x9d\xda\x9d\x9e\x7c\x9d\x55\xf4\xf6\xbd\x18\xd9\x34\x36\xb3\xeb\xdb\x79\x10\xa9\xa1\x35\x63\x2e\xfe\x4f\x6b\x32\xbd\xd5\x0d\xb3\x27\xeb\x00\x32\x35\xdb\xbc\xd2\x35\x30\xe2\x73\xf0\x55\xda\x46\x7b\x3a\x65\x07\x35\xfe\x9c\x0e\x68\x9d\x7e\x31\x69\xe8\x85\xb5\x3a\x01\xfe\xf4\xad\x52\x08\x87\xb4\xd7\x18\xae\xbd\x38\xc8\x5a\x85\x4b\xc3\x7f\xb4\xd5\x59\x18\xa3\xd6\xe6\x43\x8c\xce\xd3\x64\xa2\xce\x66\x6d\xc1\x0a\x0d\x40\x2b\xa4\xf0\xa0\xc3\x51\x01\x5b\x87\xc4\x10\x0c\x88\xc1\x61\x60\x59\x4b\x93\x32\xbe\xd1\xec\x6a\x6a\x21\x9b\xec\x2d\x8f\xc0\x36\x1f\x4a\x77\xdc\x24\x83\x3d\x1d\xfc\x2b\x79\xa4\x49\x94\x7c\x11\xa0\x19\x81\x5f\x22\x4c\xf5\xf2\xdc\xb0\x0f\xa9\x74\xc0\x5c\x42\x97\xb5\x20\xc1\x4c\x18\x61\xb1\x15\x3b\x1a\x0d\xdd\x6a\x1c\xa8\x48\xc4\x8b\x48\x5f\xf9\x5e\xa6\xcd\x1e\x26\x8f\x54\x9b\x9c\xc1\xb7\x1f\x90\x16\xe8\x79\xb8\x00\x9a\x81\x40\xcd\x81\xef\x1f\x1a\xe5\x7f\x49\x18\x47\x58\x63\xf3\x0e\xfc\x06\x6a\x4c\xfd\x1f\xf9\x6c\xb3\x17\xe6\xc3\xb5\x4a\x5b\x6e\x99\x4f\xb7\x0d\xc9\x1f\x69\xc3\x03\x43\xea\x37\xa6\xad\xd8\x43\xcf\x74\x80\x5e\x4b\xab\xf7\x26\x08\xe8\x9e\x0f\x5c\x8c\xf7\x3a\x89\xf8\x37\x6d\xba\x75\x24\xfc\xde\xbc\xca\xde\x56\xe6\x36\xd1\x55\xa5\x0d\x7e\xba\xb8\xbe\x92\x17\xf4\x85\x7e\xc5\x3c\x62\x4a\x5f\x8f\x67\xae\xc9\xd9\xa3\xf4\x3e\x38\x24\x72\x65\x34\x35\xf4\x53\x78\xf7\x46\xe0\x0e\x0c\xfe\xbc\x47\x84\x62\x7a\xcc\x37\x23\xe7\x5a\xd1\x53\x9f\xe0\x9c\x67\xb7\x12\x07\x78\xdf\x72\x6d\x90\x9c\x33\xad\x29\xb2\x32\xa8\x6f\xbc\x6b\x8f\x1f\x53\xfa\x1d\x38\xff\xb0\xd7\x77\xdd\x8e\x8a\xdd\x29\x43\x2c\x67\xb7\x3d\x62\xe5\x84\xf5\x8f\xc2\x36\x0f\x12\xbf\xc7\x76\xc8\x34\x35\x07\xf6\x96\x39\x9f\x42\xbd\x08\xfb\x49\xf5\xeb\x43\x9c\xd3\x10\xb3\xc9\xa8\xbe\x26\xb5\xb3\x70\x8d\x17\xd6\x03\x6b\x3d\x69\x4a\x76\x8c\x06\xd6\x70\xc3\x8e\x04\x27\x1b\xc4\x0d\xf8\x65\x15\x70\x9b\xcf\xe3\x2e\xe8\xb4\x51\xc7\xff\xfb\x1f\x3e\xbd\xe8\x57\x83\xa0\xfa\x0a\x10\x75\xad\xc7\x83\x6b\x8d\x56\xb2\xa3\x82\x78\xdf\xf0\xdb\x09\xb2\x76\x34\x6c\x4d\x61\xec\x85\xc3\x6a\x6a\xb8\x84\xe4\x2c\x51\x14\xbb\x1d\xe2\x22\xb4\x57\x88\x43\xeb\xcf\xc4\xc9\x99\x3e\x31\xe1\x4f\x64\x70\x09\xa9\x42\x44\x22\x78\xa7\x8b\xce\x57\xa4\x15\x78\x69\x93\x30\x0e\xa8\x31\x5b\x63\xa2\x1f\xc0\xb8\xd2\xf0\xfd\x46\x69\x58\x9a\x4d\x59\x7d\xe9\x35\x08\xbc\x32\xeb\x9c\xca\xf4\x91\x75\x89\x3f\x2e\x03\x70\x2a\x2f\x68\xa2\x62\xe3\x75\x49\x2f\xb5\xf1\x47\x1d\x89\x15\x82\x27\x7e\xfb\xae\x40\x8e\x0a\xb6\x0f\x8e\x8d\xdd\x70\x5c\x33\x71\x9b\xf0\x88\x86\x9b\x90\x2c\x59\xb8\xc2\x68\x25\x58\x49\x83\x26\xbe\x81\xcb\x45\x1b\x0b\xe4\x7b\x0b\x79\x13\x89\x65\x47\x8d\x3c\x14\x4f\x80\xd9\x3d\x70\xac\x58\xaa\x61\x33\x32\xfb\xa4\x04\xd0\x27\x35\xe5\x9f\x8c\x46\xe9\xd9\x09\x4a\x4b\x41\xba\x51\x2f\xea\x7a\x8f\x12\xf7\xc8\x83\x5a\xa3\x9f\x46\xbb\xa5\x44\x91\xd3\xbe\xf6\x18\xb2\xda\x5f\x55\xf4\xdd\x0a\xee\x92\x24\x44\xb5\x81\x5c\x71\xaa\x78\x68\x7a\x5b\x10\x71\x73\x49\x50\xe1\xad\x11\x0e\x25\x64\x8d\x59\x91\x3e\xfa\xc0\x04\x05\xee\x94\x76\x86\x1a\x5c\x7c\x03\x5e\xe6\x50\x7d\x86\xef\xc4\x2c\xb1\xd6\xc8\xab\x4e\x47\xab\x1d\x0c\xb6\xf0\x41\x05\x1b\x8c\xac\xac\x07\x22\x07\x86\xf5\xd7\x5e\x54\x59\x96\x9e\x3d\xed\x0c\x8e\xe1\x4d\xb3\xcb\xe1\xbc\x32\xdf\x55\xd7\x39\xb1\x70\xd3\xf5\x6e\x76\x3d\xd9\xb1\x0c\xb1\x9b\xcf\x16\x57\x3b\xa8\x77\x76\x24\xbc\x65\xd7\x71\x07\x08\x70\xc9\xa8\x2b\x80\x70\xf1\x9b\xb3\x67\x67\x93\x99\xca\xb9\x32\xfd\xe4\x4c\x15\xb8\xdc\x9d\xfc\x69\xf0\xe6\xae\xdb\x3f\x53\xa5\x7c\x2a\x21\xb9\x7d\xb6\xda\xee\x36\xdb\xf7\xf3\x8a\x2b\x8e\xcf\x66\xaa\xa2\x87\xda\xef\x07\x88\x73\x83\x64\xf8\x6b\x3a\xda\xa5\xf4\xdb\xb8\x03\xf5\x50\x6c\x4c\xc5\x7e\x7d\xb4\x7b\x73\x46\x25\x2e\xb3\xb7\xd9\xae\x2a\xae\xb3\x58\x6a\xa4\xc7\x13\x3c\x86\xd3\x3c\x15\xe8\x3d\xa6\x26\x4c\x71\x83\x2a\x79\x7a\x0c\x97\x9a\xe1\xf3\x2f\x3f\x7f\xfd\xf9\x9b\xe1\x8e\xa4\xdb\x1d\x6e\x8c\xde\x8c\xf0\xfb\x19\x95\x78\x74\x36\x51\xb3\x2c\xbd\x97\xdc\x50\xc9\xf0\x42\x45\x4f\x65\x5d\x1e\xd1\x31\xb3\x9d\xad\xe6\x55\xfa\x89\xf9\xf5\x09\xb0\x61\x9f\x9e\xc9\xf3\x67\x11\xc0\x08\x2b\x92\x84\xf8\x25\x46\xc1\x95\xe7\xfa\xe7\x48\xd1\xa8\x26\xc3\x27\xf6\xe1\x53\xba\x9e\x10\x3b\xb0\x92\x62\xf6\xca\x7b\x63\xbb\x0e\x5e\xd8\x42\xef\xa2\x2b\xe5\x9f\x7e\x51\xfa\xf0\xa7\xf5\xa2\x4f\xb7\x6b\x5d\x7c\xfd\xac\xe5\x1d\x2b\xf7\x0d\xcf\x91\x14\x30\x8a\x46\xfb\xfe\x8c\x24\xb1\xd5\x96\x5b\x92\xca\x6f\x1a\x08\x1a\x93\x1e\xbf\x8d\x5b\xdb\xf1\x72\xb9\xc5\x0f\xd3\x62\xfe\x9d\x71\x41\x7e\x8e\x51\xe0\x37\xa6\x7c\x59\x3a\xd7\xa5\xcb\x2c\xd4\xc1\x79\xb2\xa5\x8a\xb8\x59\x51\x1c\x48\xb0\x4d\x10\xa2\xdc\x07\xa6\x89\xb6\xeb\x28\x96\xb4\xe7\x5a\x3d\xb5\xf9\xe2\xfd\xeb\x6c\xc2\xef\x46\xdc\xe2\x08\x90\xd0\xec\x03\xe2\xf9\xa4\xd5\xbc\xf3\xea\x6e\x72\xfa\x45\x28\x20\x6c\xd3\xaf\xc2\x5c\x1f\xcc\xe7\x74\x44\x9b\x76\x28\x67\x54\x37\x3a\x8b\xba\x5a\x6a\xf2\x6a\x9a\x67\x2e\xd4\x1a\x99\x62\x18\xac\x50\x14\xcf\xd6\xba\x35\x30\x9c\xd4\xf0\x62\x94\x18\xb9\xaf\xf1\x05\xbf\xd6\xeb\xac\x8e\xbb\x76\xae\x4a\x97\x73\xa4\xd4\x4a\x6c\xf1\xe8\x87\x36\x47\x45\xe2\x72\xf2\xd5\xdb\x6c\x1e\x29\xe0\x22\x8a\x55\x28\xaf\x3f\x8b\x3d\xd4\xfc\x45\xd6\xa2\xc7\x17\x47\x94\x7e\x23\x25\x0b\xab\xc8\x42\x87\x14\x3a\x47\x9d\x33\x32\x9c\x31\xa4\x3d\xc0\x33\x00\x7c\x8c\x73\x4e\x31\x11\x47\xc6\x47\x60\xe2\x7c\xbe\xfa\x96\xf0\x5f\x6a\x50\x34\xf4\xf4\x12\x09\x0a\x6a\x9d\xf5\x0f\x50\xa0\xa3\xa3\x0c\x10\x10\xf7\x2f\xc3\x46\x4d\xd3\x97\x5e\xa3\x66\xa9\x0f\x7d\x33\x8d\xd5\x4b\xdd\xc6\x19\xf8\x26\x3b\x14\xcb\x20\x81\x40\xfb\x1a\x3c\xb4\x34\x25\xfd\x08\xad\xaf\x1e\x63\x99\x19\xcc\xb5\xcf\xe7\xf3\x41\xf3\x96\x2d\x3d\x6c\x09\x9b\xe3\xf8\xb7\x60\x1f\xe5\x88\xf6\xd1\x38\x4a\x19\xc7\x86\x7a\x79\x5f\x56\xb5\xac\x07\x07\x92\xb2\xb9\x1c\x6a\xc4\x84\xbd\x36\x79\xde\x78\x89\xb2\x3e\x5c\x7c\x2c\x6d\x32\xbd\xa4\xe3\xbd\xa0\x33\xa5\xe1\x28\xe1\x6b\xb1\xf6\xfa\x3e\x97\x69\x88\xee\x1c\x7b\xe1\x45\xec\xb2\x79\x88\x4d\xd1\x66\xcd\x2c\x74\xec\xe4\xf9\x7a\xc0\xef\x96\x43\x3d\x3b\x75\x07\xd1\xdd\x2e\x04\x4c\xd3\x78\x67\x7e\x3c\xac\x03\x56\x46\x50\x29\x2f\xb5\x49\x4a\xb3\x3e\x85\x1b\x35\x66\x3f\xd6\x48\x7f\xe3\x7a\xf2\x1d\x1a\x65\xc4\x48\xaa\x09\xc2\x68\x18\xc6\x98\x71\xf9\xb8\x8a\x31\x94\xcd\xf2\xf6\x04\xc9\x4a\xa4\xc2\x03\x15\x2d\x82\x8a\x98\x53\xe5\x1d\x38\x75\x09\x75\xb8\x45\x2a\x92\xc3\x0f\xfe\x4d\x5e\x7a\x04\xa2\x09\x13\x85\xa4\xc6\xbc\x56\x6d\x99\x58\x01\xa0\xe2\x96\x08\xa1\xf1\x2a\x6e\xe1\x24\x0d\x1d\x09\xf3\x8b\xe5\x87\xdd\x92\xe7\xec\xa1\x47\xfd\x58\x3a\xaa\xb3\x7c\x76\xdd\xbf\x16\x38\xa7\x0a\x69\x28\x46\x30\xd7\x73\x12\xe8\xb8\x35\x98\xbb\x42\x18\xaa\xac\xdd\xb9\xaa\xbc\xe4\x3c\xd5\x28\xa9\x62\xcb\xaa\x17\x99\x51\x83\x53\x3b\x31\x9e\x57\x01\x75\xcf\x0f\x38\x44\x4f\xd2\x4e\xae\xe9\x6d\x25\xbe\x6e\x38\xf2\xe2\x66\x3a\x7d\x9c\x5b\x24\x99\xec\x76\x74\x7c\x99\x33\x92\xb8\x7b\xe7\x87\x0c\x97\x37\x2f\x23\x77\x46\x83\xfb\xf4\xd1\x05\x1d\xad\x8f\x9e\x3c\x8b\xe2\x2e\x3c\xd4\x88\x9c\x21\xdd\x94\xe7\x41\x37\xc6\xfc\x1a\x27\xe4\xbe\xeb\xe7\xd8\x87\x3a\xa3\xa5\x75\xe5\x9f\x70\x63\x3f\x1d\x6b\x1a\x45\xe2\x81\x35\xd7\x98\x3f\xba\xa3\xc0\x01\xe7\xed\x40\x03\xd2\xbf\xaa\xbd\xa1\x5c\x7a\x8e\x2a\x9d\xdb\x54\x20\x1c\x9a\x73\x7a\xc1\x63\x6f\x40\x97\x38\xeb\x04\xbb\x09\xfa\x30\xcb\xb5\x1d\x55\xe9\xe5\x1f\x8e\x79\x15\x7b\x6b\x70\xc6\x4b\x6f\x0c\xe7\x0a\x24\x29\x72\x9f\x1f\x0f\x2f\xf1\xf9\xb1\x99\x3f\x93\xdd\x31\x8a\x2d\xf4\x67\xe5\x2c\xcf\x12\x13\xb1\x68\xc4\x36\xf9\x59\x81\xc4\xe8\x55\x13\xee\x69\xa6\xcf\xfb\x56\xed\x0c\x0b\x17\x32\x0e\x33\xb0\x98\x20\x94\x7b\x8e\x1e\x4c\x9f\xaa\xb4\x18\xbe\xb0\x5a\x42\x8e\xe5\xc9\xe9\x68\x32\x41\xd0\x3a\xc1\x42\x6e\x8e\x27\x17\x0b\x6d\xef\xd0\x06\x1d\xd4\xc4\x01\xce\xf1\x13\x7a\xd6\xa1\xbd\xb9\xf1\xac\xeb\xbb\x0f\xd8\xf0\x56\x77\x6b\xaf\xef\xbc\x34\x81\xe1\xc3\x97\x7e\xa8\x6b\x5d\x7c\x6f\xa4\xc4\xd4\x83\x58\x8f\xaf\x73\x4f\x9c\x6e\x76\x20\x98\xf2\x5c\x52\xab\x5f\x25\x59\x68\xdc\x90\x50\xf8\x84\xe7\x12\x8e\x4e\x5e\xb4\xdc\xfb\x4b\xfd\x56\x6c\xb0\x76\xfd\xc5\x99\xb9\x28\xb7\xac\x11\xf1\x03\x34\x4d\x5e\x60\x07\xec\x2d\xbd\x72\x79\xfd\x32\x5b\xcc\x56\xad\xc8\x65\x3c\x61\xff\x76\x63\x35\x77\x46\xec\xaa\x76\x6d\xe8\x87\x31\x0d\x19\xe2\x4f\x18\x9a\xf1\xff\xa1\x06\xd2\x66\xad\xd6\xdb\x2f\xd8\x28\x03\x3a\x1e\x40\x31\xa2\xb9\x62\xaf\xf9\x37\x5b\x2b\x86\x43\x0f\x08\xba\x76\xa3\xfe\x79\x2b\xb7\x66\xe3\xed\x41\x9b\xd9\xff\xc4\x47\x03\x98\xe1\xfd\xa1\x10\x7d\x1f\xad\x37\x1b\x2c\x9c\xd9\xd1\x6d\x02\x60\x14\xf6\x75\x92\xa5\x82\x9d\x3b\x62\x4e\x8c\x95\x0b\xef\x50\x04\xac\x82\xa5\x54\x9d\x65\xc6\xe1\x8b\x45\x88\x9a\xcd\x5c\x9a\xa5\xa9\x45\x8d\xa6\x82\x08\x5d\xcb\xab\xfe\x31\xed\xd7\xa1\xe9\x88\x89\xa9\x09\x15\x1c\x4d\x50\x3c\x0b\x6e\xcc\x4e\x53\xba\x17\xa2\x6e\x87\xdf\x24\x83\x16\xd5\x31\x98\x3b\xb5\x6e\x64\xe2\x0e\x9f\xd5\x0e\x94\xda\xa7\x9b\x2c\x9b\x17\x34\x65\xb0\x6e\x8f\x2f\x92\x4c\xa3\xa6\x20\x58\x2f\x4b\x44\xb1\xc1\x18\x06\xcd\xa5\xb1\x10\x0e\x2f\x0c\x86\x9d\x6e\xaf\x5b\x61\x57\x5b\x28\x9c\x6c\x0e\xad\x0d\x61\x6f\x50\x91\x11\xbc\xa0\xb7\x30\x32\xbb\x91\xb4\xdb\x7a\x19\xda\x33\xbf\x1d\xad\x1e\xc9\x0a\xbd\xd4\x38\xc7\xc4\x37\x58\x1e\x23\x7b\x88\xc7\x18\xc1\x7f\x2f\x3b\xc4\x41\x30\x1a\x09\x7b\x33\x19\x51\x46\x77\xa7\x90\xee\x5c\xd4\x92\x28\xd5\x67\x2e\x97\x99\xf3\x43\xa7\x40\x22\xd2\x73\x2f\xee\x7f\x9f\xeb\xed\x64\x68\xbd\x10\x38\x0e\xd7\x3f\x4c\x92\x75\x83\x43\xf4\xc2\x06\xa0\x9d\xa7\x84\xfa\xe0\x36\xcf\x31\x12\xb5\x7d\xad\x6a\xfd\xe1\x4d\xa9\x11\xcc\x74\x0b\x34\xab\x67\xe8\x0c\x9e\x75\x0c\xdf\xc9\xde\x78\x66\x2a\xbd\xc8\x50\x7d\x30\x73\xc4\x26\x92\x0b\x1d\x0c\xb4\xb4\xfe\xe8\x1c\x62\x6d\x5a\x5f\x5b\xe4\x59\x5a\x69\x85\x2f\xf0\x6a\x45\x91\x86\x03\xde\xf2\xcb\x88\x4f\x09\x02\x2d\xaf\xc5\x3e\xb3\x4c\xe7\xa7\x17\x6a\xc5\xd9\x0d\xd4\x4d\x88\xe0\xb7\x62\x79\xe1\x66\xb7\x9b\x03\x60\xb6\xb1\xe0\x56\xb4\xc6\xfc\x68\xba\x93\x93\x4a\x2f\xbf\x55\x1c\x1f\x56\x2d\x5a\x50\xd2\xeb\x5e\x75\x03\x48\xd2\x1b\x8c\x16\xbc\x37\x57\x9e\x07\x5f\x01\xcd\x2b\xed\x32\xb8\xff\xd1\x4f\x37\x69\xbc\x03\xd1\xae\x39\xab\x43\x17\xbd\x40\x78\xd0\x44\x13\xd0\xdb\x21\x55\x3b\xd6\xb8\xfd\xec\x46\xe4\xf1\xb4\x02\x40\xee\x98\x5e\x17\xb7\x50\xc0\xe7\xdb\xb8\x5b\x8f\x35\x94\x6f\x48\x15\xd5\x15\x4b\x4e\x56\x54\x9a\x3f\xbb\xec\x13\x53\x19\x4f\x01\x7c\x4a\x64\x79\xc9\xf2\xbc\xa1\x20\x48\xd5\xc8\xe6\x8f\x09\xe8\xaf\x70\xdc\x63\x15\x8a\x4c\xbc\x51\xec\x28\x20\x7a\x61\xaa\x2e\x63\x49\x58\x2b\x6e\xdf\xe3\xe1\xd8\xa5\x9e\xa8\x75\x52\xda\x38\x56\xf3\x0c\x1a\x8c\xf3\xfe\xc4\xb6\x07\x39\x32\x95\x61\x75\xa7\x3e\xab\x7b\x6c\x75\x20\xd3\x50\xd3\x12\x1c\x12\x33\x12\xf3\xd0\x99\xde\x66\x0d\x4d\xee\x6f\x15\x15\xf9\x71\x3d\x47\x19\xf3\x5b\x1e\x82\xcb\x74\xb5\xe0\x53\x8e\x5e\x5b\x0a\x33\xcd\x90\xd2\xa9\x86\x0b\x2b\x61\xff\x6c\x90\x93\xdd\xff\x7a\x99\x44\xf2\x2b\x32\xdc\x0d\x6e\xe9\x9f\x91\xf2\xcf\xdb\x24\x12\x86\xc2\xdc\xfd\x9c\x0f\xfa\x88\xcf\xfb\xc8\x10\x0a\x60\x65\x47\x1e\xd1\x68\x31\x7d\xd6\xa0\x9c\xb3\xf0\x70\xe6\x54\x06\x0b\x11\x97\x2b\x3b\x0b\xc8\x51\x4b\x43\x9d\x0a\x8c\x56\x91\x4e\x39\xe9\xa8\xdb\xe9\x32\xfb\x98\xf8\x45\xa7\x42\xaa\x5a\x3a\xf4\x10\x89\x3a\x76\xee\xff\x02\xde\x1e\x1c\x66\x1e\x40\x73\x69\x23\x8c\x6f\x32\xb5\xce\x02\x6c\xe6\x4d\xd6\x09\xd0\x98\x68\x7f\xd5\x24\xce\x3c\x36\xe4\xf4\xf5\xb2\x23\xee\x72\x31\x1b\x61\xe9\x9b\xda\xb8\xf2\x7c\x79\xbd\xba\xdd\x56\xe5\x2b\x28\xc0\x19\x92\xe3\xe0\x53\xce\xb6\x1d\xc7\x83\xb2\xa7\x83\x8d\x13\x89\x3e\xc6\x6d\x2f\x00\xb9\xef\x40\x49\x99\xba\x21\xdc\xbb\x9e\xab\x58\x4e\x46\x40\x31\xaf\x33\x1a\x75\x6b\x29\xe0\xc4\xd8\x92\x46\x3a\xd6\x41\xce\x82\x4a\x81\x27\x37\x59\x4a\xff\x11\x97\xd3\x89\x9e\xce\xc6\xeb\xec\xba\x3a\xe2\x7f\xf3\xe5\xba\xac\xd6\xe9\x27\xe7\x9f\x1c\x71\x8a\x33\xfe\x25\x39\xcf\xf0\xf3\x8c\x0e\x32\x6f\x18\xf2\xba\x27\x21\x1c\xce\x6e\x38\x77\x6b\x0d\x08\x9c\xb6\xe3\xdd\x7a\xb6\x85\x24\xce\x41\xbc\x1a\x33\xc7\x34\xef\x26\xb3\x1d\x8c\x15\x77\x03\x18\xde\xc5\x9e\xf3\x5b\x41\xd3\x7f\x4d\xa7\xcc\x6c\x71\xa6\xde\x8a\x87\x9b\x89\x51\xf9\xb5\x13\x75\xff\xd9\x8d\xe2\xce\xe0\x78\xf5\x2e\x1e\x66\xa7\xbf\xff\xc7\xa8\xfb\x88\xce\xe7\x19\x51\x95\xbb\xac\x2d\x5e\xb4\x96\xa5\xc5\x8f\xc6\xe8\x2d\x57\xb0\xaf\xd6\x13\xb9\x04\x45\x68\x3e\xc3\x89\xcc\x95\xe0\xc6\x65\x07\x1f\x79\xcb\xec\x5d\x76\x48\xff\xc5\x46\x13\x3b\x77\x50\xb9\xdd\xb1\x42\x09\x88\x1b\x93\x94\x57\xb6\x01\x69\x63\x0d\x5b\x07\xc9\x11\x0b\x8e\x97\x41\x91\x08\x73\x3b\x61\xae\xf5\xb0\xda\x8c\xa3\x59\x16\xf2\x29\xc9\x6f\x40\xe3\xa9\xdd\xda\x89\x2c\xdd\x66\x26\x8b\x16\xaf\xdd\x69\x8f\x57\x00\x6d\x86\x69\xef\x7a\xb6\xf8\x89\x2f\x00\x4d\x7d\x9d\xbd\x93\x0b\x77\xdf\xbb\x6b\xde\x4b\x27\x0a\xed\xbe\xd3\x25\xe5\x5e\xe9\xbf\x53\x29\xef\x2d\x80\x65\x58\xf1\x7e\x32\x98\x74\xa3\x28\x99\x34\x53\xbb\x6a\xfc\xb9\x56\x54\xba\xa3\xcc\x24\x9b\xf3\x81\xa5\x50\xd4\x66\x76\x48\xf3\xf8\x80\x41\x77\xbf\xaf\x07\xec\xb3\x2a\x22\x9d\xb7\x38\xcb\xb6\x47\xe7\xd3\xd8\xb4\x3f\x60\x98\x1b\x19\x75\xe4\xde\xe0\x1f\x3d\xa0\x74\xc0\xd2\x42\xe2\xe7\x7c\xb6\x4a\x23\xbd\x5f\x4e\xe1\x08\x08\xf5\x51\x10\xe7\xde\xfe\x0a\x42\xe4\x19\x61\x82\xd9\x06\x5e\x72\x61\x3d\x8c\x3e\xd4\xf6\xae\xaa\xf4\x6d\x22\x39\x50\x34\xa5\x91\xec\xfb\xe4\xbc\xcf\xf3\x44\x7f\x65\xcf\xd3\x8f\xed\x72\x45\xff\xce\xab\xf1\x36\x39\xfd\x0b\xfd\x6f\xf5\xae\x2f\x9b\xf1\x14\x4f\x2e\xe8\x72\xa5\x73\x34\x26\x59\xbe\x59\xce\x69\xf9\x47\xaa\x0a\x44\xeb\xb1\x87\xb3\x39\xe9\xb8\x31\xb0\x5f\x3f\xbd\xab\xf2\xab\x19\x37\xfa\x74\x33\xfb\x1d\x99\x67\xa4\x41\xb8\xd3\x3f\xbd\x5e\xfe\x7e\xe0\x51\xfb\x5d\x43\x52\x73\xe0\xf2\x06\xad\xfd\x8f\xbe\xfe\xa3\xfb\xcb\xcd\xcf\x4a\x00\x46\xf3\x6f\xe9\xfd\x67\xed\x9d\xf2\xb5\x85\x34\xf8\x65\x4d\x59\xd6\x17\x60\xe1\x16\x3a\x30\x16\x3a\x40\xcc\x7a\x74\xf1\x1f\xbc\x51\x7b\x80\x8a\x29\xd2\x88\xbe\x84\x59\x9a\xe8\x6d\x52\x06\x12\x61\x15\xef\x9b\x95\x79\xce\x73\x57\xea\x7e\x35\x7b\x57\xcd\x4d\x8e\xcc\x96\x1d\x31\x01\xbd\xdd\x2b\x1a\x94\x57\x3c\x4a\x3f\x54\xf3\xd9\x01\x08\x75\xeb\xa0\x81\x77\x0a\x48\x05\x52\xf4\x25\x0f\x1f\x43\x6b\xd4\xa5\x83\x9c\xdd\x87\x3e\x02\xb7\xc2\xd2\xb5\xda\xc4\x7f\xcc\x42\xf0\x16\x74\x63\x25\xf8\xcf\x0e\xdc\x6e\x5b\x0b\xb4\x9e\xed\x7a\x37\xb3\x7f\x1e\x29\xd3\xba\x6b\xd7\xe3\xd4\xdc\x13\xf2\x85\xa4\xd0\xe3\xf0\x0e\xad\x9a\xe6\x52\xa0\x53\xf0\x98\xc1\xd9\xbe\x9e\x2f\x33\x98\x59\x1a\x4b\xa2\x90\x25\xe1\x7f\x2b\x6e\x4c\x3f\x7d\x2b\xd4\x10\xd0\x5c\x02\x9e\x87\xc3\xcd\x36\x77\xd9\xaa\x81\xb9\xaa\x1d\x66\x39\x12\x47\x5b\xd5\xc6\x02\xf0\x38\x01\x00\xa1\x3e\x66\x10\x15\xed\x7e\xa6\x39\x70\x0b\x11\x02\x60\x00\x11\x04\xa6\xc9\x7f\xdb\x2b\x8d\x8a\x2c\x5b\x22\xf0\x7c\xbf\xe3\x84\xee\x80\xc3\xd8\xb1\xc1\x97\x4e\xe3\xd3\x62\x58\x65\xa3\xb8\x07\x6f\x81\xcf\x0f\x9c\xd9\xbd\xc7\xb1\x39\xaa\xbf\xa8\x17\x01\xce\x4b\x9c\xea\x92\xba\xd0\x73\x62\xd9\xec\xb6\x8c\xdc\xbe\x7c\x3b\xdb\xcc\xf2\xd9\x7c\xb6\x7d\x9f\x44\xd3\x59\x59\x56\x8b\x48\x99\x69\x8f\x78\xde\x89\x43\xfd\x92\x5e\xa6\x43\x81\xf8\xd8\x57\xab\xac\xc0\x8c\xf3\x64\xd2\x4a\xf9\x49\x28\x5d\xf4\xd9\xf9\x39\x95\xfb\x2a\x4b\x87\xd1\x4f\xbc\x0a\xe9\xb3\xdf\xd1\x7f\x2f\x97\xbf\xd3\xbf\xd7\x9b\x68\xe4\xa8\xd8\xd7\xfa\x38\x82\x06\x59\xdc\x55\x0c\x77\xa1\x41\xab\x72\x4e\xef\xbb\xfc\x91\x96\x85\xd6\x0e\x74\x4d\x54\x0e\xb2\x29\xa4\x39\x1d\x23\x5f\x65\xa1\x6b\x7e\x25\x21\xf9\x39\x3d\x18\x56\xa3\x6e\xa1\xea\x55\x1b\x77\x1d\x77\x2c\xfe\x35\xe4\x27\xd2\xcf\xb5\x9e\x22\x77\x29\x11\x07\x9c\x8b\x9c\xce\xd9\xce\xb9\x2a\x87\x17\xa3\xd3\x4e\xc1\x21\x13\xdd\x4e\x29\xc1\xfd\xb4\x80\xe3\x24\x77\x75\x7e\x93\xf9\xce\x62\x86\x6f\x1f\xa7\x05\x47\xb6\x0e\xf4\x51\x11\x25\xe6\xa8\x89\xe2\xc1\x67\x49\x24\x09\x71\x19\xb6\xe9\x82\x61\xc2\xcf\xfb\x9f\x3d\x1b\xf7\xc7\xdd\xf4\x49\x1c\xc9\x2a\xd7\xb6\xc7\xce\xa4\x6b\xa1\x76\x8a\xee\x0f\x1c\xa2\x7f\xce\xa9\x58\xca\x41\xc7\x56\x6a\xca\x9e\x3a\x58\x1e\xbd\x55\xa3\xe0\x1d\x53\xf7\x71\xb3\xbc\x6e\x28\x17\x07\x96\x3a\x67\xec\x95\xd7\xe2\xc4\x6f\x45\x5b\xcd\xee\xe6\x71\xa3\xd5\x0f\xd6\x6c\xad\x78\x6e\x44\xbf\xad\xcd\x12\x4a\xa6\xfe\x88\x65\x3d\x89\x1e\xe2\x9a\x12\x73\xf5\x0d\x2f\x4c\x62\x2b\xee\xb4\x69\x31\x72\x67\x5c\x80\x57\x64\xc9\x7b\x04\xf9\x7c\xcc\x0c\xc7\xf9\x33\x80\xb9\x0b\x51\xd7\xb9\xdf\x52\xcd\x7d\x02\x8a\xe3\xfc\x99\xf7\x94\xad\x25\x66\x8b\x83\xa3\x7c\xeb\x8c\x71\x66\xa7\xf7\x4b\x24\x19\xe8\x5c\xf5\x1a\x67\x09\xc2\x72\x2b\x56\x3b\xba\x0a\xaa\xd4\x23\x7f\x30\xcc\x9d\x5b\x70\xc1\xae\x59\x5f\xe0\x46\xdb\x56\x13\xd4\x2d\x71\x17\xcb\xd2\x8d\xe0\xdf\xea\x9e\x10\xda\x48\xc4\x29\xd8\xce\x99\x81\xd6\x5b\x69\xaa\xb3\xcd\x94\x6c\x20\x82\x0b\x9a\x16\xc6\x00\x55\xa5\xa1\x6c\x4a\x15\x2d\xe7\xa5\x15\xb2\x18\x1f\x55\x88\xba\xbe\xa7\xf2\x01\x97\xa7\xdd\x61\xe5\x26\x6a\x6e\xad\x54\x6a\xf3\x29\xd7\x1e\x9c\x9c\xbc\x92\x28\x62\xfd\x4d\xeb\xd4\xe9\x7f\x56\x21\x22\xd9\x1a\xeb\xe3\x58\xb0\x5e\x5f\x31\x6e\xa8\x41\xa4\xa2\x75\x57\xc1\x87\x63\xd3\x68\xb4\xaa\x06\x85\x16\x19\x4b\x4f\x5e\x8c\x75\xb2\xd4\x09\xc7\x38\x1e\x18\x09\xa0\xeb\x9a\x6e\x35\x5a\x1e\xb5\xdc\x6d\xe9\x7a\x3e\xd0\xe3\x43\x33\xc7\x75\xc5\x61\x7a\x32\x63\xfb\xdf\x6c\x74\x30\xd3\x12\x54\x97\x28\xf4\x7d\x13\x55\x98\x8d\xe9\xda\x7d\x81\x97\x68\xa4\x0b\x5b\xf9\x57\xc3\x9f\x46\x17\x51\x02\x27\xe4\xbd\xa2\x7a\xff\x71\x7b\x9d\xd3\x09\x7e\x5f\xd0\x29\x70\xbd\xe0\x38\x53\x04\x7f\x8c\x67\xf3\xf9\x77\xfa\x5b\xb8\x9c\x57\xef\xfe\xba\x5e\xde\x99\xdf\xaf\xa6\xeb\xd9\xe2\x8a\xaf\x1c\xe9\xa7\xab\xf9\x6c\x51\x7d\x63\xaf\x96\xae\x02\xe1\x13\xf8\xc7\x6a\x9a\x2d\x38\x7f\x23\xed\xdc\xe5\x1d\xff\xfa\xfd\x5b\xce\x84\x87\x5f\xcb\xe5\x35\x47\x30\x51\xd3\xbe\xe7\xc0\xc1\xfb\x68\x8c\xe5\x8f\xa5\xbd\xd9\xf0\x4e\x88\xe0\x45\xff\x7e\xde\xe6\xe4\x29\xde\x9a\x9f\xd6\xfc\x17\xfe\xab\x76\x9d\x19\x29\xc2\xb3\xe2\xd7\xe1\x81\x67\x75\x61\x32\x17\x42\xc1\x8d\x1a\x4e\x47\x8c\xbd\xef\x5d\xa7\x74\x96\x41\x2d\x05\x02\xc3\x0f\x24\x68\x2d\xe7\x24\x58\xf6\x72\x3a\x52\x1e\xfa\x32\x51\x82\x88\xe6\x11\xb8\x59\x13\x0f\xf1\x92\xd6\xef\x44\x43\x14\x12\x1d\x2a\x63\x64\x8c\x98\x01\xe4\xa1\x33\xb6\x08\xb8\x1e\x28\x2e\x90\x55\xe9\x95\x2f\xf4\x99\x55\xc4\xe2\xb0\xd9\xa9\x60\x89\xbf\x88\x1f\x57\x74\x3e\x75\x3d\x3a\x62\xe8\x1d\xe4\xd6\x71\x1a\x2d\x78\x01\x00\xdb\x9f\x2d\x21\x50\x6c\xe8\x43\xc3\x3c\x3a\xe6\x28\x40\x7e\x4d\x56\x8b\x74\xbf\xe8\xa6\x7c\xe8\x35\xc5\x27\xac\x67\xd9\xeb\xe7\xec\xa3\x66\x01\x3a\x9c\xf8\x14\x31\x5e\x15\x5c\xcd\xa9\xf7\xd3\x6a\x3d\x63\x07\x0d\xa8\x75\x6b\xe3\x91\xb2\x95\x7a\xa2\x91\x78\x31\xc9\xf6\xcd\xc2\xca\xba\xb1\xac\xe5\x43\x81\x4f\xad\x33\xfc\x07\xe6\x55\xaf\x84\x8f\x99\xdd\x70\x4a\xfd\x99\x3c\x57\xae\xbd\x16\x29\x53\x1f\x25\x40\x46\xa2\xfd\xbf\xbe\xce\xe6\x1a\x45\x93\x79\x96\x2f\x33\x2e\xf4\x25\xe7\xae\x11\x12\x49\x63\x5a\x10\x51\x0d\xcf\x05\x71\xc8\x3d\x17\xbf\x1c\x9a\x22\x1a\xce\x82\xa4\xc5\x01\xcd\xda\x79\x52\xc5\x49\xe5\x69\x33\x87\x91\x88\xa4\xc4\x8b\xc9\xc9\x39\x6a\x68\x1d\xbd\xee\xa5\x75\x3a\xe3\xbb\x52\x17\x83\xdf\xf5\x01\xd7\x84\xfc\xa3\x35\x28\xc1\x4d\xde\x89\x3c\x10\x6e\x9b\xca\x3d\xf7\x32\x85\xdb\xea\xbe\x35\x63\xb1\x8f\x13\xfb\xdb\x06\xe2\x6d\x5a\xda\x21\x51\x6d\xe5\xc9\x09\x9f\xec\x66\x42\x99\x99\xa3\xe7\x03\x7d\x42\x96\xea\xe3\x0e\x7c\x04\xaa\xc5\xc9\xb9\x09\x00\x30\xa3\x10\xc8\x31\xef\xe1\xdc\xd1\x22\xd2\xa9\x56\x23\x5f\xee\x7a\x7c\x6f\x39\xe9\xd9\x02\x44\xf2\xd4\x30\xd4\xef\x32\x35\xcc\x0c\xfb\x25\xc8\x8b\x23\x0f\x40\xcd\xc6\xdd\x88\xc4\x45\xf2\xb2\x91\xb4\xe8\xa7\x96\xbe\x34\xe7\xd4\x54\x1f\xdb\x89\xcc\xba\x98\x4a\xf1\x91\x48\x7c\xd3\x87\x61\x04\xc4\xc9\xea\x7e\x0f\x82\xd0\x40\xdb\x1e\x14\x5e\x98\x75\x82\x40\xd7\xcf\xb4\x13\x56\x45\x35\xff\x30\x2c\x47\xa8\x1e\x7e\x1e\xbb\x1d\xfd\x7b\xfa\x84\xff\x9e\x7b\xe2\xcd\x5e\xdd\x66\x2e\xc1\x6b\xa7\xd6\x32\xec\xed\xf4\xaf\xf0\x78\x08\x1d\x37\xea\x3b\xfa\xb0\x5d\xb3\xa6\x0b\x44\x47\x70\x74\x6b\x34\x7f\x83\x11\x6f\xc0\x0b\x84\x0f\xac\x1c\x94\x57\xa5\x8f\xf8\xf1\x30\xa7\xd3\x78\x64\x17\x08\xae\x84\x04\x3b\x38\xff\xc0\x45\x84\xd1\xee\x3d\x4d\xa0\x62\x83\x83\x21\xaf\x7b\x18\x68\x5b\x20\x8a\x11\x05\x36\xa5\xb3\xb4\xb9\x05\xfe\xa6\x9d\x16\xd8\xb6\x46\x32\x58\x9b\x82\x41\x97\x81\xdb\xfb\x72\x32\x99\xb7\x41\xa2\xd2\xc2\x5e\xc2\x46\xe8\x43\x4e\x6b\xd0\x69\x7c\x58\x27\x94\xea\xe1\x03\xe6\x77\xdd\x9b\xe5\x95\x7c\x64\x20\xb9\xb3\x63\xf3\x9e\xb9\x94\x57\xf7\x61\xee\x97\xbf\x07\x12\x8f\xd1\x87\x00\x69\x3e\x73\xe1\x83\x9c\x07\xdd\x2b\x47\x5c\xce\xeb\xbb\xaa\x5a\xa4\x7f\xcf\x94\x5f\x2e\xbd\xf7\xd2\x8d\x27\xf4\x10\xef\xb5\xc4\xe1\x20\x15\x95\xf4\x60\x5e\x5d\x9b\xa0\x4c\x44\x71\xa7\x85\x89\x4c\xd8\xd0\x72\x06\x17\x1f\x6d\xee\x78\xaf\x4b\x48\x04\x3b\x65\x6f\xd2\xdc\xc4\xbc\x65\xeb\xad\xf1\x24\xb9\xd3\xc9\x08\x38\x3a\x59\x2a\x59\x94\x69\x29\x3f\x6f\x39\x8f\xbb\x59\xc5\xfa\x40\x2c\x46\x03\xb0\x70\x38\x0e\xe9\x24\xba\x5d\x37\x0d\xc0\xd2\xb7\x95\xac\x7a\xdb\x48\x17\x33\x0e\xae\x84\x68\xad\xb8\xc5\x6a\x7f\x23\xff\x1d\x07\xd2\x63\x9f\xef\xd5\xfa\xb6\x25\x49\x15\x9d\x06\x1f\xf8\x98\x3f\x00\xbd\xf2\x76\xcd\x61\x7e\x3a\x34\x7e\x49\x43\x02\xa7\x31\x1e\xb5\xa1\x37\x82\x23\xe3\x44\x52\x7f\xf1\x71\xa6\xce\xd5\x45\xfb\x33\x13\x55\xcf\xb5\x1a\x27\x14\x1a\xdf\x8e\x19\xd5\x53\x37\xfa\xf1\xe3\xbc\xeb\xae\xc2\xfa\x36\xdb\x6a\xa5\x6d\xf2\xfe\x2d\x67\x9b\x14\x90\x17\x53\xbf\xc9\x77\x0d\xd7\x39\x22\x2e\x83\xc2\x02\x88\x1f\x1a\x54\xfb\x5c\x12\x3c\xed\x55\x63\xcd\x7a\x4b\xd3\x7f\xa6\xfc\xfa\xd2\x7b\x1b\x37\x50\x3b\x38\xf5\xdc\xd4\xa1\x27\xd0\xea\xa1\x54\xc0\x9e\xf8\xb8\x36\x02\x86\xce\xd5\xe6\xdd\x33\x25\x81\x30\xae\xc9\x8c\xf4\x5b\xee\xc3\x8a\x89\xb0\xe0\x28\xbb\xdd\x2e\xc1\x80\xe5\x83\x9c\xce\xb3\x24\xfc\x4c\xfd\x28\x65\x3b\xe3\x3b\x1e\x4e\x5b\x7f\xe3\x0e\xe7\x8a\x0f\x5a\xd7\x69\x69\x9e\xc7\x38\xe9\xf7\x42\xfe\x48\xdf\x8c\x1d\xc9\x0c\x9a\x0f\x16\xfd\xae\xcb\x39\x40\xb7\xf5\x56\x33\xff\x7e\xb7\xb7\x13\xa3\xe7\xcf\x42\x5c\xa4\x2d\xb7\x01\x98\xc1\x91\x8c\x21\x36\x94\xb4\xd8\x97\x06\xf8\x46\xe0\x93\xd4\xf6\x71\x13\x06\xcb\xe4\xe4\x1e\x87\x78\xb6\x6e\xcd\xd5\x49\x23\x7c\x17\x66\x7d\x37\xcf\x7a\x7f\x3e\x65\x35\x52\xb1\xa4\xa9\x7b\xcc\x3f\xbf\xff\x36\x3e\x7b\xc2\x35\x8f\xdf\xa5\x8d\x45\xa7\xec\x4c\x40\x0f\xc9\x39\x3c\x32\xf5\x32\x53\xff\xc8\x04\x2f\x57\x8e\x80\x1d\xa8\xf3\x0e\x34\x99\x73\x76\xd4\x95\x80\x83\x44\xeb\x01\x77\xb1\xd1\x19\x8a\x89\xcf\x29\x0e\xbf\xa7\xfa\x1c\xf8\x34\x55\xf2\xcf\x2c\x1d\xfe\x77\x36\x52\x3f\x64\xe9\x7d\xf4\x38\x4a\x86\x87\x82\xaa\x8c\x9f\x2d\x68\xb8\xc3\x96\x17\xd2\x59\xa5\xdf\x59\x45\x1a\x9d\xca\x70\xc9\x18\x7e\x3a\xaa\x91\xce\xcc\x91\x4e\xb8\x21\x87\x8f\x44\xaf\x76\xcc\x32\x4e\x17\xba\x00\x53\xa1\x2c\xff\x42\xaf\x1f\xf8\x6d\xa7\x17\x24\xb3\x3d\xe1\x43\x1f\x69\x1c\xe9\x43\x78\x4d\x7b\x41\xe3\x92\x9a\x53\x31\x78\xd7\x24\xed\xc2\xc9\xbd\x5f\x2e\x8f\xa6\xe9\x94\x3e\xd1\xfb\x73\xa4\x26\x67\xe9\x54\x99\x75\x69\xea\x55\x93\xee\x38\xd6\x6a\xc5\x29\x24\xb3\xa9\xe9\xdb\x59\xa9\x13\x8b\x4f\x91\x6e\x6d\xe6\x92\x3e\x68\x3b\xa3\x9c\x27\xdd\xc9\x6e\x87\x6f\x11\xef\xaf\xcf\x0d\x80\x78\xd3\x59\x02\xd9\x6c\x30\xe9\x06\x32\x5a\xd2\xc5\xbf\x30\x1a\x8c\x3c\x53\xe7\xab\xcc\x1d\xfd\x5e\xb2\x32\xef\x7c\x79\x61\x30\xc6\x89\x7f\x7a\x01\xe4\x33\x0e\xf2\x77\x4a\x9f\xd7\x61\x60\x8a\x70\x7a\xda\x2e\x95\x89\x72\x3b\x17\x75\xa3\xe6\xeb\xd2\x27\xa7\x79\x5c\xa4\x60\xec\x54\x35\x34\x9a\xc1\x6e\x31\xa2\x66\x3b\x1d\x1f\x5d\x66\x5e\x4e\x74\x38\x43\x8b\xb8\x9f\x1a\xa5\x3e\x98\x2c\xd7\x8c\x1f\xad\xf6\xce\x32\x9d\x40\xf6\xfa\x21\x63\x29\x6a\x38\x8a\x0d\x20\x0b\xdd\xa1\x15\x37\x8a\x39\x63\xad\xf3\x6c\xe8\x4f\x58\x0f\xda\x95\x84\x32\xd0\xa1\x0b\xf5\x2f\xc0\x63\x59\x05\x9b\xa7\xd4\xfd\xef\x76\x23\xb1\x41\x86\x15\x87\xa3\xeb\x94\x61\x56\x8d\x84\xb7\x0a\xf4\x04\xaf\xc0\x27\xde\xd8\xc4\x0d\xd1\xf8\x1d\x36\x1a\x83\x84\xf3\x66\xa1\x95\x3c\x6d\x64\x4c\xe0\xb4\x0f\x4a\x08\xfc\x94\x66\x9d\x1f\x96\xec\xad\x62\x2e\x38\x8b\xdb\xd4\xcb\x65\xa0\xfc\x0b\x1f\x72\xde\xbd\xb3\xdb\xcd\xc0\x70\x29\x77\xa7\xdb\x05\x1c\x2f\xe7\x5f\xf5\x97\x43\xdb\x3d\xf7\xd2\xe9\xa9\x72\x89\x20\xb8\xa9\xd6\x31\x6c\x1a\x26\x57\xe0\xac\x6c\x0d\x3f\x48\x23\x3d\xc2\x9c\x41\x3b\x47\x44\x48\xb6\x6d\x40\xe9\xd0\x43\x70\xff\x78\x4e\x07\xfc\x70\x69\x7f\x2b\xf7\xf3\x67\xef\xf7\x2f\x88\x03\x68\x0a\x8e\xea\x2a\xb5\x7a\xbb\xcb\x81\x1d\x7a\x5f\xd1\xb8\xdb\xc1\x63\xc3\xe9\xfc\x92\x4b\xa5\xa5\x2a\xbc\x74\x65\xd4\x72\xbe\xa4\x27\x2a\x24\xb4\x71\xe9\xd4\x8e\x81\x24\xc6\x3e\xa5\xa6\x6d\x5c\xce\xf6\xc5\x5a\x43\xda\x86\xd6\x2b\xe7\xde\x87\xf7\x89\xd7\x6b\xff\xc9\x85\xff\xe4\x17\xff\xc9\x93\xd1\x5e\xab\x1d\x75\x32\x31\x56\x36\x23\x99\x18\x91\x7b\x13\x9b\xc1\x2a\x2e\x6d\x97\xe7\x47\x4c\xde\x22\x39\x07\x58\x77\xa0\xa0\x44\xee\xac\x06\x68\x75\x45\x84\x55\x96\x2c\xbf\x27\xbf\x25\x3f\xe9\xf1\x8d\x87\x41\x72\x83\x20\x1a\x68\x8e\x67\x8b\xdb\xaa\xbf\x42\x7e\xf4\x6b\x64\x32\xbb\x39\x39\xb9\x61\xb1\xce\xc9\x38\xa5\x46\xba\xbd\x34\x99\x90\x5a\x52\xa6\x5d\xc7\xb1\x37\x21\x1d\x6f\x3e\xeb\x13\x17\xce\xc8\xa5\xc4\xb1\xdc\xdf\x0c\xcc\x90\xd3\x38\xc0\x1f\x6f\x95\xde\xf4\xe4\x4e\x9c\xdc\xf8\x69\x52\xcc\x96\x54\x40\x79\x1a\x33\x90\xac\x94\x4b\x8f\x57\xb1\x5a\x0d\x70\xf6\x1a\xd9\x65\x2e\x39\x3c\xfd\xa0\x62\x3c\x35\xa2\x8c\x6a\x3e\x17\x96\xcd\xc7\xe0\xb5\x14\x80\xa9\x26\xa6\xe9\x3a\xf6\xe5\xbf\x6b\x68\x6a\xf6\xde\x2c\x5e\xc7\x93\x94\x28\xdf\x6a\x80\x71\x4c\xce\x49\x62\x99\xd3\x09\x89\x27\x37\x70\x1f\xc2\x20\x4f\x34\xc3\xbb\xc2\xd1\xc1\xa7\x83\xb9\xa3\xff\x7a\x36\x0e\x22\x03\x66\x07\x72\x92\x60\x22\xda\x41\xe4\xdd\x4f\x6d\x41\x88\xdc\x9a\x42\x8c\x60\x4c\x3c\x7d\x45\x58\xc1\x92\xb0\xac\x24\x8e\x7d\x74\x12\xf3\x58\x2c\x1a\x48\xea\xab\x1f\xa6\x10\xeb\x69\xa3\xe8\xdc\x90\x19\x9a\x3f\x36\x30\xc8\x28\x50\xd3\x8f\x95\xa2\x10\x13\xc5\x03\xeb\xc4\x70\x1e\x4f\x74\xb4\x06\xc2\x60\xec\xbb\xe5\xc8\x35\x73\x1c\x4b\x6b\x01\xa0\x65\xc0\xb5\x14\x27\xee\xaf\xf4\xea\x43\x83\x53\xef\x70\xf9\xb9\x49\xeb\xf9\xf0\xf8\x67\xe6\x32\x79\xf8\xd9\x3e\x5a\x36\xb2\x01\x73\xe6\xa3\x7f\x0f\x05\xb0\xf7\x10\x5b\x31\x36\x39\x04\xfa\x36\xca\x26\x7d\x41\x6d\xc4\x09\x4d\x32\x97\x67\x1f\xbc\x94\x79\xc3\x59\xdd\xbd\xb4\xb2\xd0\xa9\xf0\x46\x67\xee\x0e\x18\x83\x71\x7a\x71\x5a\xb2\xf5\x65\x96\x5e\xf6\xb6\x60\xa3\x9c\x23\xb6\xd6\x4b\x98\xfb\x48\xfb\x4f\x22\x1f\x1c\x41\x0c\x92\xa1\x9f\xce\x37\x53\xc3\x4b\x9a\x6f\xcc\xc2\xc5\x33\xda\x0c\xb3\x41\x91\xd0\xa9\xe3\xe7\x2b\x41\x91\x51\x2c\xa0\x48\x97\x74\x04\x99\xac\x21\x02\x7f\x98\x69\x88\x43\x3f\xc8\x93\x1a\x4d\x12\x97\x77\xef\xf8\x5c\xdd\xeb\x60\xa2\xaf\x98\x17\x06\x34\x14\x10\x6a\x0d\x54\x8d\xcb\x01\x99\xe4\xf6\xe6\x77\x22\xb5\x25\x85\xb2\x43\x93\xd8\xc1\x33\xe3\x91\x14\x76\x68\x94\xf4\x38\x01\xd0\xa4\x63\x30\x03\xbc\x6b\x63\x06\xd4\x0a\x04\xea\xdb\x25\x84\xc3\x0d\x6b\x06\xe4\x67\x2f\x68\x28\x33\x1a\xfa\x81\xb0\xf1\x76\x1c\xed\xc8\x73\xa0\x15\x3c\x6d\x05\xa9\x27\xf1\x3d\xdf\x5c\xec\x70\x3e\xa8\x4d\x55\xc2\x74\xb0\x0a\x60\x32\x38\x16\x17\xe9\x57\x8d\xa3\xba\x9d\xc6\x42\xa6\xf1\xc2\x0b\x6a\x6e\x4e\x93\x22\x4a\x92\x4c\x75\xe2\xe3\xe0\xae\x32\x0e\xaa\x57\xb4\x62\x78\xc6\xf8\x5b\xb4\xf7\xaf\x5a\xfb\x1d\x87\xac\xd3\x3f\x33\xcb\x3b\x5d\x12\x8b\x6b\xde\x71\x2c\x94\xcb\xb9\x0e\xff\xdd\x2b\xf5\x23\x23\xcc\x06\xbe\xd8\xe6\x33\x2c\xb7\x9f\x9c\xf8\x97\x06\x4a\x9d\x5f\x21\xe1\x05\xf8\x53\xeb\x8e\x5d\x3e\x33\x65\xd6\x5a\xb6\x98\x5d\xd3\xd1\x2d\xf9\x81\x74\x0d\x7c\x01\xc6\xe3\xd2\x65\x7a\xd6\x8f\xcc\xb5\x4e\xc5\xac\xef\xe2\xb7\xe9\xb4\x49\xf2\xab\x93\x46\xeb\xbb\xf8\x6d\xf7\xbb\xbe\x27\x57\xd0\x3d\x7d\x4e\x8d\xe0\x05\xe7\x22\x9b\x7f\xce\xd4\x3d\x4f\x54\x03\x4a\x22\x4c\xe8\x1d\x0f\x74\x86\x1f\x61\x57\x13\x04\x2d\x38\x3d\x69\xdf\xf7\xd4\x3d\x67\xe0\xa1\x5a\x04\x2b\x62\xef\x4a\x48\x58\x20\x6c\xfc\x2f\x4b\x27\xfc\xcb\xe6\xc8\xca\x25\x96\xaa\x15\xdb\x32\x1f\xfc\x33\xb3\x05\x49\x40\xa7\x2b\x5e\xbe\x99\x4e\x3d\x45\x8b\xa0\x2a\x1b\x08\x6a\xb2\x69\x90\xc4\xa9\x99\x97\xce\xdf\xf8\x54\xe1\xbd\x19\xd1\xa4\x20\x86\xa1\x38\x39\xc9\xc5\xc4\xe0\x8d\x01\x89\xcf\x6e\xfb\x66\x4a\xb6\x55\x22\x45\x73\x0d\x08\xfd\xb5\xdb\x43\x74\xdf\xcb\x32\x6f\x5e\x4c\x79\xa1\x2c\xc7\xe3\xc1\x79\x62\x8c\x4e\xb6\x55\xae\xd8\xc0\xfd\x4c\xdc\x4f\x9c\x14\x22\x25\xa3\xbb\x9b\x81\xf7\x7b\xe8\x4a\x01\x21\xdd\xde\x77\x91\xab\x1a\x4f\xa7\x34\xfc\xbc\xfe\xc1\xe6\x14\x76\xdf\xd4\xd7\xc2\xd4\x97\x3d\x62\x43\x01\x1b\xad\x87\x45\xb9\x9f\x61\x8e\x34\x1f\x19\x1b\xef\xc4\x80\xde\x5c\xce\x4b\xa7\xaf\x42\x65\x5c\x75\x23\x6f\x96\xbe\x8f\xe0\x8a\x7d\xa8\x0f\x1f\x67\xc4\x86\x2f\x3f\x00\x6d\xa3\xa3\xb5\x5e\xc5\xcc\xfa\x5a\x13\xb0\x3a\x37\x7c\x10\x38\x0c\x1c\x80\xbc\xf0\x89\xf2\x1b\x23\x6d\xbe\x57\x62\x56\xd9\x2b\xfd\xec\x01\x1c\xc1\x90\xdf\xcb\x24\x73\x1c\x0f\xae\x64\x22\xa8\x65\x8d\x93\xc3\xf2\x67\xad\xdd\x0e\x57\x19\x1c\x2d\x3a\x95\x81\x58\xe0\x02\xd1\x78\xb6\x98\x6d\xa6\x6c\x45\xca\x19\x8e\x8c\x33\xa4\x5b\x97\x90\x9e\x3c\x4f\x27\x88\x99\x1e\xbb\x29\xbb\xf0\x12\x2b\x4e\xb4\xea\x51\x46\x56\x17\x42\x96\xeb\x1a\x5d\x0f\x76\x45\x33\x52\x4a\xd0\xd2\xfa\x86\x4d\x91\xe4\x74\x39\x71\x4d\xfb\x87\x52\xb6\x09\x5c\x8e\x9f\xfd\x8b\xf6\x02\x67\x67\xbf\xd0\x5a\xcc\x46\xbe\xb2\x76\x18\x1d\x69\x04\x3b\xba\x68\x7d\x1b\xd5\x13\xe4\x09\xe3\x91\x67\x1a\xbb\x61\xcc\x08\xab\x1d\x96\x03\x69\xc2\x21\xb4\xf8\x97\x9b\x4e\xeb\xb0\x33\x91\x70\x3d\x93\xae\x82\xe1\x22\x26\xcd\x82\xdf\x5b\xe7\x15\xf7\x92\x1c\x69\x2e\x16\xff\xf4\xb4\x1f\x8f\xf1\x0a\x48\xba\x06\x97\x16\x7f\x18\x6e\x29\x3f\xe2\xb6\xc2\x00\x0f\x74\x27\xdc\xc0\xea\x92\x49\x2d\xd8\xc3\xef\x02\xbe\x80\x92\xec\xa3\x52\x17\x24\x02\x01\xd5\xe1\xb8\x88\x0f\x64\x94\x93\xb9\x6f\x55\xbc\x1d\x1b\x20\x6f\x93\x6a\xed\xa1\x51\x55\x85\x3f\x5a\xe0\xcc\x86\x66\x64\x23\xe8\x8a\xdc\xa5\x0c\xf4\x28\x1c\xe9\x72\x50\xba\xb3\x9f\x39\x57\xb3\x2a\x39\x5f\x7a\x90\x51\x0f\xd3\x2b\x88\xbc\x3c\xb2\xf2\xd7\x8b\x2e\x42\x30\x46\xee\x86\x35\x97\x61\xcd\x65\x58\x75\x80\x2b\x46\x33\x1f\xd9\xb5\x9e\xb1\x5b\x4c\xee\x8f\x26\x6a\xb1\x23\x99\xf3\x48\x8a\x6e\x07\xe1\x20\x39\x87\x35\x02\xaf\x96\x66\x13\xef\x49\x63\x83\x0b\x8f\x3a\x99\x05\x6f\x3a\x65\xf3\x60\x8a\x09\x59\x8b\x9b\x4a\x04\x4a\x25\xa2\x66\xdd\x90\x6c\x92\x0b\x8e\x17\xf4\x89\xbe\xfe\xeb\x1f\x47\x81\x99\x48\x14\xe2\x34\x6d\x2d\xb6\xab\xa2\xdd\xd9\x5c\x36\xb8\x21\x64\xaf\x39\xb6\x0f\x80\xc4\x62\x57\xf2\x8c\xa7\x9b\x39\xb5\xef\x4b\xe0\xca\x51\x21\x2d\x10\x2b\xbe\xf9\xe3\x8a\x6f\x71\xfb\xf5\xad\xd7\x62\x55\xc3\x6d\xdd\x4d\x1a\x56\xa2\xbc\xdf\x2e\x9c\xf7\x8d\xd4\xb1\xe7\xfb\xdf\xdd\x6e\xbd\x07\x5c\x93\x3c\xd0\x15\xb9\x67\xba\xba\xfd\x87\xe3\x7c\x9a\x64\xdd\xf4\x32\x37\x44\x9a\xbb\x27\xab\x11\xee\x5b\x9a\xd5\x2a\xae\xea\x64\x97\xa3\x5c\x91\x2c\x44\x17\xe6\x35\xe1\xd4\x84\xfd\xfc\x69\x61\xd7\x1d\xad\x90\x2c\x2d\x18\xd3\xb8\xa3\xc3\x22\x64\xe3\x16\x76\x59\x9d\x9e\xd2\xc2\xea\x17\x56\x69\xa4\xf5\xd3\x9c\x2f\xc2\x29\x22\x3d\xce\xaf\x86\x4c\x28\x8d\x30\x7c\x0a\xbe\x63\x8c\x0d\x19\x12\xba\x24\xae\x04\xaa\xd4\x15\x31\x38\xe4\xdb\x6c\x9e\x5e\x7c\xaa\x5c\x69\xbf\xa7\x2f\x41\x5d\x5e\x66\xe9\xa6\xda\x7e\xab\x0b\x77\xec\x90\x84\x95\xc4\xa6\x56\xb4\xda\xaf\x83\x9d\x58\xec\xdb\x2f\xa9\x75\x2f\x25\x4a\xd7\x94\x67\xde\x21\xa5\xd5\xb4\xbc\x4b\xfe\xcf\x39\x89\x6e\xd9\x66\x9b\x3c\xa1\x1f\xd6\xe8\xf3\xd9\xf9\xb9\x3e\xb3\x69\xff\x64\xef\x0f\xe5\x4b\x44\x75\x01\x9f\x02\x45\x77\xc6\x61\xc0\x3a\x67\xab\xf2\x0e\x89\x5c\xb5\x49\x3d\x9e\x2e\x18\xfa\x4f\xe4\x2d\x6c\xeb\x8f\x29\xa3\xe3\xdc\x1b\x66\xc9\x43\x79\x10\xa9\x29\x8d\x47\x82\xe6\xc5\x8e\x7e\xf9\xc3\xee\xea\x62\xa3\x83\x33\x9b\x06\x6b\x72\xe8\xcc\x26\xe3\xe1\x77\x8b\x34\x92\xbc\x02\x6f\x11\x87\x43\xb7\xe9\x25\x81\xf6\xa9\x60\x41\xd8\xe8\x9f\x2a\xb7\x39\x09\x40\x59\xb9\xd8\x97\xf6\x46\x61\x1f\xaa\x07\xfa\xa2\xbf\x91\x46\xdb\xc8\xe0\x70\xea\x84\x8e\x54\x1f\xff\xf8\x6f\xf3\x3c\xb5\x2d\x32\xe9\x0f\x7f\xc9\xd4\xbf\x32\xf5\x88\x53\x8a\x20\x67\x1b\x52\x58\x0b\xd2\x5c\x3f\xe0\xce\x70\xff\x41\x77\x85\x05\xbf\x7a\xd8\x27\xc0\x21\x59\xfd\x81\x6c\xa9\xee\xa5\x43\x29\x8b\x1b\xed\x0a\xb5\x24\x4e\xbb\xdb\x77\xce\x73\x63\xf1\x99\xa3\x3f\x4f\xd8\x88\x12\xe6\x08\x0c\x31\xbd\x68\xc4\x7e\x44\x12\x75\x92\x43\x8d\x0b\x04\x83\x37\x8c\x25\x45\x8c\x85\x09\x42\xfa\x22\xe4\x10\x0c\xe0\x64\x20\xbd\xf3\x80\x5a\x77\xaa\x4e\x90\x1a\x0f\x87\x81\x89\xa6\x1a\xfc\x2b\x4b\x7e\x81\xa9\x07\xc9\xd1\x3d\x2f\xba\xd2\xb9\x5c\x95\xc6\x6a\x0a\x1f\xba\xd2\xe6\x5b\x86\x03\x5d\x07\x6c\x2b\x72\x4a\xf0\xf7\xc4\x52\xa5\x1d\x77\x25\xd8\x89\x3d\xa5\xf4\xdb\x52\xe9\xc6\x56\xea\xbb\xe6\x95\xd6\x15\x4d\x57\x9c\x85\xe9\x3e\x69\x04\xba\x30\xc4\x16\xda\x8b\x27\x98\x23\x6e\xcd\x81\xa9\x0e\xf4\x76\x29\x34\x43\xc8\x48\x65\x33\xd0\xe9\x2c\xdf\xb5\xec\xfa\x3a\xc9\x79\x4a\x9c\x15\xe0\x63\x30\x9e\x98\x89\xaf\x67\xef\x58\x9e\x2c\xd4\x81\xe1\x64\x6c\x17\xd6\xdf\x1d\x5f\x48\x76\x92\x10\x46\x0d\x29\xe1\xed\xc4\x24\x82\x10\x5e\x33\xa5\x6a\x9f\xd3\x63\x7f\x0b\xd1\xa8\xc9\xc6\x92\x5c\xcf\x21\x8a\x9d\xde\x8e\x0e\x17\x8c\xf7\x99\x43\xcd\x6f\x4b\xbc\xaa\x93\x65\x9b\x1d\x2c\xb1\x1b\xec\xa1\xf5\xaf\xac\x6e\xdb\x0d\x12\xdc\x0b\xa2\xe5\xa0\x36\xfa\x05\xec\xca\xc1\x77\x0a\xc5\x11\x92\x16\xe1\xb8\x39\x5e\x92\x1f\x57\xcf\xc3\xd9\x9b\xbb\xee\xd9\x24\x6e\x65\x75\x1e\x65\xda\x21\xd0\x2e\xb3\x3e\xdf\x0a\x45\x70\xe7\x94\x68\x05\x61\x70\xc6\xf2\xb6\x92\x17\x2a\xcb\xef\x17\xfa\x9d\x41\x6d\xe7\x48\xaa\x30\x5d\x3d\xec\x6c\x3a\x24\xf7\x37\x6d\x18\x16\x54\x4a\x21\xa2\x3b\x03\x3a\xb6\x93\xfc\x17\x9c\x57\x37\xa0\x5d\x58\x32\x1f\xa0\x5d\x62\xa1\x7f\x98\x76\x7d\x1f\x56\xf3\x30\xed\xf2\x82\x0b\x87\x6e\xd1\xf2\x49\x38\xaa\xd3\x30\xfd\x14\xbe\xc0\x4b\x38\xb9\x23\x14\xff\x6b\xfa\xa5\xa2\x62\x9e\x6d\x36\xf0\x0d\xc6\x5f\x2c\xb4\x48\xf2\xb4\x3c\x04\x94\xd6\x4e\xf3\x26\x42\xf3\x26\x42\xf3\x26\x86\xe6\x8d\xd3\x0b\x09\x09\x3d\x0e\xa8\x19\x1b\x1b\x72\x6f\xb7\x61\xe6\x73\xce\x29\xed\x3c\x6f\x38\x06\xc0\x39\x8a\x55\x8e\xa6\x54\x3e\x4d\x29\xd3\x2a\xa0\x29\x65\xc2\xd3\x5a\x20\x51\xa8\xa1\x6c\x95\xa3\x6c\x28\xee\x28\x9b\x14\x96\x4e\x9b\xcd\x9a\xe5\xe2\x4f\xdd\xf0\x41\xb1\x5b\x6d\x9a\x6d\xfc\xad\x96\xe5\xec\xa2\x0b\xd3\xda\x6f\xc6\x51\xcf\x99\x69\xe0\x98\x32\x5d\x57\x63\x20\x2f\x9a\xaa\x4f\x2f\xf6\x1a\xc6\xda\x3b\xb6\x99\x7a\x7b\x5e\x18\xe6\x34\x6f\xf7\x85\xe1\xcc\x2b\xc6\xe7\xc2\xb3\x24\xe7\x81\x2b\x86\x7f\x65\x6b\xe4\x36\x30\xf9\x0e\xc5\x12\xdd\x3a\xe4\x6b\xae\xb2\xf2\xbb\xc5\xfc\x3d\x42\x8e\xb2\x77\x2f\x78\xa5\x62\xb9\x54\xf3\xb9\x0e\x5c\xd2\x57\xdf\x6b\x7b\x36\xbd\xb2\xbc\xa3\x47\x0b\xdc\x5f\xce\xf5\xaf\xdb\x4d\xf5\x32\x43\x4e\x6c\x8e\xea\xfe\x42\x82\x2c\x94\x09\xb2\xf8\xaa\x9c\x09\x32\xe7\x48\x05\x87\xb2\x59\x13\x82\xea\x14\x60\x9b\xb0\x2c\x67\xa0\x65\xf3\xf4\x6c\xf8\x66\xfb\x66\xfd\x66\xf1\x66\x3c\x3a\x9b\xd4\xf8\x89\xb2\x7c\x8e\x45\xdd\xe6\xe0\xe5\xe0\x25\x9b\xee\x9a\xd0\x10\xa8\x19\x9d\x1f\x97\x75\x50\x97\x9a\xea\xee\x01\x50\x0c\x08\x25\xda\xd3\xcf\x34\xa3\x93\x79\x02\xab\x76\x9a\xb3\x9b\x2e\xd6\x20\x18\xd3\x58\x24\x4e\x56\x6c\x84\xd9\x53\x47\xfd\xcb\x67\xb3\xfe\x4c\x94\xd0\x1a\x8f\x77\x36\x42\x22\xf6\xd4\x07\x0c\x62\x2b\xb2\xad\x77\x00\x55\x6a\xd7\xbb\x81\xac\x52\xb1\x83\x86\xc9\x15\xbb\xa4\xe2\x1f\x18\x96\x1c\x9a\x5a\x2e\xe9\xfe\x4a\xe7\x7a\x4e\xf5\xc8\xdb\xc8\x10\xd9\x29\xbb\xa9\x5c\xf5\x61\xaf\xa2\x11\xbc\x86\xd2\xdf\xfb\x90\x50\x02\xbf\x2d\x44\x12\x02\x80\x08\x4d\xf3\x3e\x66\x8e\xd8\x13\xba\x46\x36\xe1\x8e\xf8\x3f\x3b\x73\x5e\xfb\xfe\x9f\x9e\xbc\x03\x73\x27\x97\x6d\x33\xf8\x2c\x3d\x8f\xa1\x86\x35\x35\xd9\x27\x4a\xcf\x28\xc3\xb6\xc9\x9c\xc2\x4d\xfa\x8f\x4d\xab\x48\xe9\xf5\x69\xf5\x9c\x9e\xf4\x64\xf5\x0f\xf9\xda\xe6\x3e\x38\x0d\x91\xfd\x5c\xb4\x92\x6e\x23\xc5\x3e\xe4\x4e\x78\x4f\xb3\x20\xa1\x99\xc1\x77\xd8\x36\x93\xeb\xb5\x32\x98\xdc\xa2\x36\xb9\x60\xa0\xf2\x78\x9f\x84\xb6\x4c\xbf\x7d\x66\xc1\x8a\x95\x42\xd7\xcf\x82\x41\xb0\x00\x74\xda\x23\xb8\x79\x63\x76\x2a\x1c\x21\xf2\x79\xe2\xcc\xab\xa0\x33\x79\x9c\x54\xae\xbb\xb9\x98\x6c\x3b\x88\x51\xf8\x31\xd0\xef\x08\x00\x6a\xd8\x5e\x24\xd2\xdc\x58\x3d\xf0\x6f\xbf\xd9\x07\xbf\xfd\x16\xd5\xd7\x6d\xed\x3a\x0d\x2f\xe9\xd4\x12\x16\x30\x8a\x12\x5f\xb7\x1c\xd6\x19\xf3\x5a\x67\x10\x2d\xdd\x9f\x76\x3c\xc5\x14\x8b\x2c\xe3\x45\xd6\x04\xcc\x32\x06\x3e\x0f\xb6\x0e\x36\x1c\xdf\x6d\x86\xde\x36\xb7\x1f\xde\x0f\x76\xbd\xe7\xbc\xce\x4d\x36\xfb\xbe\x4d\x60\xaf\x0f\x8f\x9c\x0e\x8f\x37\xeb\xfa\xa1\x41\x5c\xf2\x21\x5a\x64\x21\xd0\x39\x48\xaa\x0e\x5f\x65\x21\xec\x6b\x8b\xaf\x4d\x81\xaa\x97\x4c\xd5\x6f\xe0\xf1\xb1\xbf\x40\x39\x08\x17\xa4\x59\xb2\xd0\xaa\x00\x38\xda\x8a\x5d\x24\x70\x47\x4d\x7b\x0f\xdd\xef\xe2\x81\xf3\x43\xd0\x91\x95\x62\x8e\xac\xda\x00\x1b\x0d\x96\x1a\xbd\x46\x73\x14\xc1\x80\x08\xde\x8c\xbe\xe8\xb9\x40\xeb\xfc\x9c\xf5\xdb\xed\x38\xbf\x23\x76\xa4\xd5\xdc\x5a\xee\x71\x6b\xb9\x5b\x9e\x95\x8a\x58\x2a\xe1\x58\x26\xae\x4b\x84\x14\x4b\x51\x1d\x58\x9a\xdf\x98\xaa\xa5\x25\xd5\x83\xcd\x98\x34\x9b\x01\x13\x03\x2f\x6a\xd7\x88\x18\xe6\xfe\x82\x98\x43\x51\xa8\xb4\xc6\x71\x98\xc5\x96\xe7\x70\x16\x4e\x4c\x06\x61\x1a\xb7\xc2\xc4\xbd\x78\x4b\xc9\xc6\x1c\xb2\xc9\xed\x00\x17\x17\x4a\xd5\xa6\x31\xbe\xa3\xf3\x31\x3b\x22\x6b\x92\xac\x01\x35\x33\x4e\x63\x2d\xfc\x5c\xb3\xe6\x00\xc6\x34\x35\x50\xeb\x92\xbe\x25\xe4\x01\x11\xaf\xc2\x37\x4e\xb5\x8f\x51\xa6\xd1\xa4\xce\x9f\x55\xb0\x41\x0d\xd0\x80\x84\xb3\x69\x8e\x69\x61\x5d\x24\x46\x6b\x8f\x83\xf6\x59\x35\x98\x26\x74\x1b\x38\x1d\xfe\xf9\x56\xe2\x70\x3b\xee\x1c\x3b\x2d\xd4\xc9\xc9\x4c\xdc\xa6\x3a\x81\x02\x6a\xe0\xf4\x4f\x56\x75\x50\x03\x3c\x37\xcf\x23\xc4\xad\x05\xa8\x85\xe6\x49\x20\x26\xfb\x25\x10\xc0\x29\x70\xf3\x91\x81\x59\x05\xa0\x92\xde\x49\x6a\xec\x22\xda\x75\x12\xcb\xdc\x1e\x65\x93\x46\xc0\x54\xa0\x5c\x70\x23\x2a\x48\x62\x26\x73\x74\xee\x43\x49\x69\x92\x3f\x39\x3d\x8d\xe1\x6f\x39\x19\xa9\x4e\xe9\x78\x7a\x07\x8d\x5b\xea\x05\x37\x66\x82\xc5\xd6\x2f\xe4\x37\xf7\xf0\x93\x6a\x93\x96\x9e\x5e\x00\x7f\x69\x1f\xf0\xee\x5a\x1f\xe7\x14\x85\x35\x9e\x3a\xd8\xb4\xa3\xa6\xe8\xef\x21\x24\xba\x88\x9f\x81\xc5\xe1\xf6\xda\xcb\x5e\x5f\x32\x84\x4c\x63\x6d\xc2\x07\xa7\x9a\x64\x41\x26\xfc\x22\xc3\xde\x1c\x24\x3d\x0d\x9c\x7b\xbd\x0d\x06\xc8\x45\x9e\x18\x8d\x62\xec\x3a\x1c\x21\xab\xcf\x11\x27\xf5\x39\xd2\x99\x7e\x8e\x4c\x8a\x9f\x23\x64\x8d\x3b\x5a\x57\x9b\xd9\xef\xd5\x91\xb8\xb2\x1f\x49\x2a\xb9\x23\x4e\x51\x77\x54\xe6\x73\xf9\xc1\xa9\x96\x90\x30\x47\x7e\xdd\xae\xe4\x2f\x8e\xe2\x23\x9b\x9d\xe9\xc8\x24\x64\x3a\x72\xc9\x9b\x8e\x5c\xc2\x26\xe4\x0a\x5d\x4c\xe8\x43\x92\xcb\x61\x73\x9b\x5f\xcf\xb6\xc8\x19\xca\xf5\xd2\xdf\x15\xbc\x2e\xf0\x83\xaa\xaf\xd6\xeb\x25\x2d\x22\x49\xdd\x4a\x07\xc8\x6d\x98\x81\xb3\x69\xd6\x08\xb5\x1f\x4e\x3d\xd3\xd0\x22\x9c\x0b\x97\xc4\x4a\x6e\x8d\xb1\x58\x98\x84\x67\x3a\x45\x47\x1e\x37\xb0\x7d\xa7\xe8\xe0\x03\x69\x44\x5c\x8f\x31\xe9\xae\xd3\x30\x31\x02\xcd\x11\x72\xef\x21\x0d\x92\x69\x4f\xa6\x53\xdc\x29\xe8\xc4\x6e\x17\x8d\x57\x6a\x2f\x20\xe1\x8d\x49\x8a\xe7\xf2\x19\x7e\x38\x21\x8d\xb5\xec\xd0\x37\x0e\xbc\x65\xdf\xb9\x68\x11\x28\x06\xde\xe7\xa3\xc7\x00\xc5\xb7\x37\xa8\x6a\xe0\xe4\x3f\x8e\xd0\x05\xcd\x3f\x14\xb9\x31\x01\xa9\x12\xac\xc4\xe0\x8c\x38\x09\x8e\x2a\xfd\xdb\xab\xef\xfe\xd1\xb6\xd2\x71\x5f\x4a\x74\x70\xc8\xb2\x19\x85\x2f\x7f\x7e\xf9\xa2\x69\x39\x57\x05\xa3\xcb\x67\x4e\xce\x71\x16\xf2\xd8\xdb\x3b\x8c\xe7\x59\x70\xc4\xc2\x97\xdf\xbd\xfc\x1e\xf5\xad\xe9\xf0\x2e\xa4\xea\xaf\xd7\xcb\xeb\x57\xfc\x3a\x7a\x85\x45\x77\xf6\xee\x7a\x4e\xdf\x16\xb0\x4e\x1a\x45\x93\x95\xc6\x64\xb2\x41\xb6\x86\xfc\x40\xd6\x0b\xae\x72\xcd\x6b\xd8\xfa\x3d\xb3\x99\x99\x6f\x75\xa2\x6f\x17\xb4\x4f\xa9\x32\xea\x50\x02\x76\x0f\xca\x46\x1e\xac\x8a\x46\xe8\x4f\xbd\xc7\x8f\xce\xd4\x98\x7e\x75\x86\x83\x93\x51\xfc\x5b\x3a\xfc\xf5\x64\xf4\xf8\x4c\x4d\x72\xa8\xdc\x7a\x8f\x07\x71\x32\x3c\x7a\xb3\x1d\x3d\xee\x0c\x7f\x85\x4c\x8f\xf0\x8a\xb3\xc9\xb5\x9a\xe6\xa2\x92\xcb\x72\xda\x83\xbb\x6c\xb5\xc2\x7f\xa7\x9b\xed\x72\x9d\x4d\xaa\x5d\xaf\x7b\xca\x8b\x79\x03\x7f\xc0\x31\x11\xdc\x1d\x6d\xb7\xdd\xdd\xac\x44\xc2\xa0\x84\xbe\x38\xd3\xaf\xff\xf5\xab\xd7\xbb\x6f\xbe\xfa\xfc\x4b\x84\x78\x5c\xe2\xde\x9b\xb3\x37\x67\x67\xea\x8a\x1f\x0f\xdf\xdc\x51\x45\xa3\x6e\x12\x23\x6b\xcb\x19\xa7\x7f\xa1\x56\x9c\x0d\xfe\x34\x7a\xfc\xff\xdb\xc5\x1d\xf9\x9d\x50\x93\xe8\x41\xd2\x79\x53\x76\xe3\x1d\xfd\xff\x4c\xcd\x73\x38\xc0\x5f\xf3\xbf\x0b\xe2\x72\x1f\x9f\x45\xc6\x0f\x1f\x89\x15\xd4\x12\x6a\x9a\xf9\xb2\x60\x27\x1a\xd6\x02\xa9\x55\x9e\x5e\xe5\xe2\x8f\xbc\xac\x69\x25\x45\x54\xb0\x5e\x99\x37\xb9\xb7\x7c\x42\x23\xd6\x81\xec\x58\x70\x9b\xc0\x77\xfb\x26\x3e\x80\xd5\xe0\xe1\x47\x42\xb9\xa4\x2e\x1d\x17\xb1\x91\x1c\x8d\x4e\x3c\xea\xb2\xaf\x2c\xb1\xbe\x48\x7f\x55\x5a\xf8\x18\x4e\x1d\xa1\x44\x09\x9e\xb1\x97\x33\x82\x10\x8c\x3f\x55\x01\x20\x89\xda\x33\x3e\x64\x0b\xdf\xdf\x76\x9d\xd7\x7d\x63\x38\x86\x16\x92\xc7\x75\xee\xa3\x75\x4d\xe5\xf9\xcc\xc6\xc4\x22\xb4\x9c\x3d\x05\xf8\x38\xc8\x38\xf2\x7c\x18\x98\xd0\xf5\x2b\x97\xe9\x54\xfb\xd4\x1c\xf2\x38\xb9\xdc\xed\xc6\xbb\x5d\x35\xbc\x1c\x0d\xc6\x83\xe3\xce\x2c\xbd\x34\x01\xc4\x09\xa0\x05\xb3\x6d\x06\xde\x7c\x63\xbb\x76\x49\xa7\x3c\xfe\x81\x17\x68\xac\x66\x96\x67\xf0\x0b\xc3\xcf\x77\xb7\x3b\xae\xd8\xb7\x0d\x60\x56\x98\x15\xd7\xef\x4d\x5e\x67\x29\x16\xbd\xec\x32\x7b\xf7\xaa\xda\x6e\xa9\x6d\x9b\xde\x78\x9e\x6d\xb5\xcf\x27\xa7\xc4\xb7\xbe\xbd\x79\xec\x58\x69\x92\x86\x68\xd6\x3b\x15\xc2\x27\xb3\x04\xea\xc3\x92\xc6\x2f\x8e\xe1\x10\x87\x87\x0e\x7d\xc7\x83\xeb\xa2\x41\x83\x17\xba\x9f\xe0\x65\x9b\x1f\x82\x03\xd4\x8a\xba\x0d\xc3\x39\xd8\xce\x69\xce\x86\xba\x44\xf3\x84\x4c\xfd\xf1\xac\x27\x43\xe3\x05\xe8\x97\x1a\x79\xf2\x7a\x76\xad\xa1\xac\x99\xac\xfc\x50\x6d\x56\xd4\xa9\xea\x9b\x2a\x2b\xe9\x54\x89\x34\x98\xe8\xe9\x6b\x49\x6c\x83\xf5\x58\xc6\xd6\xaf\x66\x0a\x86\x72\xca\xae\x35\xf8\x57\x54\xab\x40\x71\x9d\xd9\xd9\xa8\xe2\x7e\xbe\xae\xb2\x2b\x64\x77\x43\x5b\xe8\xad\x22\x1e\x73\xb3\xc4\x1b\xde\x56\x56\x88\xbd\x65\xa6\xb3\xf6\x50\xdf\xe8\xf0\xdb\x22\x3b\x3f\x8b\x92\x5d\x3c\x18\x41\x97\x52\xe9\x1a\x27\x8c\x54\x58\xd1\xbc\x71\x0c\x94\x99\xe8\xf1\xa0\x33\x3e\x96\x8e\x23\x85\xbc\x69\x08\x92\x12\x0c\xc7\x2e\xf8\xdc\x0e\xef\x6d\x7d\x91\x7b\x38\xbe\xc8\x40\xee\x0f\xad\xde\x5d\x3c\x0e\x57\xc3\x8b\x51\xec\x12\xdc\x79\x0d\x8e\x2f\x87\x93\xba\x62\x34\xe8\xd0\x84\xa8\x48\x7a\x65\x26\x45\xcf\xd7\x18\x83\xc9\x19\x6f\x79\x06\xbe\x9e\x55\xf3\x72\x43\x2d\x06\xe5\x18\xb6\xdc\x1f\x21\xdb\x22\x72\x7c\x70\x46\x55\x34\xf1\x6b\x76\x8e\x63\xcd\xbd\x7f\x83\x13\x24\x9a\x2e\xc4\xec\xfa\xad\xbc\xcf\x73\x42\x0e\x5e\x2b\x63\x4c\x8c\xcd\xb5\x41\xf7\x30\x8c\x22\x1b\x8c\x79\x72\x26\xe9\xe5\x70\xc6\x93\x31\x86\xaf\x31\xed\x1e\xfe\xa9\x8e\x27\xb1\x97\x9a\x07\x6b\x02\x3a\x7f\xc7\x39\x21\x6b\x86\x46\xf2\x70\x55\x20\x49\x86\xab\x85\xaf\x68\xe5\x4c\xd8\x39\x71\x30\xe1\xb4\x3e\x09\xfe\xe1\x5c\xfd\x9c\x40\x08\x65\x88\x8b\x35\x33\x8a\x5a\x63\x6f\x79\x4d\xb8\x64\x2c\x11\x72\xd9\x30\xda\x4e\xd7\xcb\xbb\x4d\x34\x8a\xf3\x74\x02\x44\x0c\xee\x18\xce\x63\xb9\xd6\x87\xec\xdc\xc2\x45\x6e\xb6\xe0\x49\x82\x63\x54\xf1\x9f\x64\x32\x98\x27\xd1\x3f\x96\x47\x32\x85\x38\xcb\x8e\xc6\x74\x74\x63\x51\x52\x57\xb6\x4b\x8c\x02\xf1\xfb\x61\x3d\x9b\x5b\x0e\xe3\x88\x14\x86\x3e\xc9\xf7\x1e\xe0\x4d\x46\x2b\xef\x2d\xc9\x65\x0a\x59\x41\x5e\x2e\xcb\xd9\x78\x46\x22\x16\x2d\xb6\x6a\x9b\xc1\xe1\x5c\xf9\xc4\x26\xb9\xbf\x5d\xcf\x93\x65\xae\xd8\x4a\x19\xd1\x41\x19\xa9\xd9\xe6\x05\x1d\x5a\xf3\x64\x9a\x6b\x0c\x68\xa4\x8b\x22\xba\xc7\x58\xc0\x00\x9a\x59\xad\x97\xf8\x38\x67\xd0\x00\x49\xd9\xbc\x5f\x14\xf8\xa1\x29\x86\xe4\x9f\x86\xdb\xd1\x4c\xce\xbe\xb3\x77\xa7\x77\x77\x77\xa7\x34\x8b\xd7\xa7\xf4\xb9\x6a\x51\x90\x84\x56\xf6\x39\xd3\x3e\xf0\x0b\x7e\x7c\xfd\xf5\xe9\x7f\x45\x4a\xd2\x67\x00\xb5\xe6\x71\x94\x2c\xa8\x49\x48\x3e\x21\x8c\x0b\x49\xde\x48\xe7\xc9\x60\xed\x72\x07\x3f\x23\xf5\x0e\xd7\xc1\x97\xae\xe7\xea\xc8\xf2\x3a\xea\x72\xc3\x38\x6d\x5e\x01\xdc\xd1\x25\x90\xe3\x4d\xa3\x35\xef\x4d\xdb\xe9\xeb\xa8\x13\x6f\x9f\xc9\xe7\xf8\x4b\x67\x52\x13\xbf\x7d\x06\xf5\xb5\xbf\x5d\xe4\x95\xc8\xdc\x24\x0e\x28\xd2\x6d\x37\xb7\x80\x2c\x68\x1a\x63\xee\x81\x25\x94\xef\xea\x8d\x8b\x7e\x73\xc3\xa2\x44\xd8\x36\x61\xda\x8e\xb8\xa7\x18\x5e\xb9\x44\x2d\xd0\xf0\x58\x7e\x53\xdf\x47\x7f\x13\xc7\x55\xd2\x51\xea\x8e\x11\x99\x65\x33\x43\xef\x00\x30\xb4\xb7\xeb\xe0\xf6\x80\xf9\x32\x1f\xd0\x49\xc5\x87\x55\x78\x3e\x41\xf4\x4b\xe8\x7e\x78\x17\xde\x13\x5c\xe3\xf7\xd6\xe3\x9a\x58\x98\x39\x51\x11\xdc\x7c\xbd\xce\x16\xd4\xed\xf5\x16\x37\xaf\xf5\xcd\xda\x67\x9b\x3e\xd5\x42\x6c\x7c\x4f\x50\xf8\xf8\xe8\x60\xde\x5a\x9e\x30\x22\xa5\xb6\x41\xb7\x2b\x1d\x7d\x31\x27\x42\xa4\xbb\xbc\xdb\x5d\xa9\x6b\x77\x49\x55\xcf\xbd\x4c\x0b\xf3\xde\x25\xe7\xc7\x02\x68\xc3\xdc\xe6\xe3\x56\xcb\x20\xf0\x45\xad\xe8\xf2\x79\x36\x9f\x03\x8a\x07\xfe\xc1\x8b\x82\x44\x45\x92\x18\xd7\x88\xbd\xbb\x01\xd1\xa3\xcd\x79\xbb\x79\x4e\xd5\x32\x9e\xfe\x1a\x24\x1e\xb9\xc5\xd4\x96\x98\xb1\xdb\x34\x2a\x90\x26\x1b\x0a\x0d\xf5\x36\xbd\x87\x99\xed\xfd\x2b\xde\xce\xe7\xaa\x71\x3a\xb6\xc4\xbf\x13\xed\x79\x02\xad\xa1\x1c\x65\x1c\x9e\x4b\x63\x61\x94\xcb\x93\xdc\xc6\xb9\x01\x8b\xa3\x91\x19\x80\xb8\x82\x27\xa3\x3d\x94\xd0\x59\xed\xc9\x3e\x10\xc7\x73\x51\xfb\xe4\x7b\xb4\xe9\xf3\xf9\x3c\x6c\xd6\xa6\x05\x55\x83\x1b\x35\xa8\x12\xf1\xf7\xda\xa0\x27\x34\x98\x9b\x6d\xa3\x23\x7e\x5e\xb3\x30\x33\x98\x91\xe7\xa0\xf0\x48\xa1\xe9\x4d\x25\x29\x41\xa6\x10\xc9\x9c\xea\xf4\xdc\x7b\x05\x91\x75\x3d\x2b\xab\x97\x9a\xb1\x68\xb5\x98\xb3\xa6\xc9\xb0\x1e\x69\x66\xde\x75\x93\xd3\x3e\xb6\x1c\xe0\xf5\xe4\xd9\x36\xb6\xf1\x69\x59\x7c\x03\x21\x7c\x78\xc3\x6e\x7d\xf4\x8f\x70\x15\x47\x6f\x4d\x48\x44\x36\x7c\xab\xe7\xbc\x96\x1a\x54\x91\xc0\xb2\x6e\xb5\xdb\xee\x76\xb7\x56\xbd\x03\x88\x05\x2e\x08\xe5\x11\x82\x9f\x4c\x3f\xf7\x68\xcf\xd2\x46\x18\xbd\x8d\x9d\xaf\xfc\x0a\xd6\x01\x45\x9f\x95\x03\x20\x7d\x2b\x61\x1c\x6f\x45\x0e\xa3\x4b\xc4\x6c\xe0\x1c\x5b\xcf\xd3\x0e\xcc\x51\xfc\x73\xb7\x5b\xe6\x31\x04\x4f\xab\xc5\xac\x58\x8b\x69\x2f\x2f\x73\xc5\x64\xbe\x1b\x9d\x9d\x31\x2c\x95\xe4\x09\xec\x5d\x57\xdb\xe9\xb2\x04\xff\x26\xaa\xc1\x2b\x7b\x47\x8a\x50\x49\xcb\xbf\x18\x6b\xa0\xbb\x25\x19\xe6\x0e\x8b\x20\x51\x34\xd2\x1a\x6d\xda\x98\xeb\x25\x1d\x29\xcb\x6b\x22\xf4\x8c\xb5\x6f\xe4\x24\x6e\x7f\x4d\x54\x52\x41\xf1\xf4\xb8\x73\x8c\x18\x5c\xe1\x03\xb8\x1b\x60\x19\x9f\xe8\xab\x27\x60\x72\xa6\x12\x3c\x1f\x4d\xb7\xdb\x55\x02\x76\x04\xa5\x07\xd1\x7f\x9d\x47\x49\xf4\xd9\x67\x9f\x12\xf7\xc9\x91\x9f\x79\xbd\x18\xd7\x16\x94\xe3\xaf\xa3\x83\x27\x27\x57\x3d\xef\x24\x74\x96\x2b\x2b\x5c\x98\x72\x7a\x44\x52\xa6\xce\x99\x19\x20\x0c\x32\x34\x77\x58\x20\x70\xad\x54\x6b\xd0\x4b\x75\x45\xec\xe2\xdb\x58\xc9\x4e\x37\x88\x39\xfd\x99\x49\x46\x85\xaf\xca\x49\x8c\x7c\x58\xe7\x1c\xa8\x2b\x27\x7e\xb7\xcb\x9c\x7e\x90\x99\x35\x62\x8a\x08\x8f\x4f\x37\xa9\xf2\x27\x44\x06\xa5\x67\xb0\xe1\xe8\x64\x2c\xc7\x33\x7d\xf2\x4b\x51\xb8\x9a\xf1\x2c\x04\xa5\x78\x97\xe9\xfe\xe9\xe7\xdd\xb4\x53\xe6\x86\x4f\x1f\x44\x27\x34\x66\x83\x28\xee\xea\xee\x6a\xa7\x15\xb9\xe2\x29\x44\x06\x2a\x93\x0e\x57\x56\xec\xd8\xbd\xee\x6c\x94\x63\x5a\xaa\x8f\x2e\x7e\x4b\xa3\x6e\x01\x37\xdb\xa4\xec\xb6\x7e\x26\xb2\x25\x50\xf9\x6c\x6c\x58\x1f\xce\x63\xe2\xf3\x42\x24\x93\x9e\x9c\xbc\xed\xd5\x09\x55\x27\xfa\x76\x7c\x6a\xca\x9c\xbe\x9a\x11\xa9\x8e\x54\xe3\x4d\xd6\x42\x12\x23\xf5\x50\x25\xff\xa0\x1d\x09\xb0\x8a\x62\x1a\xb9\xd2\xd4\xaa\x8e\x5b\x38\x6e\x1c\x71\xe5\x31\x4e\xc7\x92\x4c\x38\xf7\xef\xc5\xed\x5f\x0a\xc4\x27\x15\xd4\x12\xab\xb6\x17\x3e\x67\x06\x2b\xf2\xf7\x2c\xcb\x31\x57\x3a\x73\xd9\x66\x18\x3e\x19\x0d\x0e\x3e\xe9\x6a\x0e\x3e\xbc\x3d\x88\x14\x71\xab\x8b\xbc\x1b\xf5\x8f\x6e\xd2\xf3\xde\xf9\x45\x04\x1b\x75\xe2\xaa\xe1\x70\x2f\x96\x68\x2f\x41\x61\x69\x20\xe4\x58\x89\x5b\xda\x7b\xa9\xec\x63\x44\x5e\xb2\x58\xd4\x93\xe4\x10\xaf\x88\xd3\x15\x28\x50\x7b\x29\x76\xb3\xb9\x7a\xab\xae\x62\x9d\x91\x59\xf6\x90\xdd\x44\x9a\xd6\xc6\x7d\x3a\x89\xf9\x67\x64\x1b\x72\xaf\xc9\x69\x72\xa1\x99\xf2\x0b\x65\xe3\xb7\x2e\xf6\xf1\x5b\xfa\x3e\x89\x64\xba\x11\x45\xba\x06\x13\xa3\x77\x2a\x51\xf6\x9e\x3b\xca\x81\xa4\x71\x72\x72\x5d\xdb\x80\x9c\xe4\x62\x48\x2d\x1b\x61\x69\x32\xbf\x8c\x51\xdf\x8a\x83\x31\x72\x2a\x92\xe8\xd2\x8e\x50\x61\x5a\x1d\xe9\xc2\xd0\x1d\xda\x37\x63\x49\xe9\xb3\xa5\xaf\xc2\xde\x42\xdc\xff\x5a\xbd\x33\xb2\xc7\x9d\xf0\x09\x7c\xa4\xc5\x2c\xae\x1c\xdd\xf5\xdf\x75\x4e\x2f\x14\xe0\x58\xf8\x20\xe3\x2b\xc8\x1e\x96\x3f\x8b\x3c\x4c\xaa\x77\x02\xd5\x6a\x95\x29\x6a\xad\x36\xea\x56\xdd\xa9\x77\x69\xde\x87\xa3\x17\xb8\xa8\x6d\xfa\x04\x71\xca\x81\xc3\xf4\x24\xb6\x79\xd2\x01\xdd\x0f\x33\xb1\x0a\x06\x29\x7b\x76\x3e\xf8\x2c\x81\xb3\x46\xf6\x2c\x7d\x72\x4e\xfd\xff\xf4\xfc\xfc\x19\x1d\x56\x9f\x9e\x7f\x06\xf5\x2c\x7b\x88\xdd\xa6\xdb\xbc\x73\x45\xf3\x09\x5c\xfe\xdb\xf4\x16\x17\xb7\x74\x79\x19\xab\xcb\x41\xa7\xb6\xc3\xef\xe8\xe4\x6b\xd1\x30\xbc\xa0\xcd\x6b\xf7\x34\xf2\x31\xb4\x11\x83\xf4\x8e\x1e\xb4\xbf\x8f\xbd\x6b\x5f\xd3\x1b\x99\x8a\x13\x79\x96\x86\x52\xd7\xa0\x57\x64\xec\x04\xa6\x95\x83\x77\x80\x60\x30\x40\xb2\x89\xee\x8f\xdc\xdd\x5e\x9b\x86\x24\x9d\x77\xe9\x2d\x73\x0e\x15\x31\x89\xb7\x42\x1f\x37\xf4\x83\x17\x1f\x0d\xcb\xf1\x06\x2a\xb4\x4d\xfa\x4e\xe1\x08\x3f\x7e\x07\xd3\x10\xd5\xa1\xe5\x46\x1a\x2a\x8e\xd4\x39\xc7\x61\x64\x38\x10\x1a\x35\xf3\x93\x81\xcc\xa1\xa6\x7f\x87\x33\x9f\x46\x6b\x19\x44\xc8\xce\xd5\x90\x96\x89\x7a\x3b\x8a\x93\xa5\x1f\x23\x3b\xc7\x12\x7d\xa7\x36\x23\x57\x29\xb8\xa5\xce\x0d\x98\x5b\x3d\x9d\xc1\xe2\xbe\x1c\xc8\xf2\xd6\xb2\x68\xc2\x57\x5f\x49\x1b\xb1\xda\xe9\xcb\xeb\x04\xd5\xad\x18\x18\xc3\xfb\xc8\x88\xb3\x39\x76\x6a\xfb\xe4\xb9\xde\x72\x76\xaf\x9c\x9e\x9a\xc3\x0d\x16\xdf\xd6\xa3\x6d\xb9\xf2\xd3\xcf\xbc\x65\xae\x15\x52\xd1\x21\xf5\xff\xc2\xf8\xff\xa9\x42\x45\x2c\x4b\xc5\xfc\xce\x2b\x16\x04\x0f\x99\xc5\xe4\x1d\x3d\x06\xb9\x4b\xf2\x13\x98\xe1\x60\x6a\x56\xd1\x6a\xb9\xd9\x36\x81\x21\xeb\xc6\x9c\x30\x80\x27\x54\xc2\xb2\xc5\x1e\x01\x95\x08\xac\xb2\x3b\x29\xd6\x62\x58\x87\x65\xb9\x4c\x04\xf6\x5c\x19\xf2\x9b\x54\xa2\x0a\x28\x94\x21\x65\xa5\xf1\x04\x35\x69\x7d\x5a\x4d\x70\xcd\x3a\x45\x09\x60\xeb\x35\x7d\x35\x62\xfe\x85\x55\x04\x10\xe9\xd0\x5a\x10\xc8\x93\x71\x2d\xe2\xf2\x6e\x9d\xad\x90\xa6\xe7\x30\x8e\x57\xcd\x55\xe7\x61\x8f\x2c\x5d\x5d\xe8\x8d\x05\x67\x01\xc9\xac\xc1\xe7\x18\xdb\x78\x0f\xa4\x8d\x8a\x91\xa2\xea\x3c\xf6\x52\xf8\x98\x62\xa1\xc7\x64\x90\xfa\x4f\x17\x41\xc2\x98\x5a\x4a\x39\x89\x00\xe1\x58\x75\x11\xc0\x32\x49\x45\xa5\x2d\x27\x92\x1e\x11\x51\xcd\x8d\xbb\x0e\xa3\xd8\xe6\x46\xe3\x1e\xc6\x3a\xe7\x98\x42\x4f\xbf\x5d\x2c\xaa\x0f\x84\x32\x1c\xf4\x74\xaa\x0d\x1a\x57\xd5\x18\xb6\x46\x1e\x05\xeb\xbd\x04\xe7\x08\xa3\x0c\xe9\xb8\x70\xa5\x41\xe1\xa6\x20\x4e\x72\x2f\xad\x9b\x6e\x72\xab\x7b\x43\xd0\xc4\xfe\x83\x99\xc4\xea\x13\x9d\x87\xae\x30\x71\x22\x9f\xba\x5d\x84\x1f\x0b\x47\x46\xe6\xb2\x25\xc3\xa8\xe7\x26\x20\xae\x4c\x92\x8b\x1d\xd9\x87\x8c\xc7\x9f\x4d\x26\xa5\xdd\xaa\x5c\xf6\xdc\xbd\x0e\xfc\x35\x4e\x1e\xab\xb5\x0e\x15\xde\x18\xc4\x94\x56\x47\x61\x0f\xbe\xf5\x69\x7a\x0e\x3d\xaa\x0f\xaa\x4e\xb7\xf6\xf5\xda\x38\x8d\xc0\xbc\x6a\xa9\xee\xb8\xf5\xbb\x18\x7e\x56\x86\xbc\xcd\xd3\xb3\xff\x78\x72\x7e\x36\x51\x77\x30\x48\x0e\xdf\x8c\x1e\x9d\xa9\x77\xec\xe6\x34\x78\xb3\xa0\xdb\xef\xb5\x25\x4c\x4c\xd4\xda\x99\x7d\x37\xbb\x86\x19\x8d\xce\x86\x6a\xcb\xf6\x33\x78\xb7\xab\xdf\xf3\x87\xdc\xe0\xaf\xaa\xf7\x93\x6a\x11\x9f\xcd\x1c\x9f\xf0\x79\x5d\xc7\xdd\x00\x0f\xd5\x24\x32\x88\xc6\x22\xf2\x87\x0c\x43\xb9\xc1\x36\x1d\xd0\x62\x02\x88\x2c\x6a\xeb\x46\xc3\xa8\xdb\x69\x28\x84\x90\xa8\x3f\x02\xa7\x3f\x8a\x54\x25\x06\x5f\x2f\x7b\x33\x9d\xc5\xfa\x85\x63\x9b\xf9\x99\xbe\x5d\x32\x05\xae\xc5\xec\xe6\xb1\xfd\x4c\xc5\xd5\xe5\xc3\x6a\x24\x35\x6a\x21\x2d\x6d\xf5\xff\x90\xbc\x61\x35\x28\x81\xb4\x16\xa8\x3f\xc8\x3b\xc6\x3d\x28\x87\x7b\x10\x11\xe9\xa1\x71\x9d\x19\xa5\xa2\xfd\xfc\xf1\x87\x6f\x71\xda\x11\x2d\x42\xa6\x3b\xea\x12\xc9\x2e\x2d\x4f\xf2\x78\x1f\xa4\x94\xcc\xb5\xe7\xbc\xaf\x79\x83\xd4\x17\xd8\x8f\x7c\xa9\xd2\x83\xa4\xc9\xd8\x19\x5d\xf4\x5c\x1a\x5d\xe0\x7b\xa8\x55\x6d\x20\xba\x99\xa6\x00\x60\x58\xf6\x4b\x6f\x01\x7f\x48\xe7\xa7\x65\x07\xde\x83\xc7\xa1\x11\x2d\x14\xc3\xe0\x60\x72\x1d\x52\xc1\xe5\x72\xb6\xe8\x90\x94\xe6\x94\x0d\x6f\xe9\x04\xed\x46\xf5\x03\x83\xe8\xee\x2c\x9b\xcf\x7e\x6f\xcd\x0c\xa3\x25\x67\xc1\xb8\x34\x05\xa5\x5f\x08\x0a\x0a\x6f\x1d\xa2\x0e\xad\x34\x5c\x87\x5f\x09\x55\xa8\xb4\xe1\xdb\x39\x61\xc1\x1f\xd6\x39\xf9\x68\x5f\x53\x22\x08\x1a\x2b\xa0\xf5\x48\xe0\xb5\x17\x50\xbb\x05\xbb\x67\x1e\x1b\x62\x33\xdb\x74\xa2\xc4\x79\x37\x9d\x9c\xfc\xae\xb7\x41\xe0\x55\x87\x94\x7e\xef\x73\x97\x06\xd4\xd0\x25\x9d\x69\xfe\xd8\x64\xd0\xc7\x29\x18\xf6\xcd\x8f\x21\xf6\x3d\x08\x43\x08\xcd\x42\x34\x7d\x6e\x85\x14\x9c\xe3\x9f\x2a\x2a\x5a\x1c\x05\xef\xd1\x07\x22\xfc\xbc\x12\x78\x11\x24\x2e\xd1\xe8\x3b\x9a\x51\xd8\xed\x99\x23\x4a\x5a\x8a\x16\xed\x45\x25\x5b\x9e\xd0\xd5\x60\x0d\xbf\x9b\xae\xfd\x78\x4c\x48\x39\x1e\x28\xee\xcf\x2f\x5f\x7c\xb3\xdd\xae\xb4\xb8\xa8\xe5\x9d\x0c\xd9\x47\x99\x1a\x7e\x81\xb0\xdd\xe7\x6c\x97\xff\x92\xfe\x3d\xe7\x40\xd3\x8b\x27\x4f\x3e\xa5\x1f\x9f\xed\xd5\x57\xf5\x1d\x84\xaf\x75\x10\x6f\x99\x6d\x91\x00\xee\x2b\xd1\xb3\x04\x97\xd0\xf6\x8a\x1f\x51\xe4\xef\x0e\x9b\x0f\x17\x5b\xe0\x79\x1e\x3f\xcf\x87\xd9\x88\x11\xb1\x20\x8e\xaf\x37\xe9\xf1\xf1\x57\xf0\x42\xbc\xa3\x63\xe5\xf9\xba\x22\x92\xbd\xa5\x75\xba\x81\x47\xe2\x57\x39\x44\x41\x6a\x45\x4a\xed\x41\x31\x3d\x04\x56\x14\xeb\x1c\xe4\x9c\xa4\xee\xdd\x0e\x55\x1f\x67\xbe\x2a\x6c\x70\xbf\x09\x32\x47\xfb\x76\x47\x62\x46\xb8\x9f\xc0\x70\xec\x7e\x91\x4b\x4a\x30\xa4\x9b\xeb\x88\xdf\x9f\xca\x58\xc7\x93\x89\x7c\x8a\x2b\xda\x55\x3c\x85\x08\x36\xd9\x6c\xee\x96\x6b\x98\x8e\x51\x89\xd8\x3d\x9c\x59\x2e\xb8\x49\x94\x34\xf5\x6e\xd0\x65\xdf\x59\x82\x4f\x4e\xc6\xbd\xba\x12\xb7\xed\x5e\xc7\xbd\x82\x6f\x7a\x5d\x44\x6c\x75\xf4\xf3\xa9\x9e\xfb\xaa\x3c\xe5\xfc\x8f\x0c\xaa\xdf\x76\x3f\x8d\xc2\xc5\xa2\xd1\x65\xb4\x51\x78\xdc\xd4\x3a\xd0\xc1\xc2\x78\x0d\x79\xdb\xa1\xee\x4d\x3d\x48\xb1\x56\x69\x3d\x67\xb0\x6b\xa0\x10\x2c\x79\x89\xf0\x0f\xd1\xc7\xb2\x33\x93\xd6\x36\xb0\x24\x38\x36\x5a\x88\x44\x4b\x73\x7c\xb7\xe4\xec\x6c\x90\xb8\xd4\xd8\x13\xe2\xe2\xa4\xec\x7c\x99\x0f\xcd\x2d\x60\x83\xb7\x15\x6b\xfa\xab\x8e\x7b\xbe\xe9\x69\xa0\xf3\xb8\x07\x37\xf7\xda\x56\x4d\x35\xb5\x2a\xfa\x91\xae\x15\xe1\xf6\xa6\x4f\x39\xdc\x26\x6d\xbf\xf2\x8e\x6e\x3e\x8c\x32\xdc\x7f\xdc\x92\x7e\xea\x3c\xc3\xa2\x90\xc8\x02\x55\x97\x98\x8a\x05\xe6\xc2\xe8\x29\xa6\x3a\xfd\x86\xa8\x28\xa6\xfb\x86\xf2\x9c\xc7\x3a\x07\x99\xf0\xb1\xdd\x3d\x5b\x8f\x35\x1c\x8a\xa8\xa2\x2d\x84\xce\xbc\xa7\x8e\x02\x0b\xe0\x81\xfb\x55\x71\xdd\x7a\xff\xdd\xa9\x7b\x12\x18\x0a\xf5\xd7\xe0\x2f\x84\x3a\x77\x28\x16\xcb\xcd\xb3\x9a\x61\x8f\x2d\x74\xba\x8a\x36\xb6\x3e\xc8\xb4\x8a\xd8\xfe\xbd\xa3\x89\xd6\xa0\xd6\xb1\xa2\x58\x40\x19\x6c\xba\x69\x51\xa8\x72\xc4\xa7\xa8\x56\x25\x3c\x35\x54\xac\x9b\x18\x6e\x08\x79\xb1\xfd\x86\x23\x3a\xad\xdf\x60\xdf\x01\xaf\x1e\xe7\xa7\x66\xac\xd2\x01\xd5\x61\xd9\x16\x12\x45\xf4\x54\x6a\x7b\x46\x87\x3f\x9f\xb2\xf7\xce\x56\x2c\xb6\x5f\x84\x94\x72\x91\xe7\x72\xad\x36\xeb\x22\x61\x42\x44\x87\x03\x55\x15\xb1\xeb\xa6\xd6\x7b\x14\xc1\x96\xcc\x6d\xe2\x65\x40\x34\xb0\xdb\xe3\xc9\x49\xd5\xf1\xb6\x95\x68\x64\x3e\x3b\xff\x8c\x0f\x00\xb9\x14\xb4\x42\xa8\x15\x83\x30\x7c\x24\xcb\x8a\x5b\x56\x1e\x6c\x34\x58\x79\xc6\xf5\xef\xeb\x1c\x2c\xe0\x5f\xe1\xc9\x96\xc6\x6f\x06\x9d\x41\x7a\xb2\x7b\x14\xef\xde\x0c\xc4\x09\xd0\x5b\x94\xd0\x2d\xac\x92\xa8\xd0\xf6\x42\x31\xff\xae\x8c\xf9\xb0\x09\x72\xfe\x75\x2e\xb8\x0d\xac\xe9\x60\x8c\xbf\x65\x37\xfa\x4d\x34\xda\x3e\x2f\x01\x7b\x18\x8c\xee\xad\x0b\x04\xdf\x60\x0b\xf1\x2a\x0a\x90\x0f\xea\xe9\x3c\xf2\x1e\x17\x32\xa0\x2f\x7f\xd5\x5c\x46\x8e\x81\x8f\x07\x11\xfd\x0b\xf4\xcb\x1a\x51\xc9\xb5\xf6\xfa\xb8\x13\x68\xa7\x25\xe2\xc9\x86\x1a\x7d\xd0\xee\x0f\x7e\xc7\x7d\x90\x8d\x01\x74\x42\xe2\xaf\xe3\xba\xa0\x33\x94\x6e\x70\x4a\xf2\x40\xc7\x8c\x30\xa7\x5e\x30\x98\x35\x06\x3c\x7c\x88\xf0\xdf\xe0\x46\x07\xe2\x6b\x70\x47\x4d\x07\x39\x7c\xca\xf0\x8f\xe5\x53\xfe\xca\x56\x07\xe2\xca\x6d\x71\x33\x5a\x79\xcd\xd6\x61\x46\xcd\x18\x22\x74\x71\xe1\xe9\x39\xd9\xac\x73\xce\xd1\xdb\x4b\xac\xf8\xa3\xb4\xc9\xa8\x72\x02\x55\xf1\xa9\x84\x67\xd2\x5d\xb6\x39\x5a\x2c\xb7\x47\x58\x46\xac\xc1\x9c\xd0\x10\xec\x55\x38\x24\xa9\x28\xb2\x18\x68\xb2\x82\xa5\xb2\x0a\x6a\x9e\x38\x7f\xd7\x3d\xf2\x04\x36\xe0\x1b\xe5\x05\x96\x81\xb8\x7b\xe1\xe0\x16\xb5\xc1\xc2\x42\x85\x33\x1f\xbc\x7d\x26\x02\x54\x60\xc7\x1e\xb0\x97\xe3\xce\x84\x75\x26\x93\x74\xec\xc0\x95\xad\xc6\xcc\x27\xe1\xec\xab\xc0\xb9\x2c\xeb\xca\xba\x8f\x73\x7f\x6d\x8d\x1f\xd3\x9e\x90\xa0\x7d\xec\x2e\x30\x17\x7f\xc8\xf4\xad\x49\x9f\x4f\x02\x1c\xf0\xd8\x86\x23\x97\x9f\x6e\x98\xd7\xe0\x2f\x90\xa5\x2e\x1e\x25\x8c\xf7\x19\x66\x25\xa7\xed\xc7\xf2\x8d\x80\x12\x99\x14\xe3\x0b\x1a\x0d\x47\x8e\x4c\x4a\xf0\x21\x52\x5e\x79\x7a\x04\x2d\xac\x7f\xc3\x81\x1f\x8b\x1e\x48\x5b\xdf\xfe\x6a\x1b\x83\x36\x80\xac\x6f\x72\x33\x06\xdf\xe4\xed\xd8\x3e\x7d\x3f\x5e\x9b\x9f\xc1\x9d\xcf\x8b\x05\x74\xdb\xec\x59\xca\x11\x9d\xc6\x72\x9b\x69\x17\x34\x24\xeb\x61\x48\x3e\xbe\x3a\xe7\xe4\x3d\x75\x21\x57\x8f\xb3\x56\x4e\x26\x79\x0b\x28\x1e\x43\x5b\xa7\xd1\xf7\xdf\xbd\x7a\x8d\x95\x6b\xdd\xd5\x8d\xc4\x1a\xa8\x1d\x2b\x4f\xe5\x28\xce\x3d\xda\xb5\x29\xae\x61\xcb\x22\xc6\xc5\xad\x68\xaa\x96\x93\xcb\x97\x03\x1c\x37\xe5\xec\x2d\xce\x1a\xad\x9c\xf2\x56\x18\xa4\x24\x0e\xb6\x41\x5c\x23\x34\x49\xd6\xa2\xde\xa1\xb5\x10\x0a\x4e\x13\x11\x83\x49\x08\xda\xed\x3c\xdf\x38\xe6\xb4\x72\x95\x01\xa4\x56\xbb\x14\x58\xd5\xaf\x33\xb3\x2a\xa7\x97\x56\x35\xa5\xb6\xaf\x1e\x0f\x14\xe7\xca\x59\x89\x9a\x19\x85\xea\x81\x00\x6d\xce\xef\x6d\x9a\x29\x8d\x7a\x54\xb6\x6b\x7d\x27\x44\xe6\x3a\x16\x92\xcb\xd7\x1d\x5a\xa4\x1d\x10\x5e\xc1\x73\xd5\x13\x27\xab\xf7\x5b\xf6\xff\xb3\x79\xa9\xc3\xcc\xc4\x4e\x29\xf4\xb7\x3c\xf8\xde\x6c\xf3\x13\x0d\xfe\xf2\x0e\x8a\x9e\x2c\xf9\x4b\x5a\x4f\x2a\xe6\xe5\xb7\xde\x2f\xb4\x9e\x8c\x03\x55\xbe\xe3\x9f\x0f\x41\x12\x78\xfe\x3f\x26\x97\xa2\xce\xd0\x19\xc1\x03\x88\x23\xf1\x00\x55\xde\x8f\xc0\x31\xcf\x0a\x0d\x74\x6d\x32\x53\xf5\x4c\xe9\x34\x5a\x57\xf3\x0c\xc6\x06\x38\x15\xa6\x73\xdd\x8a\x8e\x00\xf4\xe9\xaa\xd9\xde\xa0\x66\xee\x06\xb2\x12\x47\xc8\xd1\xdf\x71\xe9\x40\xf1\x01\x60\x11\xcd\xde\x11\xc9\xc6\x05\x27\xe2\xeb\xce\xfc\x53\x12\x69\x26\xe2\x67\xa7\x17\xb0\x65\x21\xc5\xb3\x69\x05\xcb\x67\x25\x27\xe7\x05\x5e\x0a\xaa\x47\xa6\x48\x3f\x69\xd5\x18\xc9\x0c\xc3\xfc\x86\x33\xdc\x6a\xec\x51\x56\x16\xe5\x06\x54\xb4\x90\x6d\x2c\x41\x65\x3d\x46\x53\x83\x01\x66\xb9\x92\xab\xd3\x29\xfe\xed\x4e\x5c\x11\x7c\x9b\xcb\xe0\x87\xbe\xa6\x52\xf8\x83\x73\x2d\x42\xe0\xcd\x84\x83\xeb\xe8\x88\xe5\x0b\xf3\xa9\x6b\x20\x46\x63\x80\xae\x25\xf1\x83\xa7\xe5\x59\xd6\xe7\x33\x7e\x28\xa6\xd2\x31\xb7\x5e\x16\xfe\xa6\x8d\x40\x4f\x55\xcf\xae\x17\x83\x1e\x97\xc7\x26\xe4\x93\xa3\xe1\xb4\x3e\x1f\x20\xfe\x9c\x53\x5a\x71\x4e\xe9\x73\xb8\x9d\x97\x0c\x33\xe9\x5b\x0c\x58\x40\x76\x51\x88\xe3\x46\x16\x6e\x2f\xd1\x39\xc3\x8c\x74\x2c\xea\x26\x09\x54\x5f\x20\x53\x1b\x0d\xc9\xf3\xf9\x8c\xca\xfe\x40\x74\x91\xd8\x87\x1f\x25\xc8\xb3\xfd\x39\xfc\x5a\x8a\x94\xf6\xcd\x38\x56\xdc\xbc\x8a\x27\x04\xd1\x1c\x93\xea\x17\xe9\xd7\x29\x32\xd7\xe3\x85\xd7\xb4\x3e\xb8\xf1\x95\xcc\x87\x94\xfa\xb9\x56\x0a\x59\x3c\xf6\xc8\x61\xa6\x56\x2d\x09\x9a\xa9\x7f\xc6\xc0\x61\xe0\xce\x54\x61\xc7\xa8\xac\x8d\x91\xf1\xa0\xb7\xab\x5a\xa7\x91\xf0\xb7\xdb\x20\x97\x18\xbe\xb6\xce\x25\x1d\xad\x1c\x93\xb9\xfa\x5e\x6b\xea\xe9\x08\xf1\xee\xf2\xe1\xe9\x70\x6f\xd0\x0e\x39\x0c\x62\x76\x70\xcf\x6c\x31\x60\x80\x62\x74\xcc\x46\xe4\x92\x92\xd3\x8b\x86\xc6\xa6\x43\x45\x31\x1e\x9f\x96\x72\x18\x1c\x57\x50\x8f\xb9\x6c\x05\xae\xfb\xd4\x76\x50\xb2\x38\xbc\x06\x49\x47\x95\x3c\x20\x7a\x3b\x48\xf5\xf5\xa2\xa8\x9a\xcb\x22\xe9\x8a\xdf\xdf\x3f\xa4\x99\x6c\x8c\xd6\x6e\xf7\x6d\x6e\xcc\x4d\xac\xc1\xf5\x11\x82\x64\x98\xd8\x0b\xc9\x50\xb9\x16\x82\xc8\x36\x29\xbf\x4e\xab\xe7\x44\xe5\xfb\x10\xfa\xcf\x66\x82\x81\xdf\xb2\x5d\x5d\x91\xb2\x99\x63\xe4\xbe\x5e\x9b\x7e\x12\x35\x0f\x6c\x2d\x28\x82\xc0\xf5\x26\x9c\x61\x75\x30\x3b\x59\x2e\x49\xaa\x24\xad\x39\x6d\x0d\x97\x7a\xd0\x52\x86\xf1\x60\x32\x98\x0c\x8b\x51\x02\xf6\x95\xb9\xcb\x0e\xdd\xb0\xd9\x6d\x3a\x08\xa9\xf6\x5a\x9f\x8c\x55\x39\x18\x27\x99\xbf\xab\x62\x7e\x37\x1d\x23\xa8\x8d\x3e\x58\x27\x46\x92\x27\xbb\x06\xe2\x88\xe3\x9d\x69\xff\xc3\x39\x00\x39\xe9\x5d\x90\x22\x5d\xb5\xc6\xf4\x15\xe0\xa7\x24\xa3\xa1\xcb\x7d\x0b\x7d\x2c\x62\xef\xdc\xd9\x40\x55\x72\x5a\xda\xa4\x70\x8c\xb4\x37\x63\x3a\x7d\xa8\x4d\x53\x28\xc9\x7c\x35\x04\x7e\x13\x3a\x51\x5e\xb2\x49\xf1\x38\xb5\x7c\xd4\xcd\x8c\x8a\x23\x81\x8b\x60\x12\x2d\xe9\x48\xc3\x6d\xef\x7d\x96\x27\x79\x1a\x4b\x6f\x1a\x59\xec\x97\x44\xcd\xf5\x21\x04\x5b\xee\xe1\x17\x58\x7e\x96\xc1\x6e\x39\xaf\xad\xce\xc2\x28\xf0\xc1\x03\x93\x38\x25\x31\xc9\x79\xed\xbc\x37\x57\x88\x67\x77\x6a\xb2\x1b\xb0\xc6\x1c\xe4\x56\x86\x91\x90\x49\xea\xdc\x88\x79\x92\xdc\xf2\x24\x22\x65\xd6\x29\xbe\xc5\xa9\xcf\x7b\xb0\x1f\xb2\x34\x47\xab\x0c\xef\x23\xdb\x8b\x77\x65\x0a\xc8\x56\x33\x05\xc2\x2b\xf7\xf1\xd8\xcc\x26\x27\x26\x90\x6d\x8b\x8e\x4d\xe0\x8a\x2c\x19\x12\x04\x89\x60\xc2\x4b\x74\x3c\x28\xad\xf2\xce\x2e\x4e\x13\xde\x89\xc8\xd7\x16\xb9\xd2\xc3\x5c\xd0\x27\x72\xb6\x28\x5f\x55\xf3\xb1\xc8\x22\xb4\x06\xbe\x80\x70\x17\x99\x37\x3d\x10\xe9\x8a\xf8\x66\x62\xd2\xe4\x6f\x2f\xbb\x2e\xcd\xef\x4e\x24\xd6\x24\x80\xf0\xb6\x24\xa5\x5c\xe8\xb3\xf7\xef\xe0\x18\x2f\xff\x89\x92\xea\x05\x7e\x3f\x72\x13\xb5\x58\x3e\x5f\x2e\xc6\x24\x66\x78\x01\xc2\x1e\x13\xda\x7b\x04\x32\xc6\xcc\xda\xa3\xf4\x45\x2e\x58\xc0\xba\x2e\xfb\x44\x5f\xfe\x1d\xa8\x74\x7b\x65\x64\x8f\x54\x8e\x5b\xfb\x18\x35\x2c\x50\x22\xee\x03\x04\xef\xec\xec\x4f\x47\x82\x4e\xf6\x92\xa4\x05\x5a\xff\x3f\xfe\xf0\x22\x95\xee\xf4\xae\x67\x6c\x06\xf9\xdf\xff\xeb\xe9\x99\xd6\x5f\xd1\x4f\xfb\xeb\xec\xf1\x31\x55\xf0\xf8\xe8\x8b\xe5\x72\x4b\xf2\x59\xb6\x3a\x7a\xfb\x69\xef\xd3\xde\x9f\x8f\x3a\xec\x35\x7a\x76\x46\x07\x60\x6e\x9e\x41\xcc\x88\xb9\xf8\xf3\xe5\xea\xfd\x1a\xdb\xf2\xe8\xc9\xf9\xc5\xc5\x29\xfd\xf3\xe7\xa3\xd7\x77\x33\xa4\x83\x57\x47\xdf\x2e\x8a\x1e\x97\x7a\x41\x02\x17\xc9\x1a\xe5\x11\x02\x59\xd7\x34\x6b\xd5\xd1\xcb\x6f\x5f\x1f\xcd\xe5\x36\x8a\x9c\xfd\xef\xff\x05\xc9\x10\xcf\x31\x07\xa5\x9b\x28\xe9\xa8\xd6\xa3\xc2\x4c\xf2\x95\x84\x66\xda\x86\x7e\xb2\x39\xfa\x5b\xf6\x36\x13\x57\x97\xa3\x75\x75\x73\x3b\x23\xe1\x46\xbf\x47\x5b\xac\xeb\x73\x65\xc0\x6f\x3a\x82\xfc\x49\x12\x5d\xdf\x80\x4e\xd1\x4a\xd1\x63\xe4\x02\x70\xe0\x43\xa1\xaf\x7a\x11\x3b\xc8\x41\x99\xf6\xf4\xc9\xc9\x09\x7c\x67\x9f\xfe\x65\xb7\xbb\x48\x39\x19\xfd\xc9\xc9\x5f\xf0\x03\xde\xb9\xf0\xca\x7d\x7a\xf1\xef\x36\xf5\xc8\xc4\xc9\x5c\xf4\xfe\xd2\xbb\x38\x5a\xae\x8f\xa6\x34\xb0\xa0\x12\xfb\x8e\x1e\x04\x75\xb8\x2f\x56\x44\xc9\xed\x49\x6b\x09\x44\x0d\x04\xd3\x4e\x23\xab\xb9\xef\x25\x27\x3f\xeb\x4a\x85\x99\x8a\xee\x6a\x77\xbe\x82\xa3\xdf\xcb\xe5\xef\x7e\x99\xad\xfd\xcd\x6e\x80\xdf\xf9\xcf\x96\xc1\xab\x47\xcb\x5a\xd9\xed\xc1\x6a\xf6\x0e\x23\xdf\x26\xbc\xb1\xc1\x81\x26\x0d\x7a\x31\xd2\xec\xeb\x3d\xd4\xb3\x88\x0a\xdc\x3b\x2c\x14\x9e\xcc\xea\xfa\x76\x8e\x04\x11\x7e\x2b\x82\x8d\x28\x46\x44\xe4\xf1\x14\x67\x17\x9d\x40\x13\x76\x00\x1a\x9e\x4d\xad\xe7\xbe\xe2\x14\x89\x70\x64\xff\x07\xe4\x88\x88\x7d\x46\x32\xb8\x75\xe3\xa2\xb6\xde\xae\xa0\x79\xee\xb9\x0e\xc2\xdb\xc2\x41\x96\x7b\x7e\x91\x95\xf5\x90\x57\x59\xa0\xc0\x6a\xa9\x84\x0d\x16\x6d\x0f\x24\x45\x1d\xfb\x92\xe9\x54\x0f\xbd\x5a\x47\xd2\x7b\x04\xaa\xb3\x2a\xe2\x50\xf3\x6c\x70\xfa\xc3\xa5\xa6\x0c\x76\x9a\xb4\x91\x36\x3a\x43\xb6\x74\xc8\x11\xf7\x01\x73\x30\x8f\x2a\x1d\x55\xf2\xc2\x77\xf9\xa5\xfe\xb5\x3e\x00\xdf\x6c\x70\x17\xe0\x13\xf3\xc7\xd6\x7c\xfe\x30\xb4\xa0\x8e\xcf\xd0\xce\x40\x15\xf1\xf3\x50\xc3\x60\xae\x7b\x19\x35\x07\xd6\x9d\x0a\x60\x1c\xb5\xbb\x88\x62\xa5\x6d\x6c\x7d\x99\x9a\xca\x63\x24\xb0\xcb\x4d\xde\x31\x34\x5b\xbe\xf4\xc9\x10\x35\x9d\x96\xb3\xcd\xf5\x6c\xb3\x49\x23\xa9\x6e\xf4\x89\x0a\xd7\x21\x0d\x97\xd8\x03\x18\xbc\x21\x72\x58\x4d\xcb\x4d\x45\x4b\xa5\xec\xfd\xf7\x57\x3f\xbc\xfa\xf6\xbb\x7f\xa4\x11\xd3\xe2\x88\xf8\xfe\xd7\x3f\x7c\xfe\x8f\x57\xdf\xbe\xa6\x9b\xbf\x7d\xf9\xe3\x0f\x9f\xe3\x47\x7a\xf1\xe7\x73\x7a\xe2\xf2\x04\xf2\xfb\xc1\x87\xec\x48\x15\xd0\x9c\xf6\xca\x0a\x26\xe0\x8e\x5b\xaf\x11\xbf\x52\xf6\xdc\x78\x58\xbd\xdf\x5e\x16\x7b\x66\x61\xa0\x2a\x41\x76\x61\xdd\xf6\xa9\x4c\x36\xcc\x8f\x0c\x59\x69\x9e\x21\x2c\x1c\xf0\x0f\x88\x5f\x1c\x5b\xe5\xf3\x59\xef\x71\x67\x90\xfe\x69\xf8\xeb\x9b\xcd\xe8\xf1\xa3\xf8\x0c\xb1\x1a\xb2\x99\x26\x54\xff\x38\xee\x0b\xd6\xdf\x9a\x97\xf1\x97\xa2\x3b\xe9\x38\x15\x9b\xc4\xae\x4a\xef\x36\xa0\xcb\xba\xa9\x28\x61\x11\x21\x88\x4c\x68\xd3\x36\x97\xf3\x7a\x04\x9d\xf5\x6c\xa3\xab\xfd\x5e\x3e\x82\x00\x28\x54\x1b\xa0\x55\x11\xcb\x18\x1d\xda\x64\x13\x87\x72\x15\x01\xd2\x9b\xa4\xc3\xc9\x01\xb2\x51\xc4\xad\x84\xa8\xd3\x3a\x87\x71\x52\x74\x8c\x26\xb5\x92\x23\x89\x9b\xdd\x77\x3f\x53\xc4\xa4\x9a\x8b\xde\x73\x97\x0b\x37\x2d\xfd\x07\x6d\xbc\x87\xc7\x7a\xd8\xda\x2a\x4b\x72\x4a\xeb\x4c\x68\x97\xa2\x1d\x36\xde\x11\xa7\xd9\x6a\x86\xc5\xd9\x58\x63\xff\x03\xbb\xb4\xf4\x76\x69\xe9\xf6\xa3\xb8\x76\xf1\x92\x6a\x53\xc8\xe6\x7d\x4e\xd5\x51\x2f\xae\xf7\x6f\xa1\xb9\x6b\xec\x60\x9b\x17\x2d\x1f\x54\x1a\x33\xad\xc3\x7a\x5e\x46\xdc\x64\x47\x6e\xf8\x27\x99\x8d\xec\x71\xe4\xa5\x4e\x2b\xfc\x48\xbb\xd3\xa4\xd8\xbd\x61\xea\xe0\xcc\xcb\x63\x51\xf4\xbe\xfc\xea\xeb\xcf\x7f\x7c\xf1\xfa\x15\x62\xd3\xb9\x18\x42\x50\x33\x48\x25\x74\xf4\xec\xfb\x45\x63\x77\xbb\x57\xd2\xfb\xb9\x94\x7c\xcd\x11\x97\xfa\xa2\xd7\xeb\xc1\x54\xeb\xcd\x82\x69\x72\xcb\xe9\xe6\x70\x86\x0c\x36\x99\x69\x38\x8f\xec\x6c\x63\xd1\xb0\x07\xc0\xa6\x89\x8c\x7e\x7a\x6c\x86\x9d\xb6\x63\x37\x8d\x24\xc8\x53\x5c\x6b\xd8\xd4\x4e\xe7\x16\x47\x1a\x9a\xd1\xb6\xb7\xe8\x3b\x24\x6f\x42\x89\xe1\x9d\x6d\x9c\xbe\xf4\xdd\xfb\x00\xe6\x15\xa5\x74\x85\x44\x3b\x07\xfe\x08\xd2\x75\x32\x96\xdc\xf6\xde\x00\xf0\x6c\x75\xea\x43\x08\x9a\x67\x31\xe5\x68\xb3\x31\xe5\x01\x78\xaf\xc6\x39\xb1\x45\x8d\x8f\x91\x3f\xfc\xaa\x0c\xb6\x7c\x11\xfb\xa8\xc0\x05\x9c\xaf\x64\x11\x22\xed\xb6\x3f\xe0\xb2\x62\x1a\x90\xfa\x68\x4d\x1e\x8e\xb2\xa5\x53\xfa\x2c\xd0\x6f\x46\xb2\x34\x37\x74\x18\x08\x57\x69\x74\x83\x7e\x06\x55\x5b\x07\xeb\xf6\xcd\x3c\xf5\x2d\x92\x72\x21\x76\x67\x41\x44\x86\xd1\x42\x5f\x6b\x2f\x2a\x4e\x6b\x98\x89\xb1\x48\x57\xa1\x1d\xce\xa3\x10\x04\x32\x32\x77\x55\xf8\x59\x3b\xac\xb6\x40\x9c\x38\x1c\xa6\xfa\xf7\x19\x3e\xb1\xd6\x00\x9d\xfa\xc3\x55\xe9\xc8\xa6\xa9\xd2\xb6\x31\x2c\xe8\xe3\x18\xba\xcf\xab\xfa\x17\xd4\x87\xaa\x8f\x61\x38\x2f\xbc\x13\x8e\x41\x8d\x22\x9d\x2e\xae\xd6\x5f\x3e\xb4\xb2\xf5\x2c\x3b\x65\x6c\x23\xd4\x7f\xfc\xe1\x0f\x7c\x44\xc3\xf7\xda\x4e\xc7\x84\x57\xa6\xbe\xef\xfd\x36\x34\x5d\xae\x02\xa2\x5e\x04\x4f\x3e\x4c\xd5\x75\x85\xe5\x87\xc8\xba\xae\xd0\xd1\xf5\x60\x7d\xfe\x6a\x16\x28\x98\x15\xdf\x91\xd9\xd0\xe6\xc2\xf0\x77\xc4\x9d\xb8\x31\xc9\xb7\x0b\xad\xcc\x2c\xbd\xf3\x99\xef\xb2\xa9\x18\xec\x51\xa9\x5c\xfa\x0c\xaf\x1e\x50\xa2\x4f\x78\x85\x0f\x7d\x1c\x7e\xda\x1e\xe0\xa9\x0f\x17\x73\xb0\x60\x9f\x08\x8e\x5a\x8d\x6d\xd0\x9e\x16\x0c\xa1\xd5\xd2\xef\x23\xc0\x6d\xfd\xbb\xe3\x21\xac\x9b\x6d\x5a\xad\xc7\xe1\x4a\xe0\x06\x44\xea\xec\x57\xfe\xd1\x99\x2d\xe2\xc1\xa3\x33\x63\x62\x67\xdf\x8d\xff\x11\x6e\xf7\xc0\x39\x5a\x64\x6b\x86\xbc\x8a\x04\xd0\xb3\xfd\xb8\xd2\xf4\x5f\xb5\x9e\xb4\xd0\x6d\x35\xf9\xe0\x41\x9e\x8c\x7b\x9c\x2d\xa5\x76\x12\xdb\x0f\xb6\x9c\xc5\x75\xa0\x47\x39\x92\x81\x16\x3a\x19\x00\x5e\x8e\x0e\xe6\xb1\xcd\xd2\x81\x13\x7a\x95\xdd\x72\xb0\x6d\xf1\xbe\x98\x4b\x46\xda\xc6\x29\x5d\x1c\x3e\xa5\x1f\x11\x25\x84\x0f\x07\x3c\x18\xdb\xc8\xac\x6d\xeb\xa9\x2b\x18\xd5\x4e\x78\xcd\xa1\x73\x43\x4a\xf1\xcf\x11\xef\x5d\xea\x3a\x4e\x16\x77\xc7\xa6\x28\x71\xb7\x1e\x09\x55\xf0\xef\xcc\xb6\xd5\xf5\xc6\xbb\x61\x72\xd9\x5f\x55\xef\xf3\x65\xb6\x2e\x75\x72\x28\xdb\x52\x2c\x69\x8d\xc4\xd6\x0b\x46\xd7\x1c\xb4\x5c\x5c\x97\x50\x46\x6c\x61\x50\xb4\x48\x93\x64\xf3\x09\xee\x03\xfc\x5e\xa2\xe5\x62\xbb\xbc\x2d\xa6\x9c\x43\x85\xf3\x1b\x1c\xd0\x2c\xc6\x6d\xad\x71\x80\x6a\x0f\x34\x88\xbf\xa5\x9b\xe3\xde\x62\xe0\xb5\x07\xde\xe2\x69\xd6\x6f\xb5\xf3\x4b\x6d\xd2\x10\x12\xb1\xf8\x9c\x94\x99\x88\xe4\xcf\xd5\xa7\x8a\x1b\x92\xe8\x01\x91\x08\x0f\xe4\x10\xd1\xa3\x8d\x88\x9f\xe0\xb8\xd7\x03\x99\xd6\x0c\x7b\xc7\x67\x12\x46\x60\xe2\x07\xce\x66\x06\x22\x5d\x48\x02\xfd\x99\x08\x90\xf2\xfd\xe6\x6e\xc6\x6e\xbc\xbd\xbb\xe9\xac\xa0\x53\xbe\xc8\x68\x4b\x7f\xfa\x9f\xc2\xa2\x80\x66\x75\x34\x1c\x4b\x5f\x9e\xfc\x45\x9e\x2c\x00\x89\x69\x9e\x98\x64\x32\xb2\xe7\xf7\x59\x93\xd6\x85\xad\xe6\x71\x6b\xd3\x3c\xe6\x06\x96\x54\xaf\x5f\x7b\xfa\xba\x4d\x16\xe6\xbc\x09\x1e\x86\x5b\xc1\x7b\xe7\xd8\xab\xd3\x32\x5b\x66\xf9\xfb\x09\x78\x82\xd9\x45\x17\x35\x97\xd5\x5a\x6f\x6c\x94\x22\x7e\xd7\x68\x70\xbf\xa5\x2d\x23\xa8\x91\x87\xdc\x07\xf4\xae\xca\x5c\xe0\x0c\xbb\xab\xd0\x6f\xda\xe4\x78\x66\x19\x1e\x2e\x28\xf6\x6b\x84\x24\xfa\xbb\x34\x6e\xfd\xf0\xd7\xcb\xf5\x97\xb3\x75\xc5\x9f\x6d\x0b\xa6\x90\x2d\xe6\xb7\xb2\xc3\x49\x5e\x23\x4c\x59\xc4\x59\xba\x38\x47\xc9\x6e\x17\x2d\x84\xb3\x05\x97\x62\x98\x25\x69\x8e\x30\x84\xa7\x17\x8c\x1c\x65\x46\xd7\x8c\x0e\x96\xac\x83\xf9\x14\x71\xd1\x56\x3e\x38\xbd\x48\x2e\x88\xb0\x77\x8a\x6e\x15\xff\x47\xb3\xce\x7e\x73\x94\x10\x40\x36\x6e\x30\xb9\x2d\x79\xef\x24\x60\xa9\xa5\x7f\x01\x69\x6b\xa5\xab\xf8\x90\x65\x40\x5d\x0c\xc2\xb3\xb6\x4e\x03\xa7\x35\x33\xf9\x57\x7c\xd2\x3a\xa8\x93\x1e\x92\xb9\xf1\x28\xa4\x1f\xbe\x7b\x2d\xce\x12\x38\xc5\x24\x85\xb1\xb4\xd7\x0f\x10\xf7\x81\xaa\x93\x3d\x2b\x06\x32\x27\x89\x8c\xa7\xaa\x8d\x12\x22\x12\x82\x61\xe2\xca\x3e\x6a\x9b\x9d\xd7\x79\x45\x3d\x30\xbc\x05\x8e\x78\x3b\x5b\xf8\x41\x98\x02\x5a\xd5\x7b\x35\x6e\xf3\x43\x9a\x46\xe5\x48\x68\x87\x2d\xc1\xe1\xb6\xfc\xe0\x3e\x0f\xfb\x8a\x96\x1e\xb2\xbf\x98\x09\xaa\x4f\x1a\x4d\x10\x8f\x67\x7d\xd8\xa8\xb7\xff\x46\x55\x32\x48\x35\xf1\x17\x8f\x6a\x32\xba\x6c\x89\x0f\xaf\x43\x08\xba\x7a\xc7\xb7\xec\x6d\x0e\xe5\xd2\x8e\x66\x76\x60\x90\x5c\x61\x61\xe4\x51\xb1\x93\x26\xd1\x5a\x8c\x92\x33\xd1\x24\x73\xf8\x41\x8b\xac\xd0\xd2\x49\xa2\xbe\x7d\x81\xf3\x1b\x33\x48\x97\xd3\x5c\x71\xb7\xc2\x75\x7d\xcf\x5e\x3c\x55\xf9\x9a\xcf\x97\xe4\x52\x95\xa6\xa5\xc9\x54\xa0\xa5\xdb\x97\xc7\x55\xac\x8e\xaf\x5a\xd5\x5e\xd6\x53\xc2\xb5\xe7\x1c\x9e\x8f\xfe\x3e\x69\xf0\x4d\x56\x58\x6d\x3c\xf8\x28\x31\x93\xfb\x3b\xd7\x9c\x69\xf0\xba\x25\xd0\xf1\xb0\x49\x61\xc6\xf1\x28\xee\xd3\x39\x33\x6f\x11\x4c\x99\x03\xbc\x0e\xc7\xee\x0f\x0d\x9d\x4b\x36\xd4\xb2\xe9\x0e\xc9\x80\x3c\x43\x90\xbc\xc7\x3e\xac\xbd\x1a\x73\x80\xae\x0b\x90\x54\x1e\xea\xfd\x14\x81\x06\xfe\x55\xf5\x61\x73\xc3\x38\x18\xc6\x61\xae\xa6\x23\x1d\x78\x86\xfc\x16\x2d\xa3\xa1\x42\xdc\xfd\xa1\x79\x10\xbe\xa8\x66\xde\x1a\x54\xed\x08\x0d\xb3\xe6\x5a\xba\xa6\xdd\x77\xce\x61\xa3\x6d\x6a\xcd\x56\x66\x0c\xf1\xfe\xd5\x01\x95\xc3\xb8\xad\xfd\xb5\x0d\x52\x17\xb1\x6d\x4b\x62\xbb\x54\x35\x29\x37\x10\x43\x9e\xb8\x6d\x96\x40\x3f\xb8\x32\x22\xb7\xb9\x6e\x13\xba\xed\xb3\x0f\x8b\xdd\xb6\x5a\x2d\x78\xd7\x6d\x43\xce\xab\xcf\x53\xa1\x67\x9d\x56\x25\x3a\x0b\xd0\xa1\x0a\x9d\xf3\x04\xb7\xe9\xcf\xbb\x56\x7f\x5e\x23\x39\x4e\xc2\x33\x1e\x26\xbe\x98\x37\x36\xb2\x5d\xa5\x7f\xc0\x29\x30\x68\x0c\x2f\xed\x53\xf8\xf1\xf5\xe1\xe0\x30\x71\x47\x86\xe8\x93\x58\x96\x1f\xab\x09\xbd\x08\xdd\x7e\x8b\x64\x89\x73\x77\x2a\x1a\x9b\x3a\x9b\xda\x3f\xa8\x96\xb0\x43\xee\x04\xf1\x68\xe8\x1a\x84\xd8\xd8\x3f\xf6\x06\x75\x81\x5f\x52\x59\xe7\x8e\xbd\x26\x5c\xe4\x45\xb0\xc7\x32\xa3\xa0\x43\xa0\x56\xea\x86\x6f\xf4\x49\x33\xde\x3a\x30\x23\xf5\xf5\x58\x14\xaa\x30\x63\xf9\xef\x19\xae\x4c\x14\x6e\x7e\x60\x4d\x14\xf6\x89\x5d\x13\xc5\x83\x6b\xc2\xd2\x34\x24\x79\xf4\x4c\x3f\xff\xbe\x91\xac\x58\xce\xe7\xd9\x6a\x53\x35\xd4\x06\xa5\x53\x1b\x14\x0f\xab\x0d\xfa\xc7\x1c\x12\x27\xba\x91\x93\x93\x33\x24\x4c\xdd\x21\x39\xaa\x51\x86\xb0\x3b\xa9\x51\xb0\x62\xad\x85\x16\x39\xdb\x84\xc0\x28\x27\x8a\x84\x03\x66\x39\xab\x21\x28\x3f\x52\x43\xd0\xa6\xc7\xf7\x7b\x68\x0e\x44\x4d\x87\xd2\xac\xae\xdc\xb5\x8d\x1c\x0d\x31\x57\x69\xf4\xa7\x4f\xba\x79\x8f\x53\x7b\x7c\x12\x8d\xd4\xc1\xc2\xde\x94\xd7\xde\xf9\x44\x7f\xd3\x9d\x4a\xa1\x9a\xc1\x49\xf3\x10\x75\x34\x93\x2c\x17\x96\x57\x37\x5e\x89\x3a\x3d\x6e\x59\x7e\xbe\x9e\x65\x9f\x2f\xca\xe7\xba\x01\x9a\x0a\x87\x46\x82\xa0\xa7\x35\x11\xcd\x4c\xa2\xb4\x4c\x1b\x51\x3e\xde\x5e\xf9\x29\xdb\x2b\x9d\x84\x2e\x35\xb0\xf0\xed\x9b\x98\x4a\x3a\x95\x18\x05\xbb\xa9\x6e\x3f\x74\x2e\x8b\x4f\x98\x17\xe6\xac\xef\x58\xe7\xb1\xf0\x0b\x58\x83\x69\xe8\x3b\x7a\xdc\x1c\x6d\x23\x82\xb5\x7c\x0f\x96\x42\x13\x36\x66\x98\x4e\x19\x7c\xc3\x3b\xc8\x95\x2f\x80\xae\xb2\x05\x53\x49\x5f\x26\x5d\x90\x14\xa0\x97\x03\x16\x32\x13\xf5\xe3\x4e\x10\x8c\xd1\xc9\xd3\xaa\x75\x43\xb2\xd1\x34\x68\x70\x1c\x5b\x8f\x35\xcb\x16\x51\x4f\x7b\xc1\x7b\x87\x79\xc6\x31\xf1\x8c\xe3\x03\x3c\x63\xd8\xa4\x42\x28\x60\xa5\x4c\xbe\x64\x92\x7c\xda\x1a\x29\xee\x5c\xc6\xd4\xcb\x5f\xb5\x93\xdb\x89\xfb\x61\x33\x02\x6e\xc1\xb5\xd7\xe3\x16\xfc\x91\x82\x9a\xf0\x3c\xf6\x35\xf8\x12\x66\xc6\x2a\xfc\xf3\xda\x86\x6d\xaf\xbb\x8c\x3e\xf4\x7e\xb8\xf9\x84\x6d\x9f\x06\x91\xdc\x1f\xec\x01\x37\xb6\xd9\x07\x44\xec\x4a\x27\xa2\xa8\xf5\x63\xe7\x07\x58\x20\x9e\xd1\x45\x38\xa5\x7b\x01\xd8\x6f\xe1\x64\x8d\xfc\x11\x64\xf4\x66\xf8\x71\x0e\xb0\xbc\xae\xe6\x8c\x98\x67\x9d\xfd\xd4\xc4\xf0\x8b\xa7\x60\x31\x5a\x44\xef\x06\xdb\x6a\x74\x3b\x53\xa3\xe6\xfb\x03\xc6\x6f\xf4\x3f\xf8\x06\xf1\xd1\xc3\xd9\x88\x23\x14\x83\x0d\x3b\x0d\xe4\xbd\xc3\x1b\xf6\x23\xf6\xab\xdb\x1b\x53\x23\x6d\x7d\xc4\xde\x00\x7e\x74\xbb\x1b\x41\xa0\x00\x3a\xb8\xba\x87\x45\xbd\xa7\x05\x4c\xa6\x4e\x6e\x10\x67\xd7\x83\xf6\xb8\x60\x35\xb5\xae\x66\x5e\x50\x07\xd6\xf3\x45\x7d\x3f\x34\xd7\xe3\xe1\xcd\x70\xf1\xc0\x66\xa8\x1a\x9b\xe1\xe1\x55\xfc\x47\x76\x48\xe4\xb9\xa9\x08\x40\x4c\x7d\xd5\x3f\x20\xc2\x89\x26\xa1\x31\xe2\xe7\x87\x7c\xbd\xcc\x2a\xae\xfe\x8d\x55\x9c\x54\xde\xee\xaa\xaf\xdc\xa6\xe1\x18\xc5\x86\x0f\x2d\xd4\x81\x50\x55\x9d\x5b\x1e\xdc\x4c\x50\xa3\x3d\xd8\xdb\x44\x93\x4e\x0b\x73\xa0\x43\xc5\x0e\xb3\x2c\x7c\x5f\xf3\x0e\xd1\x27\xdd\x96\x2a\x84\x23\xd1\x80\x2a\x75\xd3\xbe\x97\xf3\x00\x9c\x67\xff\x61\x6e\x23\xef\x20\xdc\xd0\x18\xda\x0d\x16\x51\xd0\xc3\x43\xef\xb6\x2a\x5e\xb3\xda\xe8\x09\xf0\x45\x73\x1d\x23\x61\x70\x68\xa1\x73\x4b\x5f\x1d\x17\x07\x56\x7f\x11\xfa\xe6\x98\x57\xfa\xc1\x95\x15\x1f\xf5\x75\x9b\x93\x8e\x7d\xf6\x11\xa2\xa5\xa9\xf6\x83\xae\x3a\xb6\xd2\x03\x56\x4c\x7f\x96\x3d\x33\xa6\x37\x5d\x72\x22\x1c\x90\x4a\xcb\x86\x24\xd7\x17\xf6\x82\xe7\x70\x92\x8e\x5b\xf9\x92\x69\x3a\x19\x18\x8b\x6f\x62\xc4\xcd\x7e\x61\x04\xc8\xe9\xbf\x2f\x2b\xb5\x4b\x4a\xfd\xa2\x45\x56\x52\x45\x5a\x90\xb0\xf1\xa7\xe1\xe7\xa7\xff\xca\x4e\x7f\x1f\x9d\xb9\x64\xd7\xed\x32\x54\xe8\x97\x56\xe2\xed\x8c\x8a\x7b\x79\x27\x0c\xe8\xd1\xa0\x4c\x72\x6b\x61\xf0\xc5\xac\x82\x03\xec\x3f\xe5\x44\x98\x6c\xf5\x01\xfe\x73\x10\x4a\x0b\x67\xb7\x0f\x5a\x6d\x73\x24\x20\x1d\xa7\x35\xf5\x95\x28\x19\xbc\x64\x8b\x11\xc0\x4e\xc4\x09\xe3\xe4\x44\x3b\x12\xe2\xcb\x5b\x8e\x41\x3c\x60\xa8\x2a\xea\x86\x2a\x68\x9d\x6d\xdc\x57\x05\x7d\xa4\xb5\xbc\x53\xeb\x2b\x4b\x81\x8b\xe6\xb1\x59\xae\x97\x2b\x18\xc9\x22\x96\xc5\x8a\x43\x3e\x76\x65\xfb\xc6\x8a\xc6\xd9\x7c\xd3\xd4\x5c\xe9\x5e\xb5\x51\xfe\xe0\x7b\x90\xb9\xbd\xc1\x2f\xff\x98\x8c\x5b\xfa\x32\xae\xad\x37\xee\x97\x81\xe4\xe9\x3e\x58\xb2\xe4\x39\x79\xc8\x1d\xb4\x6c\xba\x83\xd2\xf6\xb3\x75\x9c\x22\xd8\x1c\x17\x70\xb4\xaa\xed\x51\xfb\x1d\xda\xa3\x93\x07\xfc\x44\xc3\x41\xf0\x64\x30\xa2\x51\x93\x86\x08\x36\x79\xe0\x10\x6a\x10\x00\xf0\x53\x15\xfb\x86\xd9\x64\x74\xea\xc8\xc3\x74\x32\x72\x85\xdd\xf8\xf5\x65\xc8\x48\xb2\xb4\xc2\x8f\x27\x80\xbe\xff\x48\xbb\x32\x09\x58\x63\xcf\x89\x62\x91\xbd\xcd\xb3\xf5\x29\xfd\xf1\x8d\x22\x9d\x43\xee\xec\xe5\xec\x6d\xa8\x0c\x6d\x8e\x75\xac\x01\x10\x3f\x1f\x73\xde\xaf\x8e\x67\x88\x36\x9e\xb7\xb1\x66\xea\x5b\xb7\x1b\xab\xd8\xcc\x52\x2c\x9b\x52\x95\x9b\x8d\x29\xc7\xf0\xb5\xf2\x87\xb2\x2c\xfb\x6e\x2f\x69\xd7\x90\x03\x27\x4e\x44\x07\x87\xa8\x49\x83\xc3\xaa\xbe\x2f\xac\x18\xe0\xb7\x61\xef\x72\x83\x06\xf3\xdf\x30\x67\x4b\x40\xfe\x59\xe7\xd3\xff\xda\x7d\x76\xbe\x7b\xf2\x9f\xbb\x4f\x9f\xc4\x86\x44\x6a\x8b\x35\x4d\xce\xc7\x12\x91\x1a\x0d\xe3\xb5\xd0\x74\xe7\x2d\x7a\x9b\xed\x72\x85\xcc\xf0\xd9\x24\x93\x6d\xa9\x8e\xcb\x0f\x2e\x3a\x4d\x10\xe1\x01\xdc\xb6\xe8\x8e\x91\xa6\xfd\x3f\x8f\x1d\xc9\xe5\x6b\x4b\x82\x8d\x00\xe4\xdd\x82\x24\xcb\x0c\xd1\x38\x6e\x4c\x09\xe2\x30\x9d\x6b\x34\x56\x88\x59\x1f\xd1\xd1\x7c\x96\x2c\x96\xdb\x8e\x6d\x6b\x9c\x68\x80\xc3\xa3\x0c\x66\xa0\xca\x98\x42\xec\x32\xe4\xac\x78\xdd\x29\x37\x73\x16\xb8\xfb\x5d\xa6\x33\x6d\x7c\x76\x6e\x55\x9f\xfe\x97\xd7\xc2\x4b\xc0\x0a\x5c\x9e\x9e\xaa\xcf\xce\xfd\xbb\x4f\x67\xd6\x5e\x4a\x57\xdd\xae\xfa\xbf\x97\x44\x61\x2f\xd3\x73\xa8\xf6\xab\x9b\xce\x65\xb3\x47\x10\xa5\x74\x17\x98\xb9\x30\xad\xeb\x07\x57\x86\x4b\x31\xd7\x01\x07\x33\xa9\x3d\xfb\x30\x07\x63\xab\x9d\x7e\x88\x83\xb1\x95\x7a\xfe\xc6\x1f\x2e\xe2\x06\x19\x90\x7d\xd7\x21\xbc\x4f\xd6\x5c\x67\xfb\x0f\x57\x39\x6e\x21\x98\x71\xdd\xed\xe6\x83\xef\xe9\xb2\x1f\xf3\x62\x7d\xa1\xb4\xd6\xf3\x47\x19\xa5\x7a\x36\xc1\xb6\x63\x30\xf4\xe9\xb7\xa7\xdd\xf5\xb2\xcc\xe0\x1e\x36\x39\xe4\x1e\x56\x7d\x40\xcf\x3b\x0e\x74\x40\x52\x1d\xc0\x06\x9c\xf3\xd7\xa4\xf5\xec\x1c\xc0\xf1\x17\x40\x16\x13\xd6\xcb\x41\x59\x8c\xbf\xd0\x61\x3f\xe0\xe7\x55\x73\xcc\x7a\x84\x00\xc5\xd4\x3b\x2c\x70\x5d\xb3\xbe\xfb\x2e\x61\xe5\x2c\x9b\x2f\x27\xed\xe6\x62\x6e\xfa\xa9\x94\xb0\x1e\x23\xe6\x4c\xf1\x3d\xbd\x36\xaf\x40\x84\x7d\xa5\x2c\x6d\xbe\xd9\x22\x9b\x7f\x41\x1f\xff\x3e\x0b\xfc\xc4\x58\xbf\x42\xc7\x1b\xdb\x07\x8d\x5c\x3c\x9b\x2c\x96\xeb\xea\x0b\x5d\xf5\x73\x2c\x4f\x6b\xfc\x32\x02\x18\xb8\xa3\x6d\x55\x57\x6d\x04\x4d\x35\x00\xdd\x31\x43\xaf\x74\x5a\x5e\x57\x2d\xfe\xd8\x07\xf4\x4b\xa8\x42\x22\x42\xf4\x8a\xd8\xff\x61\x4f\xac\x4f\xd9\x13\xeb\x8b\xcf\x9f\xff\xfd\xcb\x1f\xbe\xfb\xfe\xb7\x43\xa1\x2b\xbe\xb3\x96\x19\xde\x9a\x57\x96\xc2\x4a\x68\x78\x67\xd5\xd9\x99\x9a\x1b\x90\x9e\x17\xd1\x89\x83\x5b\xb5\x0e\x1f\x53\x86\xec\xa8\xf9\x12\x04\xba\xe0\xdc\x9c\x65\xbc\x60\xab\xe6\x91\xaf\xd7\x75\x8d\x5d\xc8\xf7\x75\x65\x99\x19\xcf\x2a\x0e\x16\x0b\xf6\xc8\x01\x46\x39\x58\x53\xc7\x7a\x85\xb0\xb7\xeb\x2b\xb3\x78\x8c\x65\x7e\xc3\x08\xdf\xe1\x3d\xde\x01\x1e\x37\x24\x4b\x43\x0e\x4a\x9d\xbb\x7b\x53\x64\x2b\x6b\xdd\x97\xac\xb2\x9d\xba\x87\x8a\xa3\x93\x3a\x88\xc9\xeb\x74\x3d\xba\x49\x6e\x13\xd7\x1a\xf8\x77\x61\xc4\x8d\x07\xa2\xbf\xd9\x9c\xff\x9f\x50\xc2\x46\xf5\x7e\xac\x40\x4d\xeb\xa8\x93\xda\x3e\xf4\x52\xcd\x37\x97\xd8\x0a\x57\x09\xa4\xa4\xb2\x7d\xb7\x9d\xb3\xf1\x4e\x1a\x6a\x16\x61\x0b\xc5\x6c\xf5\x12\x28\xdb\x34\x38\x12\x1d\xd4\xf7\x9e\x59\x6f\x34\x13\xce\xe4\x3d\x13\x6c\x1f\x04\xf6\xcb\x04\x82\x03\xb1\x0f\x79\xbd\xc6\x36\xf8\x7f\xd5\x61\x04\x88\xac\xbc\xbc\xdd\x6c\xbf\xe4\x31\xed\x30\x72\x53\xe9\xeb\x4f\x03\x3f\x84\xb2\x4d\x97\xc8\x61\x4e\x65\xaf\x5a\xd0\xd9\x59\x54\x5f\xb3\x7b\xb2\x91\xec\x83\xf5\xbe\x78\x78\xc1\x57\x83\xd2\x9b\xdb\x0f\xb8\x34\x94\x2d\xa4\xc6\xf0\xc1\xce\x00\xf1\xc7\x9c\x0c\x92\x8f\xad\xb4\xb6\xe5\x43\x6d\x72\x2e\x88\x8c\x4d\x86\xb5\x45\x55\x6c\x0e\xc9\x83\x4a\x62\x7f\x13\x13\x07\xdd\xae\x32\x76\x81\x29\xff\x7f\xf2\xae\xad\xb9\x6d\xe3\xbb\xbf\xff\x67\xf2\x1d\x48\x26\x95\x81\x10\xd4\xc5\x99\xf6\x01\x34\xc4\x49\x1a\x3f\x78\xa6\x4d\x32\x89\xd3\x4e\x47\x55\x1b\x00\x04\x48\xc8\x94\xc8\x48\x72\x1c\x8f\xa8\x7c\xf6\xee\xb9\xed\x1d\x24\x25\x67\xfc\xd2\x17\x89\x00\x16\x8b\xbd\x9e\x73\xf6\x5c\x7e\x87\x37\xfb\xd9\xce\x0d\xea\x08\x4f\x6d\xcb\x5d\xec\x6e\xfa\x1b\x14\x44\xb5\xd1\x7b\x3d\xfb\x9a\x9f\xf6\xee\x31\x7f\x1b\xeb\xc2\xf1\x7d\xdc\x17\x42\xd7\xa7\xf2\xe4\x70\xba\xa7\xd8\x1a\x34\x9d\xf9\x77\xf8\xe2\x4e\x95\x6d\xcf\xca\x71\x6b\x48\xfc\x15\x62\xef\x8d\xc2\x71\x1a\xd8\x3b\x15\x26\xfa\xc0\xbe\x1d\x32\xe0\xd2\xe3\xc0\x80\x7c\x87\x28\x8f\xb8\xc1\xc4\x27\xd5\x1a\x2e\xed\x65\x6c\x08\x49\x0f\x0b\x17\xd1\x5f\x18\xb7\xdb\x35\x5c\x64\x81\xde\x5e\xaf\x59\x47\x7a\x10\x56\x1c\xcc\x8e\x91\x6e\x43\x92\x1c\xeb\x2a\x9c\xbf\x4a\x39\xc7\x58\x8c\x59\xda\x98\xbb\x4c\xd2\xfb\x1c\x8c\x74\xef\xf7\xbc\xfe\xd1\xb6\xe9\xeb\xdf\xcc\xf5\x0a\xa1\xc2\x91\xb6\x53\x13\x31\x68\xf9\xd7\xcd\x1c\x32\x9b\x70\x3b\xad\xf7\xa1\x55\x7e\x05\x11\x4a\x83\x2b\x2c\x6e\xca\xf6\x64\x06\x1a\x92\x7e\x5e\x54\x32\x93\x77\xb6\xb7\xc3\xe7\x4b\x8a\xd4\xfb\x16\x59\x04\x06\x57\x27\xfa\xa6\x2d\x31\x94\x91\x55\x63\x34\x6d\xd2\x95\x60\x64\xe1\xb3\xc2\x3f\x43\x33\xa8\x34\x59\xb6\xba\x5c\x1b\xfd\x67\x44\x94\x76\x3f\x51\x05\x95\xfb\x02\xd9\x1e\x2a\x42\xff\xf3\xd1\x48\x9b\xf2\xe2\x0b\x5b\x3e\x64\x0c\xe6\x31\x92\xd5\x18\x83\xa0\x6e\xd9\x13\x14\x52\x34\x35\xf2\xe6\x00\xf0\x33\x0d\xc3\x37\x42\xdb\x53\x44\xb0\xd8\xde\x72\x64\xdf\x50\xc6\x41\x53\x58\xb2\xe3\xbc\x41\xf1\xf7\x9a\xbc\x10\xf8\xee\xfb\x5b\x10\x5a\x88\xdb\x2b\x7e\x65\x70\x98\xa2\xc3\x38\xf3\x49\xd9\x31\x45\x3d\x59\x84\x16\x11\x98\x45\x2e\x6c\xfd\x35\xe2\x0b\x2e\xde\x0a\xf2\x84\x97\xa1\xa0\x46\x4e\xdb\x99\x57\x32\xce\x38\xaa\x5e\xee\xb0\xeb\x94\x92\xe6\x80\xd3\x2c\x29\x19\x86\x91\xe5\xf4\x95\x59\x47\xd1\x35\x6f\xdb\xa5\xc8\x09\xc2\x11\x89\xdc\x1d\x95\x90\x4f\x07\x78\xd4\x7c\x02\x07\xdd\x33\x12\x8b\x67\x8e\xc4\x42\x46\x82\x9b\xe8\x92\x39\x8b\x50\x06\x74\xc1\x95\x57\xdd\x17\xed\x67\x7b\xbc\x7d\x10\x98\x05\x49\x18\x99\xca\xcf\xfb\xb4\xca\x8c\x16\x47\xa5\x3c\x0a\x0b\x50\x44\x02\x11\x85\x50\x60\x34\xa9\xb0\x0b\xdf\xdc\xfd\xf8\x47\x73\xdb\xae\xd6\x1f\xd0\x93\x80\x03\x07\xdc\x73\xbb\xa2\x2b\x19\xbf\xfd\x33\x62\x53\xf5\xbd\x3d\xec\x7b\x3d\xa4\xa9\x2e\xb9\xee\x77\x2e\x09\x9a\xee\xb7\x25\xac\xdc\x3d\x3c\x86\xe3\x4b\x9c\xec\x18\x91\xb2\xb0\x81\xe4\x47\x22\x8e\x12\xbd\x03\xdc\x83\x89\x37\x2d\x8b\xea\x18\xdd\xe2\x27\x08\x2d\x55\x56\x77\x09\x01\xcb\xa5\x8f\xf1\x81\x2a\x1c\x75\x0d\x4f\x1c\xa5\x98\x29\xa3\x7a\x13\xbc\x77\xdd\x94\x77\xef\x6f\x1b\x8b\x9f\x85\xc1\xf1\xfd\x9d\x46\x9c\xc9\x37\x37\xf7\x16\x01\xc6\xb1\x1d\xf1\x60\x4e\xc8\xb1\x1f\x51\x29\xcf\x4e\xf9\x58\xef\x2b\x76\xdc\x76\x33\xf2\xa6\x35\x19\x98\x24\xae\x6f\x71\xec\xfe\x70\x56\x8e\x23\x3d\x8f\x2d\x9b\x68\x27\xf7\x54\x1e\xeb\x8d\x57\xb7\x3f\xbc\xe1\x10\xee\x64\x80\x8a\x76\xd5\x40\x96\xc0\x32\xc0\x2a\x82\x89\xee\xcb\x84\x2b\x1f\x39\x3a\x0b\x49\xbe\xa4\x81\x99\x2c\x4e\x30\x29\xed\x65\xe1\x06\x32\x21\x28\xd9\xe9\xa5\xd0\x5a\x84\x3e\x2f\x15\x11\x75\xbc\xc1\xb1\x05\x53\xf3\x53\xfc\xc0\xf1\x22\xe6\x04\x4e\x0f\xf6\x2b\xb9\xa9\xb6\xbd\x71\xd7\x54\x5d\xaf\x81\x5e\xeb\x50\x62\x41\xd7\x62\x12\x9e\xfb\xf0\x2a\xa5\x36\xab\x7a\x26\x7b\xf4\xd3\xdb\xe9\x37\xee\xda\xed\x59\xd4\x33\x06\x7b\xa3\xfc\x25\xcd\x61\x3e\x3c\xf9\x92\x2d\x43\x60\x2d\x6e\x2c\x57\x72\x89\x17\x06\x65\x07\x58\x71\xca\x11\x5a\xd7\x83\x73\x74\xcb\x41\x5b\xae\x06\xcd\x55\xd9\xc7\x75\x62\xfc\xa6\x2f\x99\xba\x7a\x05\x4c\x3f\xc3\xa6\x98\x11\xfa\xcd\x07\x07\x21\xd0\xf0\x18\x0f\x76\x4e\x4d\xf6\xf9\x82\xaf\xef\xd7\xeb\xd5\x7d\xb7\xd9\x81\x62\x92\x34\xdb\xed\xf0\x64\xae\x46\xf9\x76\xfd\xd1\xf5\x8e\xc6\x04\x7a\x4e\x68\xb5\x54\x17\x89\xac\xee\x75\x88\x8e\xe8\xd2\xd1\x87\x86\xac\xc8\x10\x58\x1f\xb8\x16\x5b\x77\x9a\x1b\xb4\x78\x59\x77\x38\x65\xa7\x75\x07\x43\x6b\x09\x94\xc4\x8a\x73\x16\xd5\xbb\x1d\x1f\xed\x17\xea\x6e\x00\x6d\x4d\xf7\x0a\x71\x6e\x0f\xd6\x35\xfb\x8a\x64\x02\x8a\x86\x20\x1f\x48\xed\x0f\xdb\x00\xbe\x9f\x13\xc6\x25\xa5\xff\x5a\xdf\x42\xb6\xbf\xfb\xe6\x7a\x03\x62\x50\xfe\x02\x70\xb6\x07\x48\xb3\x0a\xdd\x8a\x81\x22\x58\x8d\xb9\x3c\x8f\x94\x99\x94\xb7\xb7\xeb\x0f\xea\xd1\x09\xe0\x74\xc7\x0a\x10\x04\xa5\x14\xc0\xbf\x2f\x32\x5e\x9c\x1c\x8b\x3c\x60\x98\x80\xfb\xee\x7e\xd5\x00\x4b\x9f\x37\xab\xf2\x63\x7e\x4a\xd9\xfa\x87\x67\x19\x3b\x67\x34\xd8\xe6\x3f\xba\xe6\x03\xe6\x9d\x7f\xd0\x3d\xa1\xd4\x6f\x22\x09\xe4\xa7\x5e\x48\x30\x8c\x6d\xe1\xc3\x4b\xca\xa1\x46\xa6\x55\x94\xcd\x94\x25\x3b\x30\x9a\xd4\x9e\x97\x3c\x5e\x28\x7a\xf3\x23\x5d\x27\x12\x73\xf8\x95\x34\xcf\x3d\x23\xc8\x5d\xb0\xe5\x97\x36\xa4\x73\xb4\x54\x3a\x8b\xde\xb6\x92\xe7\x39\xcd\xe3\x03\x46\x50\x5c\xc6\x87\x55\x09\xc1\x57\xdc\xb5\xf8\x80\xd4\x1a\x46\x18\x27\x05\x7e\xe0\xbc\xa8\x1f\x8f\x99\x2f\x85\x76\x8a\x63\x40\xe6\x7b\x00\x93\xd4\x8c\xd0\xb0\x11\x3f\x70\x57\x5a\x12\xc2\x03\xfe\x26\x8f\x7e\x1b\x50\xe1\xc1\xb5\x12\x03\x07\x95\xa2\x3e\x80\xe4\x06\xb9\x55\x07\x1f\x96\xcd\xcd\x00\x26\x11\x13\x82\xa9\x19\x56\xa7\x48\x3d\x57\xe3\xd1\x60\x7d\x83\xa8\x8a\x2c\xc9\x49\x7b\x06\x44\x64\x86\x9c\x1e\xc8\x0a\x8d\xd4\x9e\xfc\xec\x08\x6a\x80\x0f\xd1\x1a\xc8\xe1\xc2\xed\x64\x32\x95\x28\xa2\xe6\xa2\xbd\x04\xb9\x50\xbb\x18\x2d\xd2\xbe\xe3\xaa\xd5\xb4\x2c\x3a\x06\xae\x7a\x85\x58\x0e\x1f\x09\x75\xe6\xbb\xd1\x75\x79\xf3\x5e\x11\xf9\xa1\xfa\xd0\x03\xdb\xde\x05\xc7\x60\x31\xb3\x60\x07\xd4\x29\x9f\xd5\x6c\x60\x7e\x0f\xca\x20\xc8\x80\x94\x81\x54\xc3\x81\x37\x73\xb2\x1c\x8f\x9e\xda\x66\xfc\xb2\x6b\xdd\xb0\x2a\xec\x9e\x5e\x21\x36\x53\x14\x75\x8f\xd1\x17\x68\x47\xfc\x6f\x2c\x48\xc5\x2e\x9f\x3d\x68\xd2\xc2\x43\x68\xe8\x1d\x9c\x0d\x68\xa7\xb4\xdd\x9f\x6f\x81\xd6\xf8\x42\xb3\xda\xcf\xcc\x81\xef\x22\x02\x8f\xa1\xb0\xc1\x5b\x4c\x05\xa2\xf1\xd0\x61\x5b\xad\xcf\x04\xa6\x27\x16\x2b\x00\x17\xf5\x18\xc9\xe0\xd1\x51\x08\x15\x22\x4f\x12\xfe\x55\x3c\xa0\x89\x90\xaf\x32\x60\x9d\x72\x01\x4c\x3f\xd2\x49\x42\x3a\x0c\x9a\x2d\xa7\x1e\x30\x7a\x17\x61\x5b\x1d\xc9\x53\xe6\x02\xbc\xe7\x50\x0e\x70\xee\xda\xc8\xc4\x8a\xda\xd6\x17\xe5\xe5\x10\x10\xd9\x13\x48\xa7\x56\xcc\xd3\xb0\x5d\xb8\xaa\x22\x58\x5e\xd5\xc0\x22\x36\xf8\x0d\x8b\xd0\xcc\xaa\x1c\x0c\x5e\x8e\xa6\x26\x35\x52\x82\xb5\x0e\x75\xe3\xc9\x53\x12\x48\x90\x5f\x99\x5f\x91\x35\x5b\xce\x78\x41\xe0\xe0\x81\x5f\x05\x44\xae\xcc\xe9\x01\x9b\x53\x30\x80\x84\x49\xef\x85\xde\xc3\x80\x57\x8c\x19\x8e\x58\x6a\x13\xb0\x8e\x4b\x0c\xa3\xaf\x95\xc4\xb1\x49\x52\xcf\xd7\x57\x1d\xb3\xf0\xcd\xda\x92\x3e\x48\xdd\x65\xdf\x29\xb0\x6c\x9e\x38\x59\xbd\x6b\x9d\x75\x3c\x0b\xca\xaa\x3b\xb2\x07\x79\xb5\x79\x37\xd0\x32\x27\x1f\x12\x51\x28\x1e\x4f\x1b\x36\x10\x6a\x23\xcb\xde\xa3\xff\x21\xbc\x9f\xa6\xb9\x14\xf0\xf6\x68\x77\xf7\x86\x46\xed\xed\xed\x7b\x47\xcf\xe2\x24\xee\xb3\x39\x5b\xaa\xb5\xa0\x3c\xdc\xa5\x80\xa8\x0e\x4f\x0d\x78\xaa\xf3\x11\x24\x48\xff\x9f\xd7\x22\xf0\x8a\x1d\x8b\xf1\x8c\x7c\x5d\xad\x99\x48\x52\xc1\x2d\x38\x70\x89\xc1\x17\xf6\xaf\x31\x20\x65\x07\xae\x31\x6a\xb2\xbf\xc8\xc4\xc2\x12\xab\x18\x17\x19\xab\x65\x77\xf9\x43\x04\x41\x33\x72\x8a\x73\xa6\x54\x56\x99\x49\x8e\x97\x08\x66\x10\xcb\x98\x7d\xee\x26\x55\xaa\xcf\xea\xda\x0d\x39\x50\xfb\x39\x89\x2c\x02\x18\x73\xbf\x38\xc3\xeb\xc5\x4f\x94\xc3\xb9\x68\x8e\x8d\x50\xa4\x24\x1f\x3e\xd3\x6c\x12\x8d\xfd\xa0\x96\xd2\xaf\x6f\xbe\x4f\xac\x4e\x92\x56\xa6\xb9\xd7\x3d\x84\x48\x76\x3c\x83\x77\xa8\x57\xf5\x63\x77\x8c\x73\xa7\x3a\xd7\xd5\xb7\x5d\xd5\xcc\xab\x8f\xa6\xa0\xcc\x89\x3e\xb0\x80\xe3\x93\xd1\x73\xb3\x1b\x01\x0b\x40\x21\x8e\xb9\x53\x87\x3e\xe7\xcc\xe2\xb7\x2d\xe9\x19\x31\x27\x82\x21\xcb\xe3\xef\x29\xb9\xea\xe4\xbf\xef\x66\x90\xde\x65\xa6\xfe\x9f\x74\x19\x78\x2e\xe2\xc1\x74\x99\x4e\xaf\xd4\xe6\x59\x16\x4b\xad\x6e\xe8\x40\xbf\xa0\x48\x32\x65\x95\x69\x0d\xda\x2c\xaa\x2e\xed\xf4\x1b\xd9\xbc\x53\x82\xa7\x3a\xe7\x8c\xaa\xd5\x5a\x09\x95\x8f\xa9\x8d\x90\x10\xdf\xc1\x74\xae\x76\xda\xa9\xcf\x46\x90\x87\xd2\xb1\xab\x04\x25\x08\x51\xcc\xf8\x02\xbb\x87\x88\xbe\x58\x3b\x7a\x83\xbc\xa1\x9c\x05\x0f\xd3\xf2\xce\xc4\xd9\x9a\x6c\x37\xab\x22\xc0\x82\xb8\xb6\x6f\xb1\x56\x5a\xad\xd0\x2b\xda\x5a\xe0\x23\xb9\x0e\x6b\x72\x0f\x54\xe9\x54\xad\x81\x6a\x7d\x7f\xbf\xbe\x56\x2b\x60\x79\x74\xf4\xee\x98\xae\xc6\xd7\xe7\x6b\xfe\x39\xc3\x71\xa7\x83\x2e\x97\x81\xb4\x1f\xd7\xaf\xd6\xf0\x7f\x26\xaf\x0b\x70\x09\x17\xc1\x8b\xf1\x4a\xd5\x82\x01\xb3\x1a\xdd\x04\xff\x71\x19\xcc\x09\xb2\x52\xf5\xc0\x8f\x19\xbf\x9f\x2f\x33\x17\xa5\xe2\xc6\x99\x43\x54\x36\x6c\x74\xbf\xfe\xb5\x5c\xd5\x68\x74\x98\x73\x46\x9b\x65\xf6\x2e\x5b\x65\xd7\x12\x2c\x04\xa8\xd0\x3f\xc9\xaa\x4b\x36\xd9\x92\x86\xf8\xf7\x50\xf7\xd8\x58\x44\x6e\xda\xec\x8a\x8f\x1c\x8d\x1b\x9a\xad\xac\x09\x94\x13\x4c\x31\x4b\x8a\x6a\x55\x0c\x2f\x69\xf6\x58\x5d\x14\x71\x08\x2d\x2e\x6d\x8f\x91\xe5\xf7\xa7\x39\x23\xfc\x1e\x20\x79\xb9\x03\xe2\xf9\x3f\x1a\x7b\x28\x93\xac\xa6\x98\xfb\x8b\xae\xb5\x6f\x71\x6c\xe1\xc2\xe8\xbe\xe7\xa4\x1c\xa6\xbc\x14\x13\xda\xb0\x67\xa7\x10\xbb\xd3\x53\x84\x13\x43\x81\x42\xbc\xbb\xfb\xa1\xfc\x21\x59\x80\x5e\x6a\x81\x9e\xc7\x78\x0d\x0e\xe3\x8a\x1a\x9c\x52\x94\xd5\x66\x5c\x2c\xb2\x8a\x93\xd5\x2c\xb3\x32\x4c\x69\x04\xcd\xcb\xcc\xf1\x00\x13\x2e\x39\x79\x94\xe6\x86\x6c\xa0\x35\xe1\x16\x2c\x0e\x60\xa4\x5c\x6f\x38\x69\x8d\x73\x9b\xcc\x0c\x30\x8e\x15\xa0\xb7\xda\x18\xb1\xc6\xfc\xd6\x85\x03\x75\x15\x0e\xd4\x94\xf7\x50\x7d\x74\x74\x35\x04\x24\xeb\xa4\x32\x89\xa5\xc6\xed\xe4\xca\xdf\xff\xff\xc1\xdb\x94\xec\x38\xcd\x5c\xc9\x29\x8a\x80\xd5\x59\x05\xa9\xbc\xd2\x29\xed\xa0\x99\x0c\x07\x5d\xe6\x3c\x4c\xb8\x4b\x19\x1f\xe7\x44\xfd\xdc\xd2\x3e\xd5\xf1\x4a\x8a\x7c\xac\x66\x2f\xbf\xe6\x5d\xd8\x8c\xbb\x1c\x2e\x60\x67\xb7\xe3\xab\xec\x46\x3d\x1c\x59\xdd\x81\x04\x27\x56\x4f\x46\xd3\xb9\xe4\x18\xaa\xb4\x57\x11\x12\xeb\x6f\x41\x77\x95\x5c\x67\xd0\xf9\x8b\x9b\xcb\x6c\x15\x18\x18\x4c\xb1\x20\x97\x1f\xed\x59\xac\x81\x88\x7b\xad\xe9\x06\xaa\xd9\xfe\xf9\xf4\xeb\xe4\x6c\x52\x9e\x54\xe9\x78\xf4\x4f\x23\x5d\x84\xe8\x13\x16\x04\x4e\x11\x18\x6d\x98\xb1\xf6\xd8\x01\x69\xa9\x57\x7a\xd0\xf9\x14\x0b\x9a\x7d\xf2\x85\x75\xb5\x6e\x8c\x27\x24\x8c\x00\xd4\x69\x33\x42\x3a\xa6\x84\xba\xa3\x4b\x18\x92\xd2\xb5\xd3\xc2\xb6\x46\x11\x7a\xbd\x19\xd0\x3c\x0c\xa0\xb9\x03\x36\x09\xed\xf1\x22\xb3\xa2\x91\x48\xee\x1f\x3a\xd4\x0a\x51\x53\x98\x25\x66\x8d\xef\xac\xf5\x6d\x5c\x5c\x88\x46\x42\x19\xca\xc6\xc6\x58\x47\x96\x11\x94\x25\x35\x16\xe4\xcd\xed\xf9\xb0\xc5\x84\xf1\x38\xff\x5b\x00\xc2\x7a\x4c\x8e\xd2\xf2\x6e\x7b\x30\x80\x7a\x7b\x38\xf5\x9c\x3f\xd1\x09\x50\x14\x09\x31\x0d\xb4\x37\x67\xa2\xfd\xd8\x63\x6b\x9e\x26\x12\x44\x8a\x7a\x59\x94\x6a\x82\xe4\x95\xb6\x01\x46\x2c\x6a\x13\x2e\x9f\x72\xc2\xf5\x9e\xe7\x59\x58\xbd\x0e\x07\xe2\x12\xc1\x06\x31\xb2\x75\x1f\x88\x9a\xd9\x14\x81\xd6\x43\xe4\x0a\xd7\xeb\x11\x12\x8a\xba\xfd\xe6\xa3\x1e\x65\x4c\x1b\x7d\xf7\xe3\xf7\xff\x45\x31\x85\x14\xe8\x83\xd8\x30\x7d\xc6\x5f\x42\xf6\x6e\x48\x8e\xc0\xcc\x70\xb6\xf2\xa7\xc9\x1e\xf0\x41\xde\xb0\x85\x98\x32\xbd\x65\x04\xcf\xa1\xee\xd2\x76\x9b\x60\x96\xb8\xc7\x54\xdc\x51\xe7\x33\x37\x6d\x9b\xa2\x9a\x3a\xb5\xda\xa2\xe0\x9c\x5e\xf9\x7c\xd6\x6b\xaa\xd6\xbe\xb3\xdb\xad\x67\xb3\xd5\x59\xbf\x2a\xcb\xc1\x56\x8d\xdc\x12\x3e\x4a\x6d\x35\xbe\x5e\x78\xad\xbe\xc9\xcd\x35\x0f\xe8\x86\x7a\x2f\xc7\x1c\xae\xda\x3e\x68\xf7\x1c\x72\x3a\xfa\x50\x8b\x11\x99\xc8\x23\xb3\x26\x94\xc3\x48\x7e\xe5\xcc\xa4\x75\x1b\x57\xfc\x71\x3b\x83\x9b\xba\x89\x4d\x3d\x79\x39\xa9\x4f\x5e\x3e\x8a\x34\x68\xbf\x37\x99\xef\x7c\x81\x05\xbf\xe8\x97\x54\xa1\xf9\xc9\x4b\x27\x63\x5c\xfd\x98\x1f\x54\x50\xbe\xf3\x18\x0c\x43\x94\x79\x46\xc6\x82\x68\x9c\x97\xc5\x4f\xbb\xe5\x18\x51\x99\xa7\xa0\xe1\x15\xd4\x63\x8a\x88\x5b\x0d\xd8\x8a\x02\xa6\xff\xc5\x7e\x99\x1c\x22\xe8\x70\x31\x6f\xa1\x39\xcc\xb1\xcb\x54\xb4\xd6\x34\xda\xed\x44\xb2\xb7\xa9\xc3\x94\x48\x10\x72\x6b\x3c\x9f\x2e\x5f\x2d\x50\x3e\xc7\x85\x5f\x2c\x28\x77\x65\xde\x9d\x2f\x28\x7f\x25\x0f\x28\xec\x27\x53\x40\xdf\x9e\x74\xe4\x94\xc3\x41\x65\x3c\x27\x6d\xf6\x8e\x7f\x8e\xdb\x71\x3d\xbd\x7a\xb5\x20\x01\x84\xb6\x5c\x41\x57\x93\xab\xfc\x9d\xfa\xc8\xad\xae\xdd\x7a\xa6\xea\xc7\xc9\x9a\xbc\x93\x88\xc2\x41\x13\xcc\x5b\x9c\x8e\xfa\x68\xf8\xa2\x4b\xe5\xa1\xd6\x1b\xc4\x0d\xe5\xf6\xc9\xe7\x76\x9b\x44\x8e\xbc\xa0\x06\x51\x8f\x67\xfc\x9f\x0e\xb5\x98\xea\x3c\xe7\x5b\xe1\x26\x53\x67\x78\x27\x4e\x64\xbe\x1e\x94\xe3\xe2\xaf\xbf\x92\xb3\xe6\x5f\xbe\x26\x01\x12\x72\x93\x5f\x83\x15\x9b\x72\x11\x6a\x32\xa1\xde\x66\x2a\xf2\xdd\xc7\x37\xe0\x58\x60\xe0\x85\xbc\x70\x94\x6e\x13\xc5\x26\x01\x0e\xac\xf1\x3b\xa1\x90\x87\xce\x20\x16\x48\x25\x56\x0f\x0b\x73\xca\xe0\x40\xc1\xc0\x5e\x64\x9b\x7d\x7e\x93\x77\x5d\xd3\x11\x28\xd1\x3a\xf5\x5f\x0d\x56\xf3\x67\x59\xdf\xaf\x3e\x0e\xce\x40\x98\x51\xe2\xfb\x1f\xcd\x6a\xc0\x73\x32\x1c\x79\x7c\x5f\x7d\xd5\x3b\x7e\xb8\x62\x9f\x87\xb2\x4b\x4f\xad\xdf\xcc\x45\x48\x43\xeb\x49\x63\x64\x24\x0d\xdc\xab\x41\x29\x14\xb8\xad\x18\x7b\xa4\x5b\x9c\x23\x2e\xfb\xcb\x9f\xc5\xe2\x83\x5e\xf3\xd3\xde\xb7\xec\xab\xdd\x01\x46\x0e\xca\xef\x94\xd2\x72\x1f\xaa\xef\xcc\x3e\xbb\xa2\x53\x89\x85\x33\xa3\xd5\x3c\xae\xc9\xcd\xd3\xbb\x11\x51\x62\xd6\x64\x87\x50\x87\x0e\xb5\x9f\xe8\x54\x5c\xa7\xb4\xb7\x42\xd5\xfb\xcc\x14\xc9\xcd\x8b\xde\xbc\x91\x3f\x43\x8f\xef\xb3\xa3\x2b\xe5\x05\xc4\xea\x52\x12\xe7\x40\x3b\xe9\x7a\x3f\x3b\x0e\xe1\xaa\xdb\x25\x0d\x31\x0b\xa1\xdf\x9b\xf1\xe0\x07\xe0\xe7\x8c\x9b\x90\xfe\x1b\xf1\x9b\xae\x49\x4c\x2c\x65\x45\xcb\x95\x36\x63\xa3\x7f\xb2\x9b\xca\x81\x97\xf5\xd4\xbe\x10\x8f\x22\xbe\x8c\xf9\x14\xc9\xa3\xfd\x5e\x45\x52\x27\xfb\x15\x7d\x36\x1f\x95\xcd\x7a\x83\x1a\xee\xbf\xc9\x47\x45\xaa\xfb\xdb\x7c\x54\xc8\x49\x44\x57\x4b\x4e\x22\x04\x7b\x65\x46\x2d\xb4\xb1\xff\x44\x2f\x98\x9c\x7b\x32\x13\x57\x77\x80\x1c\xb2\x2b\x15\x8f\x2d\xc4\xf5\xcd\xaf\x89\x8e\x7d\xb0\x7c\x4d\xc4\xd7\x4e\xcc\xb1\x82\x35\xc0\x89\x48\xc1\x35\x30\xea\x7c\x22\xbd\xdb\xe5\x7c\xe2\x3a\x9d\x2c\xbf\xf1\xde\x65\x0e\xaa\x9e\x2f\xbf\x39\x8f\xd4\xad\x63\x45\x5d\xaf\x94\xc7\xd4\xde\xb8\x87\x75\x5d\x17\x4f\x5d\xa7\x53\x67\xf5\x7f\xba\x89\xf9\xb9\x8a\x01\xcb\x8a\xab\x35\xf6\x46\x59\xe0\x0e\xd7\xa1\xca\x02\xef\x65\x13\x77\x6b\x60\x8c\x8d\xd6\x1b\x81\x8d\x62\x15\xfb\x1b\xa0\xd6\xdf\x22\x25\xb6\xf9\x68\x1d\xd7\x50\x44\xd5\x13\x03\x3e\x7c\xc7\x3b\x88\x9f\x06\x03\x48\x7f\x01\x6d\x2d\x7a\xde\x99\xd3\x60\x6a\xeb\xe1\x0e\x8f\x3c\x3b\x27\x52\xcb\x8c\x55\x5c\x66\xb4\x25\x46\x3d\xf4\x71\x51\xb1\x3a\xe6\x02\x33\xfd\x8b\xb3\xb9\xa3\xb8\xa8\x6f\xfa\xee\xe8\x9f\x2e\xf7\x88\xbc\x63\x33\x0d\x1e\xea\xa9\x7d\x21\x4c\x83\x2f\x63\x4c\x43\x1e\xed\x67\x1a\x52\xe7\xf3\x98\x46\x6d\x52\x9c\xed\x8a\xa2\xa7\x23\xcb\x6b\xed\x16\x06\x8e\x61\x18\x66\xeb\x14\x9e\xd1\xc9\x38\xf7\x9d\xc6\x6c\x92\x52\x85\x29\xd2\xc4\x53\xa5\xf0\x44\x64\x0e\x86\x1b\x8d\x52\x25\xf5\x02\x42\xcc\x60\xd5\x0d\xce\x01\x71\x83\xca\xe1\xc9\xf9\xae\xb8\x60\x9b\x16\x95\x37\xd7\x84\x2f\x4d\x02\x53\x10\x8d\x4f\x3a\x52\x8d\x51\xe7\xf4\x0f\xbd\x9a\xe8\x0e\xe8\xcc\xe8\xd7\xdd\xe6\xa3\x9f\xdf\xe4\x76\x5d\x37\x77\x77\x8e\x43\xd0\x6d\xd3\x2a\x46\xb3\x14\xad\x14\x17\x09\xa0\xa2\x9e\xc9\xa7\x4d\x4b\xa2\x9c\xba\x3e\x3a\xaa\xbd\x4c\x3c\x56\xdb\x89\x19\x57\x3b\x98\x71\x0d\xcc\xb8\x26\x04\xdd\x2a\xe0\x8e\x95\xe5\x68\x49\x43\x9f\x9f\x9d\xc2\x7c\x3a\xbb\xfc\x17\x7b\x74\xfb\x36\x93\x33\xda\x7e\x6c\xc7\x76\xab\x73\x53\x9b\x75\xe9\x17\xca\xf6\x28\x7d\xa8\x54\xea\x36\x8f\x27\x27\x34\x70\xe3\x90\xd4\x85\x24\xb5\xce\xe6\xc5\xe9\xf4\xa0\x25\xe6\xac\x25\x21\x81\xf6\x10\xa0\xb8\xa9\x53\x78\xc7\x7b\x4f\x70\xcf\x26\xb3\xbd\x4e\xdd\xe7\x2e\x4a\x4b\x51\xe5\x44\xfd\x23\xed\x71\xf6\x51\x1a\x4b\xc2\x5f\xd9\x28\x63\xbc\x40\x8c\xeb\x78\xe5\x3b\x99\x9f\xfc\xcf\x97\xc7\x96\xeb\x37\x40\x99\x09\x2d\xc6\xf4\x9e\x02\xd1\xd4\x06\x2e\xd8\x17\x17\x2d\x2e\x22\x54\x56\xcc\xb3\xe6\xf2\x72\xbb\x25\x61\xfa\xf8\x4e\x09\xd6\x89\x2b\xdf\x09\x25\x53\xe3\x30\x81\xe3\xfc\x63\x88\x91\x26\x6a\x3f\xb5\x9d\xde\xdf\x91\xbb\x15\x8c\x5a\x26\xf1\xfe\xf6\xfd\xb3\x4b\x8c\x5c\xac\x9c\xd4\x13\xb8\x07\xfb\xb5\x15\xbd\xc3\xec\x82\x21\x52\x23\x2c\xc9\xc2\x9b\xe7\x79\x11\x29\x3e\xae\x27\xb1\x8f\x88\xe6\x50\x62\x1a\xb9\x83\xda\x19\x81\xfa\x25\x7a\x28\x9b\x90\x69\x77\x0b\x7b\xe9\x0d\xc1\x5c\xe5\xd1\x9f\xea\xbc\x10\x77\x87\xc1\x62\x58\x24\x65\xd1\x5e\xb4\x1a\x41\xe8\x52\x5c\x34\xb0\x6e\xc8\x7f\x59\xa2\x4e\x6b\xa1\x84\xfd\x57\x00\x05\xe7\x24\xaf\xe8\xa1\xa4\x78\x88\x4b\xc8\xcd\xb4\x34\x0e\xa4\x25\x38\x90\xaa\x4f\xb6\x17\x25\xe4\xc7\x3e\x2f\x1a\xfc\x91\xe8\xbc\xf0\xea\x7a\x7c\xa6\x56\x05\x7c\x09\x7e\x05\x6d\x81\x37\xbd\x59\x94\x67\xce\xb9\x3c\x6c\x5c\xe5\xb6\xcc\x42\x67\x95\xcd\x31\x7e\xe1\x02\x6f\xbf\x18\x57\x08\xd3\xcd\xd0\x97\x56\x31\x02\xf3\xe6\xe7\x90\xc5\x17\x99\x1e\x01\x3a\xa8\x35\xbf\xea\x46\xb1\x6c\x0c\xd3\xb9\x60\x3e\xf8\x20\x3f\x06\xd7\xcc\x4d\x99\xb7\xea\x2c\x18\xba\x58\x1a\xc6\xec\x8b\x7f\x58\x71\x0d\x32\x12\x2e\x6b\xf2\x86\x0b\x07\xc0\x0d\x5e\xf7\x48\x04\xf7\xe3\xd7\x9b\xfb\x6e\x15\xe3\xbb\xd9\xbe\xbc\x1e\x8e\x94\xa3\x1b\x32\x75\x2f\x45\x9c\xd1\x37\x1c\x59\xa7\xf2\x1f\xee\x97\x76\x4c\xcd\x26\xf8\xc6\x87\xfa\x77\x46\xc6\x86\x6b\x8a\x24\x00\x80\x9a\x04\x00\xb9\x0f\xfd\x5f\x93\x4e\x01\xb2\xac\xb2\xea\xd3\xd0\xff\x9f\x1b\x4b\x52\x56\x94\xb4\xda\xbb\xe7\x1c\xb4\x0f\xc1\xc6\xaf\xc3\x6d\x64\xe3\x24\x3d\x35\x02\x63\x9f\x03\x99\xfd\x81\x0c\xd0\x3a\xf5\xda\x7f\xbf\x62\x5c\x35\x7b\xa7\xa4\x00\x51\x12\x30\x29\xcc\x8c\x85\xd9\x32\x3c\x66\x35\x2f\xe6\x7d\x09\x33\x34\xb0\x27\x00\x38\xcb\xb6\xc4\x8d\x1b\x49\xd7\xc3\x56\x86\xda\x4d\x6b\x93\xab\x52\xf7\x4a\xe6\xa4\x24\x08\x9e\x39\x15\x07\xdf\x47\x47\x41\x2e\x66\x1b\x5f\xc5\x6d\x2e\x56\xba\xc1\xd2\xd0\xb7\xc6\xc6\x62\xaf\x6c\x3b\xec\x30\x6e\x88\x45\x04\xc5\x7e\x54\xea\xa5\x0d\xc8\x2b\x94\xb5\xb2\xc9\x0e\x20\xa5\xa6\x99\x5b\x60\x99\x2d\x35\x66\x8d\xbd\x61\x4c\xeb\x1e\x60\xa2\x73\xcb\x22\x8d\xdd\x8a\x8e\x41\xe5\xbf\xa4\xfd\x73\x22\xef\xd0\x48\x3c\x22\x88\x72\xbd\x9b\xf2\x67\x4a\xac\xb0\x4c\xee\x2d\xe6\x37\x8f\x12\x29\x9e\xcb\xf3\x81\xbb\xc2\xd4\x29\x62\x0f\x75\xa3\x13\x7c\x14\x3c\x19\xda\x0e\xa4\xa2\x17\x31\xbb\x8a\x10\xf1\x67\xd4\x04\x2e\x39\x33\xb4\x71\x38\x4e\x2b\x95\xe7\xdc\x02\x27\xda\x40\x4d\x00\xb0\xfc\xfb\xf9\x50\x75\x38\x13\x7a\xf6\x78\x9c\x22\x4a\x91\xe4\x94\x5f\x28\x72\xa6\xa7\x44\x27\x00\x5a\x16\x4d\x6f\x06\xb4\x85\x6e\x6d\x98\x86\x7d\xbb\x1d\x0e\xad\xfa\xe8\xa6\xd8\x50\xa6\xe6\xcd\x65\x6f\xbe\xf6\xf6\x69\xee\x06\x2d\x66\xa6\x0f\xdc\x1e\x5c\x2d\x71\x59\x4d\xe5\x87\xd6\x0e\x97\x55\x54\x33\xac\x6e\x1f\xa0\x15\x56\xf5\xf4\x27\x1a\x8a\xc4\x5c\x72\xb4\xa3\xb0\x10\x82\x12\x4f\x77\xe4\xe1\x81\x76\xf4\x06\xa9\xd2\xf4\x06\x99\x78\x76\xbe\xb3\xe9\x90\x9d\x66\x9f\x31\x59\x7c\xd9\xb6\xdd\x9f\x07\xe7\x8a\xa7\xd2\x4f\x51\x50\xef\xca\x0e\x7f\x60\x2a\xf8\xaf\x58\xe6\xf4\x4d\x81\x6c\xd2\x71\xb5\x0e\xd8\x42\x6b\x84\xdd\x24\xa9\x10\xdc\x2f\xb6\x69\x81\x40\x72\xa6\xe7\xf0\xd7\xff\xb3\xbb\x5f\x22\xa3\xfa\xb7\xf5\x7a\x13\x8d\x6e\xb2\xb0\x13\xb1\x5a\x27\x18\xf4\xfd\xcd\xa6\xb3\x61\x10\x37\xe0\x82\x25\x5e\x0d\xd6\x59\xc1\xfe\x64\xd2\x23\x61\xfc\xfc\xfa\x97\xd7\x6f\x8b\x11\x7e\x64\x80\x7f\xc1\x3d\x91\x7f\xb1\x23\x84\x13\xf0\xc9\x7a\x88\xd3\x8c\xc6\x30\x27\x49\x30\x50\x3d\x7a\xe9\xf2\x3d\xb7\x02\x7b\x6e\xec\xe3\x9f\x9c\xc6\x6c\xcb\x93\x78\x9f\x38\xef\xc8\x69\x0e\xb8\x38\xf4\x18\x8f\x63\xec\x7d\x61\x8f\x9a\x9c\xa9\xea\xf3\x86\x1d\xe2\x86\x98\xef\xd3\xf8\x78\xc4\x4a\x73\x8d\xb3\x66\x6c\xc6\xfb\x55\xd1\xa2\xe3\xc0\xf0\x2c\xd7\xbe\xbd\xe5\x64\xae\x8e\x5a\xe3\x85\x7d\x93\x5d\xc8\xc9\x3d\xc7\xae\x3c\xeb\x8a\xe5\xac\xc9\xb1\x96\xec\x4a\xfd\x5e\xe4\xd5\xd4\xfd\xe0\xd1\x51\xad\xea\xe3\x86\xd2\x3d\x25\x67\x75\xe3\xab\xf3\x42\x7d\xca\xf8\x14\xfb\x06\x58\xf0\x9a\xb0\xd7\x80\x6b\x1d\x0f\xd6\x88\x73\xd0\xb4\x1f\xec\xc8\x10\xc3\x2b\xc5\xe1\x53\xb4\xfd\xa7\xb6\x4a\x39\x32\xa5\x7e\xbe\x7e\x99\xd2\x69\x5f\x2b\xd8\x93\xa3\x8c\x80\x6b\x44\x37\x90\xdd\x5d\x2b\x60\x63\xdf\xee\xcd\xce\x62\xf0\x1d\xa1\xe7\x96\x19\x43\xdd\x05\x57\xff\xe2\x88\xdc\x06\x2e\x66\xa7\x92\x02\x09\x29\x2c\x84\x56\xfd\xa7\x69\x55\x4b\x5c\x6b\xe1\x6c\xb6\xa1\x2b\xf2\xf5\xc4\xfa\x49\x3a\x15\xfa\xab\xbd\xe5\x20\xfc\xad\x2d\xd4\x47\x14\x7d\x0d\xd5\xf5\x0d\xfa\x8b\x61\x03\x3c\xcf\xfc\x68\xf1\x16\x2b\x93\x76\xfa\x6f\xf0\x82\xd7\x2a\x1a\xd8\xf8\xc9\x42\xed\xf7\x46\x91\x77\xad\x3b\xe1\x4d\x30\x2c\x96\xe9\x03\xad\x6c\xb3\xb5\x7c\xa4\x1d\x74\x84\x46\xcf\xd6\x91\x76\x24\xe6\xd5\x36\x4e\x96\xb3\xd1\x64\x34\x06\x6c\x97\x54\xed\x22\x11\xf8\x21\x12\xd4\x70\xa4\xfe\xbc\x32\x57\xea\xa5\x9d\xb0\xe1\x0e\xc9\x5d\xda\xf4\xd6\x0a\x08\x98\x49\x67\xed\x5d\x97\xa4\x79\x18\x88\xbf\x67\x0f\x75\xc6\xdf\xb4\xd3\xa7\x29\xee\x6a\x36\xe2\x66\x80\x2e\xde\xea\xdc\xa3\x13\x99\x10\xdd\x5b\xe8\xb5\xb5\x98\x54\x93\x16\x64\x7b\x5b\x52\xc2\x3a\xa6\xe6\xa7\x48\x4b\xc4\xbb\x22\xf2\x12\x3d\xd8\x2f\x31\x51\x6d\xfd\x0a\x82\x1d\xaa\x00\xea\xd7\xde\x3c\x80\x26\x8b\x40\xaa\xdd\xac\x0b\xf9\xb1\xdd\x2a\xfe\xcf\x14\x93\x6f\x7d\x87\xa3\x84\x48\xa4\xec\x0d\x4f\xe3\xe6\x15\x48\xbd\xd7\xde\x02\xa0\x9a\x79\x07\x9c\xc0\xac\x47\x5a\xd2\x03\x66\xe6\x28\x22\xa6\x5f\xfc\xe3\xd5\x09\x38\x12\x6f\xee\xcf\xe1\x27\x18\x00\xd5\x8f\xff\x0b\x00\x00\xff\xff\x14\xca\x23\x66\x02\xbf\x03\x00") + +func templatesAnalysisTemplate1HtmlBytes() ([]byte, error) { + return bindataRead( + _templatesAnalysisTemplate1Html, + "templates/analysis-template.1.html", + ) +} + +func templatesAnalysisTemplate1Html() (*asset, error) { + bytes, err := templatesAnalysisTemplate1HtmlBytes() + if err != nil { + return nil, err + } + + info := bindataFileInfo{name: "templates/analysis-template.1.html", size: 245506, mode: os.FileMode(438), modTime: time.Unix(1460562711, 0)} + a := &asset{bytes: bytes, info: info} + return a, nil +} + +var _templatesAnalysisTemplateHtml = []byte("\x1f\x8b\x08\x00\x00\x09\x6e\x88\x00\xff\xdc\x5a\x7d\x6f\xdb\x38\xd2\xff\xff\x01\x9e\xef\xc0\x55\x6e\xe1\x74\x2f\x92\x5f\x92\xba\xa9\x6b\xfb\xd0\x4d\x1b\x74\x81\x5e\x77\x71\x2d\x16\x38\x14\xc5\x82\x96\x68\x89\x08\x2d\xea\x24\xba\x49\xce\xf0\x77\xbf\x21\xf5\x46\x4a\x94\xe4\x06\x77\xc5\xe1\xd0\x26\x96\xc9\xe1\x6f\x86\xf3\x4e\x2a\xcb\x1f\xde\xfc\x7a\xf3\xe9\xef\xbf\xbd\x45\x91\xd8\xb1\xf5\xff\xff\xdf\x52\x7e\x22\x86\xe3\x70\xe5\x90\xd8\x81\x11\x84\x96\x11\xc1\x81\x7a\x82\x67\x41\x05\x23\xeb\x77\x8f\x09\x49\x7d\x86\x69\x8a\x52\x92\xf0\x54\xa0\x05\x3a\x1c\xbc\x5f\x76\x38\x24\x1f\xf0\x8e\x1c\x8f\xcb\x71\x4e\x99\x2f\x2b\x16\x33\x1a\xdf\xa1\x28\x25\xdb\xd5\x28\x12\x22\xc9\x16\xe3\xf1\x96\xc7\x22\xf3\x42\xce\x43\x46\x70\x42\x33\xcf\xe7\xbb\xb1\x9f\x65\x7f\xd9\xe2\x1d\x65\x8f\xab\x5f\x13\x12\xff\xf9\x23\x8e\xb3\xc5\xd5\x64\x72\x31\xcf\x7f\xa8\xc0\x8c\xfa\x17\x57\xd5\xd3\xa5\xfe\x34\x02\x99\xd8\x6a\x94\x89\x47\x46\xb2\x88\x10\x31\x42\x02\xe4\x5d\x8d\x04\x79\x10\x12\x7b\xb4\xd6\xe5\x91\xc4\x4e\x4d\xec\xe4\x02\x3a\xa5\x80\x3b\xfc\xe0\x07\xb1\xb7\xe1\x5c\x64\x22\xc5\x89\xfc\x22\x65\x94\x82\xbb\xf8\x9e\x64\x7c\x47\xc6\x57\xde\xdc\x9b\x4a\x68\x63\xd8\xdb\x51\xa0\xcd\x32\xc7\xd4\x82\xe2\x55\x0c\x21\xb4\xe1\xc1\x23\x3a\x94\xdf\x10\x52\x00\xf9\xe6\x17\x68\x24\xb7\x8f\xe4\xf6\x47\x17\x28\x83\x0f\x37\x23\x29\xdd\xbe\xaa\xc9\x77\x38\x0d\x69\xbc\x40\x13\x6d\x2c\xc1\x41\x40\xe3\xd0\x1c\xdc\x60\xff\x2e\x4c\xf9\x3e\x0e\x16\x28\x8c\x78\x26\xee\x23\x2a\x48\x7b\x95\xbb\xe1\x42\xf0\xdd\x02\xcd\xc8\xae\x9a\x3d\x96\x0f\xe5\xe7\xf8\x27\xf4\xe9\x31\xe1\x21\x28\x24\x7a\x44\x3f\x8d\x9b\xf3\x1e\x58\x33\x68\x6d\x2b\xa3\xff\x24\x0b\x34\xf5\xae\x06\xa0\x43\xc6\x37\x58\xba\xe1\x23\xdf\x0b\x0d\x1d\x14\x1f\x0b\x4c\x63\x92\xea\xd0\xf5\x76\x61\xc3\x35\x4e\x0b\xd8\xf3\x41\xa8\x74\x4b\x1f\x16\x78\x2b\x4c\x08\x89\x4b\x62\xb1\x70\x1c\x4d\x21\x01\xcd\x12\x10\x61\xb1\x61\xdc\xbf\xd3\xc6\x15\xcc\x02\xd4\x14\x75\x6f\xc2\x4b\xf9\xbd\xce\xa0\x32\x13\x72\x67\x93\xe4\xa1\x7f\x61\x5b\xbe\x52\x14\x64\x97\x05\xf5\x0b\xf3\x19\x22\x35\xcb\x7e\x5a\x39\x3e\x67\xae\xf3\xa5\x43\x77\x86\x5c\x60\x30\xc6\xb1\x58\x20\x46\xb6\x42\xf7\x22\xfe\x20\xad\xa8\x96\x6c\x78\x1a\x90\x14\xfc\xa5\x6f\x3b\x92\xe5\x5c\xe7\x78\x4f\x03\x11\x2d\xd0\xf3\xc9\x8f\x3d\xab\x12\x1c\x13\xa6\xaf\x02\xa7\xa8\x44\x9d\x82\xf7\x68\x4e\x81\x4a\x41\x52\x1c\xd0\x7d\xb6\x40\x57\xc6\x3e\x74\xbf\x6f\xba\xbc\xda\x4d\x84\x03\x50\x39\x82\xdd\xa3\x29\xfc\xcc\xe0\xe7\x8c\xcc\xe4\xbf\x41\x01\xa3\x59\xdb\xc6\xae\xe0\x89\x35\x1c\xab\xc0\xf2\xf4\xc8\x42\xb5\x1a\xf3\xd9\x8c\x33\x1a\x28\x49\x42\xf0\xf4\x0c\x66\xf9\xa0\x1c\x0b\xb0\xaf\x70\xfd\x88\xb2\xc0\x22\x50\x89\x3c\xe9\x8d\xb9\x77\x10\xb0\xe0\x74\x96\x50\xc6\x49\xe2\x46\xf9\xec\xc1\xae\xd7\xb3\xd9\xf4\xe5\xfc\xf6\x52\xf7\x4b\xce\x78\xda\x56\x78\x1d\x06\x52\xdd\xc5\x8f\x2d\x73\x4d\xe7\xd2\x14\xe6\xa4\x61\x2d\x88\x23\x69\x30\x49\x76\x36\x9b\x5f\xce\x2e\xaf\x75\x18\x9e\x51\x41\x39\x30\x82\xe4\x8e\x05\xfd\x4a\x7a\x54\xa8\x6d\x2f\x9a\x5a\x63\xf6\x55\x23\x8d\xdd\x13\x1a\x46\x32\x36\xe4\x07\x49\xb5\x69\x59\x61\x5c\xa8\x12\x71\xb6\xe5\x29\xa8\x7c\x9f\xc8\x3a\x89\xb3\x21\xfe\x34\x16\x29\xb7\xc6\x65\x43\x07\x8a\x01\x14\xba\x10\xe4\xf2\x21\x63\x19\xdc\x0b\xa5\xb7\xf5\xa1\xdb\x2a\x0d\x37\xf8\x7c\xf6\xfc\xf9\x05\xaa\x7f\x79\xd7\xcf\x4e\x71\xc8\xb3\xb7\x37\x6f\x6f\x6f\xa7\x27\xed\xc5\x0c\x0d\x2d\xfb\x9b\xce\xdf\xab\xcf\x36\x7e\xb6\xdf\x81\x55\x8c\x7a\x09\x35\x9c\x80\xfd\x72\x04\x6f\x3e\x50\x59\x8a\x6e\xc5\xe2\xe5\xc5\x4c\x47\x3c\x0f\x24\x6d\x55\x07\xed\xf9\x1e\xef\x05\x37\x22\xe0\xc1\x2d\x52\xe0\xcb\xb9\x69\x5b\x9d\xdf\x65\x2f\x3f\xd8\xc8\x47\xd9\x44\x20\xbe\x45\x22\x22\x28\x67\xaf\xd5\xc9\x7c\xc0\x8b\x79\x40\x0c\xaf\xea\x8e\x0b\xad\xc6\xd0\x58\xe9\xb4\x59\x6a\x4a\x1d\xcf\xcc\xfc\x5a\x6c\xa6\x31\x5a\xee\x7f\x66\xdb\x86\x21\x9e\x17\x70\x71\xb2\x8c\x4f\x94\xa6\x51\x20\x1a\xb3\x43\x35\xaf\xa3\x87\x4a\xf1\xa3\x95\x08\x8c\x63\x66\xaa\xb2\xaa\xa8\xc8\x9b\x5c\xa0\xfc\xbf\x37\x6b\xc7\x9c\x1e\x6c\xd6\x38\x85\x35\x9a\x99\xbb\xfc\x50\x29\xd6\x7b\x07\x0a\x6a\x69\xd7\xc8\xda\x6f\x5f\x4e\xdf\xce\x2f\x07\xdd\x3a\x87\xfb\x2b\x01\xe5\xed\xfa\x01\x6f\x6f\x5f\xbf\x98\xcd\x4f\x04\x7c\x0f\x1d\x52\x2f\xda\xf5\xcf\x37\x97\x57\xaf\x4f\x43\x83\x4a\xc8\x93\x7d\x62\xed\x99\x62\x1e\xdb\x7d\xa8\x70\x16\x38\x32\x74\xf8\x43\xed\x8b\x78\x03\x96\xd9\x37\x9a\x87\x3c\x3f\x4e\x27\x5a\x2b\xd3\x2a\xba\x33\x6b\x8c\x4b\x0f\x5b\x20\x77\xfa\xdc\x9c\xcd\x87\x67\x1d\xd2\x3c\xa5\x93\xe9\xf3\x39\x5b\xd9\x6d\x56\xdc\x9e\xc6\x4a\xf9\x79\xd3\x6b\xcb\xce\xc9\xe8\xcf\x54\xd1\xaa\xe3\x41\xfe\x53\x35\x32\xc1\x29\x94\xb0\x6f\x32\x70\x77\xeb\x8e\x46\x23\x6b\x07\x60\xb1\x9c\xca\xb0\x0d\xb3\xe5\xaa\x7f\x6e\x33\x65\x69\x2c\x53\x37\x9d\x2d\x79\xe1\x55\x13\x4b\xea\x9c\xb4\x75\x5b\x50\x4f\x95\xd1\x54\x43\xd4\x61\x04\xbd\xa3\xd2\xd5\xd7\xf5\xdc\x46\x50\xe7\xce\xc2\x58\xdf\xa6\xf4\x0d\x81\x76\x86\xfc\x0f\x6a\x5d\xba\xac\xfa\x35\xa0\xf5\x56\x18\x7d\x67\x0b\xa0\x35\xec\xfc\xab\x6e\x00\xfe\x95\xa4\x50\xae\x20\xa0\x22\x1a\x04\x24\x6e\xf6\x88\xf5\x3c\x61\x8c\x26\x19\xcd\x4e\x63\xb8\x88\xe4\xca\x56\x62\xe6\x09\xf6\xa9\x00\xbd\x7b\xd7\xdf\x86\xd3\x9d\x96\x9b\x16\x94\x9d\x51\x69\xb2\xe9\xb5\x69\x8d\xc2\x0c\x01\xdd\x19\x65\xd7\xd6\x18\x6d\x70\x9a\xe9\xad\x10\x7c\x77\x37\xa1\x55\x82\x8e\x46\xa7\xea\x21\x4c\x19\x4a\xd9\xe6\xe6\x89\xe5\x5b\x8e\x1a\x4a\x16\x7c\xda\xc9\x7e\x38\x96\x26\x96\x62\x34\x69\x05\x57\xd7\x1d\x50\xb3\xfa\xb7\xbb\xa4\xde\x8e\xb7\xd8\x4a\xde\x65\x3c\xb9\xc1\x28\x51\x8a\xe6\xe2\xc9\x7d\x45\x89\xf3\xde\xbc\x75\xf9\xa6\x76\x02\x7c\xe7\xeb\x9e\xc5\x24\xc5\x1b\xca\x40\xf5\xc4\x70\xa3\xae\xe3\x81\xf4\x55\xc8\x1f\x43\x5d\x7e\xdf\xb5\x54\x01\xed\x35\xb8\x5f\xb4\x08\xb6\x04\x8b\x7d\x0a\x72\xad\xd1\x9e\x0d\x9d\x54\x2d\x97\x80\xdd\xac\x3b\x91\x19\xcd\x44\x99\xb6\x8c\x3e\xaa\x8d\x55\x60\x18\xfa\x7f\xfa\x49\xb2\x40\xeb\xb8\xd9\x30\xb3\xf3\xd9\xcd\xed\x9b\xeb\x37\x37\xc3\x68\x7f\xfc\xa1\x2e\xa5\xad\x07\xed\x69\xdf\xc9\xb1\x69\x1b\x0b\x42\x51\xb0\x66\xf2\x08\x8a\x7e\xa0\x3b\xa9\x58\xdc\xdb\xdd\xe8\x98\x8f\x36\xc4\xea\xc2\xe8\xda\x38\x33\x97\xd3\x69\x71\x02\xf2\x7a\x6f\x6a\x5b\xa2\x17\x07\x83\x18\xef\x1a\x15\x3d\xd7\xe5\x60\xcc\xb6\xf0\xca\x93\x41\x17\xe2\x60\xf4\xb6\x10\xd5\xd1\xa0\x0b\xee\x84\x38\x86\x84\x4a\x8c\x2a\x50\xb1\x52\x33\xc5\x87\xc5\x1b\xfc\x7d\x9a\x49\x26\x09\xa7\x8d\xbb\x15\xab\x9f\xf4\x79\x78\xc3\x27\x6b\xf9\x2f\x5f\x5c\xbd\xb8\xba\xb5\x9c\x95\xfb\x02\xd5\x22\x77\x51\x61\x3b\x73\xef\x50\x84\x29\x2c\xcf\x67\x3c\x23\x81\x96\x01\x06\x4f\x50\x0d\xa4\xe5\xb8\x7e\x9f\xb1\x1c\x57\xaf\x8a\x96\xf2\xbd\x46\xf9\x9e\x45\xf6\x2e\xea\x0e\x5a\x5e\x41\x17\x37\xf8\x4e\xf5\x06\x64\x59\xdc\xbe\x15\x14\xf5\x7d\x5c\x4d\x22\x89\xa6\xed\xb7\x4e\xc0\x6f\x5a\xc3\x8c\xf3\x55\xeb\xe6\x4e\x75\xf6\xf5\x05\x55\xf9\x32\xc0\x64\x32\x5b\xab\x77\x58\xed\xb7\x59\x30\x53\xd3\x69\x2b\x32\xe2\xcb\x2a\x5d\xe2\x17\x17\x54\x3a\x68\x29\x42\x63\x08\x01\x8b\x7b\x2a\x22\xf4\xa7\x86\xfb\xdf\x80\x01\x05\x5a\xac\x90\xa7\x9e\x5e\x33\xf6\xbb\x49\x70\x3c\x36\x91\x80\x41\xb2\x5e\x42\xdb\x59\xc9\x21\x5f\xbf\x38\x30\x04\x3b\x8d\xc3\xf5\x27\x2e\x30\x53\xaf\xe8\xac\xcc\x3c\x35\x2f\x77\x59\xd0\xc3\x03\x60\xc1\x47\xd2\x12\x5a\xb1\x6a\x0f\x4a\x4d\x48\xf6\xca\x17\x56\x8e\xbd\xc5\x2a\x3b\xab\xa9\x3a\x14\x3b\xeb\x9b\x14\x64\xf0\x95\x64\xa5\xa4\x5d\x12\xca\x9c\xd5\x16\xd0\x2a\xc7\x0f\xae\x6b\xa8\x22\x6f\x00\x9b\x16\x31\xc5\xd6\x49\xa1\x3f\x93\xdc\x9c\x72\x2f\x85\xd0\x5d\x92\xfd\xad\x68\xfb\x72\xb3\x39\x6a\xe9\xf1\xf8\xa3\xd3\x2b\x63\x3e\xe5\xba\x36\xf5\xfe\x87\x95\x5e\x64\xeb\x61\x95\xe7\x84\xdf\x4f\xe9\x39\xbf\x27\xaa\xbd\x58\xfc\xdf\xac\x78\x59\xd4\x86\xb5\x0e\x54\xdf\x4f\xe5\xc0\xec\x89\xfa\x96\x2b\xff\xfd\xca\x7e\x92\x5e\x3f\x90\x90\xd1\x90\x6e\xa0\x92\x0f\xab\xb7\x26\x3e\x45\xcb\x56\xe3\xdb\x44\x3f\x1c\x48\x1c\x34\xf3\xf2\x72\xdc\xcc\xfa\xc0\x28\x2f\x17\xc6\xa8\x41\xa1\xd5\x2a\x75\x9a\x6e\xda\xf3\x70\x48\x71\x1c\x12\xe4\x7d\x84\xfa\x37\x58\x18\x96\xb8\x04\xcb\x5f\x05\x1c\xbc\x8f\x04\x9a\x06\xe8\x37\x8f\xc7\xf2\x0f\x1d\xce\x0e\x07\xe4\xc9\x32\x87\x60\xcc\xb6\x5f\x4d\xa4\x80\x0b\x69\x72\x5b\x35\x33\x09\xd5\xb1\xdf\xee\x8b\xaa\x16\xd6\x76\xf2\xca\x0a\x5b\x19\xc3\x8e\x5e\x2c\x34\xb6\xd0\x43\x2b\xa3\xa3\xa0\xff\x45\xd6\xfb\x60\xef\x93\x9f\xab\x25\x56\x9f\x34\x57\xbd\x21\x99\x9f\xd2\x44\x5a\x6b\x68\x55\xb1\xe2\xbd\x6c\xa8\xba\x85\xb2\x8f\x2f\xc7\xb8\x65\xe1\x96\x2f\x99\x4b\xcd\x6f\xd5\x68\xa3\x13\xc9\x3b\x24\xd3\x04\x96\x36\xc4\x30\x9a\x7c\x99\xdc\x36\x9a\x4e\x92\x77\xd6\x36\xc3\x1a\x8e\xa9\x54\x61\x6d\x54\x0a\x38\x1a\xac\x9c\xca\xf6\x8e\x81\xde\x99\xc1\xa2\x4b\x83\xae\x68\x83\x1d\x14\x60\x81\x5d\xc1\xc3\x90\x11\x57\xcd\xe8\xd0\xba\x87\x45\x97\x5d\xd0\x85\x05\x7f\xc3\x22\xea\xf3\x2a\x53\x17\x65\xcb\xdc\x25\x30\x50\xef\x59\xe7\x9c\xa6\xb1\xdb\x02\xc8\xae\xaf\x0a\x8c\xd1\x06\xe7\x6e\xc6\x9d\xc2\x96\x4a\x1b\x58\x89\xb4\x44\x5a\x25\x87\x2a\x44\xf3\x2c\xad\xa6\x7e\x07\x33\x4b\xa7\x53\xb3\x72\x10\xb9\x66\xa9\xd9\x62\xb4\xc5\xee\xe1\x40\xb7\xe0\x19\x02\x64\x80\x5d\xfa\x11\xf1\xef\x5c\x9f\x42\x2f\x4f\xc0\xdb\x59\x06\xd6\x21\x0f\xb0\x60\x87\xa5\x07\xbb\x22\xa5\xa0\x18\x35\x27\x23\xc1\x41\x18\x06\xdc\xfc\x9e\x73\xe5\x88\x74\x4f\x7a\xeb\x8e\xb6\x89\x1e\x4b\x56\x34\x7b\x56\xca\xda\xa8\x18\xc3\x4a\xaa\x2c\x78\x42\x87\xde\xe2\x5b\x9b\xb3\x71\x11\x00\x6a\x2d\x53\x5c\x47\x4a\xb6\xa0\x61\x2b\x58\x15\x23\xf2\x30\x2d\xc3\x42\xcb\xf4\xed\xcc\xd3\x01\x9d\x5b\xbd\x2a\x24\xb0\xde\xb1\xba\xc5\x49\x60\x79\xa4\x21\x3d\xbd\xa2\xfe\x90\x6b\x6d\x34\x2f\x5b\x12\xe4\xbd\xfc\xfb\x3d\xe9\x20\x02\x8e\xd0\x44\x40\x63\xc3\x70\x7c\x07\xad\x16\x8c\x9f\xb6\xbd\xe5\x98\xd1\x13\xcc\x6c\xa9\xee\x6d\xa4\xde\x60\x1f\x64\x35\xc0\xa4\x07\xbe\xa7\x0a\x76\xcc\x74\xf0\xb2\x91\x5b\xc7\x36\x29\x1a\xaf\xbb\x0b\x54\xbb\x60\x99\x6d\x8f\x3e\x5b\x8c\xe4\xce\x50\xad\x38\xdf\xee\xe3\xbc\x9a\x9d\x3f\x6b\xbc\x76\xca\x04\xca\x73\x7d\x9a\xa1\x15\x0a\xb8\xbf\xdf\x11\x68\xec\xfe\xb1\x27\xe9\xe3\x47\xc2\x80\x11\x4f\xe1\xcc\x7c\x3e\xfa\xdc\xaa\x0b\x5f\x46\xcf\x5e\x99\x58\x9c\x11\x8f\xf1\xf0\xbc\x44\xb4\xbf\x1e\xdd\xf2\x14\x9d\x7f\x85\x7e\x99\x02\xc7\x92\xd4\x63\x24\x0e\xe1\xf8\xee\xa2\xe9\x2b\x98\x58\xaf\xe4\x1f\x1f\x52\xd7\x35\xe4\x45\x15\xf9\x67\xfa\xc5\xe3\xb1\xcf\xa8\x7f\x07\x20\xf5\xf6\x48\x83\x1e\x21\xe2\xe5\xde\xec\xe5\x6f\x91\x3e\xc8\x77\xe5\x2a\xf6\xde\xd3\x4c\x78\x39\xde\xf9\x28\xbf\xb7\x31\x36\x84\xd0\x51\xfb\x56\x59\xf7\xf8\xec\xbc\xa4\x02\x43\xd4\x7a\x5e\x8e\x8b\x2b\x1a\x28\x8c\xf2\x8f\x7f\xff\x15\x00\x00\xff\xff\x7c\xe6\x5d\xf4\x0c\x2c\x00\x00") + +func templatesAnalysisTemplateHtmlBytes() ([]byte, error) { + return bindataRead( + _templatesAnalysisTemplateHtml, + "templates/analysis-template.html", + ) +} + +func templatesAnalysisTemplateHtml() (*asset, error) { + bytes, err := templatesAnalysisTemplateHtmlBytes() + if err != nil { + return nil, err + } + + info := bindataFileInfo{name: "templates/analysis-template.html", size: 11276, mode: os.FileMode(438), modTime: time.Unix(1461912125, 0)} + a := &asset{bytes: bytes, info: info} + return a, nil +} + +// Asset loads and returns the asset for the given name. +// It returns an error if the asset could not be found or +// could not be loaded. +func Asset(name string) ([]byte, error) { + cannonicalName := strings.Replace(name, "\\", "/", -1) + if f, ok := _bindata[cannonicalName]; ok { + a, err := f() + if err != nil { + return nil, fmt.Errorf("Asset %s can't read by error: %v", name, err) + } + return a.bytes, nil + } + return nil, fmt.Errorf("Asset %s not found", name) +} + +// MustAsset is like Asset but panics when Asset would return an error. +// It simplifies safe initialization of global variables. +func MustAsset(name string) []byte { + a, err := Asset(name) + if err != nil { + panic("asset: Asset(" + name + "): " + err.Error()) + } + + return a +} + +// AssetInfo loads and returns the asset info for the given name. +// It returns an error if the asset could not be found or +// could not be loaded. +func AssetInfo(name string) (os.FileInfo, error) { + cannonicalName := strings.Replace(name, "\\", "/", -1) + if f, ok := _bindata[cannonicalName]; ok { + a, err := f() + if err != nil { + return nil, fmt.Errorf("AssetInfo %s can't read by error: %v", name, err) + } + return a.info, nil + } + return nil, fmt.Errorf("AssetInfo %s not found", name) +} + +// AssetNames returns the names of the assets. +func AssetNames() []string { + names := make([]string, 0, len(_bindata)) + for name := range _bindata { + names = append(names, name) + } + return names +} + +// _bindata is a table, holding each asset generator, mapped to its name. +var _bindata = map[string]func() (*asset, error){ + "templates/analysis-template.1.html": templatesAnalysisTemplate1Html, + "templates/analysis-template.html": templatesAnalysisTemplateHtml, +} + +// AssetDir returns the file names below a certain +// directory embedded in the file by go-bindata. +// For example if you run go-bindata on data/... and data contains the +// following hierarchy: +// data/ +// foo.txt +// img/ +// a.png +// b.png +// then AssetDir("data") would return []string{"foo.txt", "img"} +// AssetDir("data/img") would return []string{"a.png", "b.png"} +// AssetDir("foo.txt") and AssetDir("notexist") would return an error +// AssetDir("") will return []string{"data"}. +func AssetDir(name string) ([]string, error) { + node := _bintree + if len(name) != 0 { + cannonicalName := strings.Replace(name, "\\", "/", -1) + pathList := strings.Split(cannonicalName, "/") + for _, p := range pathList { + node = node.Children[p] + if node == nil { + return nil, fmt.Errorf("Asset %s not found", name) + } + } + } + if node.Func != nil { + return nil, fmt.Errorf("Asset %s not found", name) + } + rv := make([]string, 0, len(node.Children)) + for childName := range node.Children { + rv = append(rv, childName) + } + return rv, nil +} + +type bintree struct { + Func func() (*asset, error) + Children map[string]*bintree +} +var _bintree = &bintree{nil, map[string]*bintree{ + "templates": &bintree{nil, map[string]*bintree{ + "analysis-template.1.html": &bintree{templatesAnalysisTemplate1Html, map[string]*bintree{}}, + "analysis-template.html": &bintree{templatesAnalysisTemplateHtml, map[string]*bintree{}}, + }}, +}} + +// RestoreAsset restores an asset under the given directory +func RestoreAsset(dir, name string) error { + data, err := Asset(name) + if err != nil { + return err + } + info, err := AssetInfo(name) + if err != nil { + return err + } + err = os.MkdirAll(_filePath(dir, filepath.Dir(name)), os.FileMode(0755)) + if err != nil { + return err + } + err = ioutil.WriteFile(_filePath(dir, name), data, info.Mode()) + if err != nil { + return err + } + err = os.Chtimes(_filePath(dir, name), info.ModTime(), info.ModTime()) + if err != nil { + return err + } + return nil +} + +// RestoreAssets restores an asset under the given directory recursively +func RestoreAssets(dir, name string) error { + children, err := AssetDir(name) + // File + if err != nil { + return RestoreAsset(dir, name) + } + // Dir + for _, child := range children { + err = RestoreAssets(dir, filepath.Join(name, child)) + if err != nil { + return err + } + } + return nil +} + +func _filePath(dir, name string) string { + cannonicalName := strings.Replace(name, "\\", "/", -1) + return filepath.Join(append([]string{dir}, strings.Split(cannonicalName, "/")...)...) +} + diff --git a/cmd/clairctl/clair/templates/analysis-template.1.html b/cmd/clairctl/clair/templates/analysis-template.1.html new file mode 100644 index 00000000..2821a090 --- /dev/null +++ b/cmd/clairctl/clair/templates/analysis-template.1.html @@ -0,0 +1,100 @@ + + + + + + + + + Hyperclair Reports + + + + + +
+
+

+ Hyperclair reports +

+

+ Image: {{.ImageName}} +

+
+ +
{{.CountAllVulnerabilities}}
+ + + + + + + + + + + + + {{range .SortVulnerabilities}} + + + + + + + + {{end}} + +
NameSeverityIntroduceByDescriptionLayer
{{.Name}}{{.Severity}}{{.IntroduceBy}}{{.Description}}{{.Layer}}
+
+ + + + diff --git a/cmd/clairctl/clair/templates/analysis-template.html b/cmd/clairctl/clair/templates/analysis-template.html new file mode 100644 index 00000000..df4ca5be --- /dev/null +++ b/cmd/clairctl/clair/templates/analysis-template.html @@ -0,0 +1,420 @@ + + + + Hyperclair report : {{.ImageName}} + + + + + + + +
+
+

Hyperclair report

+
+ +
+

Image: {{.ImageName}}

+ +
+
+ {{with $vulnerabilitiesCount := .CountAllVulnerabilities}} +

Total : {{$vulnerabilitiesCount.Total}}

+

+ Critical : {{$vulnerabilitiesCount.High}} + +

+

+ Medium : {{$vulnerabilitiesCount.Medium}} + +

+

+ Low : {{$vulnerabilitiesCount.Low}} + +

+ Negligible : {{$vulnerabilitiesCount.Negligible}} +

+

+ {{end}} +
+
+ +
+ {{range .SortVulnerabilities}} + +
+
+
{{.Name}}
+
{{.Severity}}
+ + +
{{.Layer}}
+
+ + {{end}} +
+
+ +
+
+
+
+ {{range .SortLayers}} +
+

{{.Name}}

+
{{.Path}}
+
+
    + {{range .Features}} +
  • +
    + {{ .Name }} {{ .Version }} - +
    +
      + {{range .Vulnerabilities}} +
    • + + {{ .Name }} +
      {{ .Description }}
      + Link +
      • + {{end}} +
    +
    • + {{end}} +
+
+
+ {{end}} +
+
+
+
+
+ + + + + + \ No newline at end of file diff --git a/cmd/clairctl/clair/versions.go b/cmd/clairctl/clair/versions.go new file mode 100644 index 00000000..180cecdd --- /dev/null +++ b/cmd/clairctl/clair/versions.go @@ -0,0 +1,32 @@ +package clair + +import ( + "encoding/json" + "fmt" + "io/ioutil" + "net/http" +) + +func Versions() (interface{}, error) { + Config() + response, err := http.Get(uri + "/versions") + + if err != nil { + return nil, fmt.Errorf("requesting Clair version: %v", err) + } + defer response.Body.Close() + + body, err := ioutil.ReadAll(response.Body) + if err != nil { + return nil, fmt.Errorf("reading Clair version body: %v", err) + } + + var versionBody interface{} + err = json.Unmarshal(body, &versionBody) + + if err != nil { + return nil, fmt.Errorf("unmarshalling Clair version body: %v", err) + } + + return versionBody, nil +} diff --git a/cmd/clairctl/cmd/analyse.go b/cmd/clairctl/cmd/analyse.go new file mode 100644 index 00000000..ce00a49e --- /dev/null +++ b/cmd/clairctl/cmd/analyse.go @@ -0,0 +1,82 @@ +package cmd + +import ( + "fmt" + "os" + "text/template" + + "github.com/Sirupsen/logrus" + "github.com/spf13/cobra" + "github.com/spf13/viper" + "github.com/coreos/clair/cmd/clairctl/clair" + "github.com/coreos/clair/cmd/clairctl/docker" + "github.com/coreos/clair/cmd/clairctl/xerrors" +) + +const analyseTplt = ` +Image: {{.String}} + {{.Layers | len}} layers found + {{$ia := .}} + {{range .Layers}} ➜ {{with .Layer}}Analysis [{{.|$ia.ShortName}}] found {{.|$ia.CountVulnerabilities}} vulnerabilities.{{end}} + {{end}} +` + +var analyseCmd = &cobra.Command{ + Use: "analyse IMAGE", + Short: "Analyse Docker image", + Long: `Analyse a Docker image with Clair, against Ubuntu, Red hat and Debian vulnerabilities databases`, + Run: func(cmd *cobra.Command, args []string) { + + if len(args) != 1 { + fmt.Printf("hyperclair: \"analyse\" requires a minimum of 1 argument") + os.Exit(1) + } + + ia := analyse(args[0]) + + err := template.Must(template.New("analysis").Parse(analyseTplt)).Execute(os.Stdout, ia) + if err != nil { + fmt.Println(xerrors.InternalError) + logrus.Fatalf("rendering analysis: %v", err) + } + }, +} + +func analyse(imageName string) clair.ImageAnalysis { + var err error + var image docker.Image + + if !docker.IsLocal { + image, err = docker.Pull(imageName) + + if err != nil { + if err == xerrors.NotFound { + fmt.Println(err) + } else { + fmt.Println(xerrors.InternalError) + } + logrus.Fatalf("pulling image %q: %v", imageName, err) + } + + } else { + image, err = docker.Parse(imageName) + if err != nil { + fmt.Println(xerrors.InternalError) + logrus.Fatalf("parsing local image %q: %v", imageName, err) + } + docker.FromHistory(&image) + if err != nil { + fmt.Println(xerrors.InternalError) + logrus.Fatalf("getting local image %q from history: %v", imageName, err) + } + } + + return docker.Analyse(image) +} + +func init() { + RootCmd.AddCommand(analyseCmd) + analyseCmd.Flags().BoolVarP(&docker.IsLocal, "local", "l", false, "Use local images") + analyseCmd.Flags().StringP("priority", "p", "Low", "Vulnerabilities priority [Low, Medium, High, Critical]") + viper.BindPFlag("clair.priority", analyseCmd.Flags().Lookup("priority")) +} diff --git a/cmd/clairctl/cmd/health.go b/cmd/clairctl/cmd/health.go new file mode 100644 index 00000000..50c4c334 --- /dev/null +++ b/cmd/clairctl/cmd/health.go @@ -0,0 +1,39 @@ +package cmd + +import ( + "fmt" + "os" + "text/template" + + "github.com/Sirupsen/logrus" + "github.com/spf13/cobra" + "github.com/coreos/clair/cmd/clairctl/clair" + "github.com/coreos/clair/cmd/clairctl/xerrors" +) + +const healthTplt = ` +Clair: {{if .}}✔{{else}}✘{{end}} +` + +type health struct { + Clair interface{} `json:"clair"` +} + +var healthCmd = &cobra.Command{ + Use: "health", + Short: "Get Health of Hyperclair and underlying services", + Long: `Get Health of Hyperclair and underlying services`, + Run: func(cmd *cobra.Command, args []string) { + ok := clair.IsHealthy() + err := template.Must(template.New("health").Parse(healthTplt)).Execute(os.Stdout, ok) + if err != nil { + fmt.Println(xerrors.InternalError) + logrus.Fatalf("rendering the health: %v", err) + } + + }, +} + +func init() { + RootCmd.AddCommand(healthCmd) +} diff --git a/cmd/clairctl/cmd/login.go b/cmd/clairctl/cmd/login.go new file mode 100644 index 00000000..79093b6d --- /dev/null +++ b/cmd/clairctl/cmd/login.go @@ -0,0 +1,124 @@ +package cmd + +import ( + "encoding/json" + "fmt" + "io/ioutil" + "os" + + "golang.org/x/crypto/bcrypt" + "golang.org/x/crypto/ssh/terminal" + + "github.com/Sirupsen/logrus" + "github.com/spf13/cobra" + "github.com/coreos/clair/cmd/clairctl/config" + "github.com/coreos/clair/cmd/clairctl/docker" + "github.com/coreos/clair/cmd/clairctl/xerrors" + "github.com/coreos/clair/cmd/clairctl/xstrings" +) + +type user struct { + Username string + Password string +} + +type userMapping map[string]user + +var loginCmd = &cobra.Command{ + Use: "login", + Short: "Log in to a Docker registry", + Long: `Log in to a Docker registry`, + Run: func(cmd *cobra.Command, args []string) { + + if len(args) > 1 { + fmt.Println("Only one argument is allowed") + os.Exit(1) + } + + var users userMapping + + if err := readConfigFile(&users, config.HyperclairConfig()); err != nil { + fmt.Println(xerrors.InternalError) + logrus.Fatalf("reading hyperclair file: %v", err) + } + + var reg string = docker.DockerHub + + if len(args) == 1 { + reg = args[0] + } + + var usr user + if err := askForUser(&usr); err != nil { + fmt.Println(xerrors.InternalError) + logrus.Fatalf("encrypting password: %v", err) + } + + users[reg] = usr + + if err := writeConfigFile(users, config.HyperclairConfig()); err != nil { + fmt.Println(xerrors.InternalError) + logrus.Fatalf("indenting login: %v", err) + } + + logged, err := docker.Login(reg) + + if err != nil { + fmt.Println(xerrors.InternalError) + logrus.Fatalf("log in: %v", err) + } + + if !logged { + fmt.Println("Unauthorized: Wrong login/password, please try again") + os.Exit(1) + } + + fmt.Println("Login Successful") + }, +} + +func readConfigFile(users *userMapping, configFile string) error { + if _, err := os.Stat(configFile); err == nil { + f, err := ioutil.ReadFile(configFile) + if err != nil { + return err + } + + if err := json.Unmarshal(f, &users); err != nil { + return err + } + } else { + *users = userMapping{} + } + return nil +} + +func askForUser(usr *user) error { + fmt.Print("Username: ") + fmt.Scan(&usr.Username) + fmt.Print("Password: ") + pwd, err := terminal.ReadPassword(1) + fmt.Println(" ") + encryptedPwd, err := bcrypt.GenerateFromPassword(pwd, 5) + if err != nil { + return err + } + usr.Password = string(encryptedPwd) + return nil +} + +func writeConfigFile(users userMapping, configFile string) error { + s, err := xstrings.ToIndentJSON(users) + if err != nil { + return err + } + err = ioutil.WriteFile(configFile, s, os.ModePerm) + if err != nil { + return err + } + return nil +} + +func init() { + RootCmd.AddCommand(loginCmd) +} diff --git a/cmd/clairctl/cmd/login_test.go b/cmd/clairctl/cmd/login_test.go new file mode 100644 index 00000000..6ecc9715 --- /dev/null +++ b/cmd/clairctl/cmd/login_test.go @@ -0,0 +1,59 @@ +package cmd + +import ( + "os" + "testing" + + "github.com/coreos/clair/cmd/clairctl/test" +) + +var loginData = []struct { + in string + out int +}{ + {"", 0}, + {`{ + "docker.io": { + "Username": "johndoe", + "Password": "$2a$05$Qe4TTO8HMmOht" + } +} +`, 1}, +} + +func TestReadConfigFile(t *testing.T) { + for _, ld := range loginData { + + tmpfile := test.CreateTmpConfigFile(ld.in) + defer os.Remove(tmpfile) // clean up + + var users userMapping + if err := readConfigFile(&users, tmpfile); err != nil { + t.Errorf("readConfigFile(&users,%q) failed => %v", tmpfile, err) + } + + if l := len(users); l != ld.out { + t.Errorf("readConfigFile(&users,%q) => %v users, want %v", tmpfile, l, ld.out) + } + } +} + +func TestWriteConfigFile(t *testing.T) { + users := userMapping{} + users["docker.io"] = user{Username: "johndoe", Password: "$2a$05$Qe4TTO8HMmOht"} + tmpfile := test.CreateTmpConfigFile("") + defer os.Remove(tmpfile) // clean up + + if err := writeConfigFile(users, tmpfile); err != nil { + t.Errorf("writeConfigFile(users,%q) failed => %v", tmpfile, err) + } + + users = userMapping{} + if err := readConfigFile(&users, tmpfile); err != nil { + t.Errorf("after writing: readConfigFile(&users,%q) failed => %v", tmpfile, err) + } + + if l := len(users); l != 1 { + t.Errorf("after writing: readConfigFile(&users,%q) => %v users, want %v", tmpfile, l, 1) + } +} diff --git a/cmd/clairctl/cmd/logout.go b/cmd/clairctl/cmd/logout.go new file mode 100644 index 00000000..e81805ff --- /dev/null +++ b/cmd/clairctl/cmd/logout.go @@ -0,0 +1,55 @@ +package cmd + +import ( + "fmt" + "os" + + "github.com/Sirupsen/logrus" + "github.com/spf13/cobra" + "github.com/coreos/clair/cmd/clairctl/config" + "github.com/coreos/clair/cmd/clairctl/docker" + "github.com/coreos/clair/cmd/clairctl/xerrors" +) + +var logoutCmd = &cobra.Command{ + Use: "logout", + Short: "Log out from a Docker registry", + Long: `Log out from a Docker registry`, + Run: func(cmd *cobra.Command, args []string) { + + if len(args) > 1 { + fmt.Println("Only one argument is allowed") + os.Exit(1) + } + var reg string = docker.DockerHub + + if len(args) == 1 { + reg = args[0] + } + + if _, err := os.Stat(config.HyperclairConfig()); err == nil { + var users userMapping + + if err := readConfigFile(&users, config.HyperclairConfig()); err != nil { + fmt.Println(xerrors.InternalError) + logrus.Fatalf("reading hyperclair file: %v", err) + } + if _, present := users[reg]; present { + delete(users, reg) + + if err := writeConfigFile(users, config.HyperclairConfig()); err != nil { + fmt.Println(xerrors.InternalError) + logrus.Fatalf("indenting login: %v", err) + } + + fmt.Println("Log out successful") + return + } + } + fmt.Println("You are not logged in") + }, +} + +func init() { + RootCmd.AddCommand(logoutCmd) +} diff --git a/cmd/clairctl/cmd/pull.go b/cmd/clairctl/cmd/pull.go new file mode 100644 index 00000000..163dffae --- /dev/null +++ b/cmd/clairctl/cmd/pull.go @@ -0,0 +1,63 @@ +// Copyright © 2016 NAME HERE +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package cmd + +import ( + "fmt" + "os" + "text/template" + + "github.com/Sirupsen/logrus" + "github.com/spf13/cobra" + "github.com/coreos/clair/cmd/clairctl/docker" + "github.com/coreos/clair/cmd/clairctl/xerrors" +) + +const pullTplt = ` +Image: {{.String}} + {{.FsLayers | len}} layers found + {{range .FsLayers}} ➜ {{.BlobSum}} + {{end}} +` + +// pingCmd represents the ping command +var pullCmd = &cobra.Command{ + Use: "pull IMAGE", + Short: "Pull Docker image information", + Long: `Pull image information from Docker Hub or Registry`, + Run: func(cmd *cobra.Command, args []string) { + //TODO how to use args with viper + if len(args) != 1 { + fmt.Printf("hyperclair: \"pull\" requires a minimum of 1 argument\n") + os.Exit(1) + } + im := args[0] + image, err := docker.Pull(im) + if err != nil { + fmt.Println(xerrors.ServiceUnavailable) + logrus.Fatalf("pulling image %v: %v", args[0], err) + } + + err = template.Must(template.New("pull").Parse(pullTplt)).Execute(os.Stdout, image) + if err != nil { + fmt.Println(xerrors.InternalError) + logrus.Fatalf("rendering image: %v", err) + } + }, +} + +func init() { + RootCmd.AddCommand(pullCmd) +} diff --git a/cmd/clairctl/cmd/push.go b/cmd/clairctl/cmd/push.go new file mode 100644 index 00000000..253bab08 --- /dev/null +++ b/cmd/clairctl/cmd/push.go @@ -0,0 +1,87 @@ +package cmd + +import ( + "fmt" + "os" + + "github.com/Sirupsen/logrus" + "github.com/coreos/clair/cmd/clairctl/config" + "github.com/coreos/clair/cmd/clairctl/docker" + "github.com/coreos/clair/cmd/clairctl/server" + "github.com/coreos/clair/cmd/clairctl/xerrors" + "github.com/spf13/cobra" +) + +var pushCmd = &cobra.Command{ + Use: "push IMAGE", + Short: "Push Docker image to Clair", + Long: `Upload a Docker image to Clair for further analysis`, + Run: func(cmd *cobra.Command, args []string) { + + if len(args) != 1 { + fmt.Printf("hyperclair: \"push\" requires a minimum of 1 argument\n") + os.Exit(1) + } + + startLocalServer() + + imageName := args[0] + + var image docker.Image + if !docker.IsLocal { + var err error + image, err = docker.Pull(imageName) + if err != nil { + if err == xerrors.NotFound { + fmt.Println(err) + } else { + fmt.Println(xerrors.InternalError) + } + logrus.Fatalf("pulling image %q: %v", imageName, err) + } + } else { + var err error + image, err = docker.Parse(imageName) + if err != nil { + fmt.Println(xerrors.InternalError) + logrus.Fatalf("parsing local image %q: %v", imageName, err) + } + err = docker.Prepare(&image) + logrus.Debugf("prepared image layers: %d", len(image.FsLayers)) + if err != nil { + fmt.Println(xerrors.InternalError) + logrus.Fatalf("preparing local image %q from history: %v", imageName, err) + } + } + + logrus.Info("Pushing Image") + if err := docker.Push(image); err != nil { + if err != nil { + fmt.Println(xerrors.InternalError) + logrus.Fatalf("pushing image %q: %v", imageName, err) + } + } + + fmt.Printf("%v has been pushed to Clair\n", imageName) + + }, +} + +func init() { + RootCmd.AddCommand(pushCmd) + pushCmd.Flags().BoolVarP(&docker.IsLocal, "local", "l", false, "Use local images") +} + +//StartLocalServer start the hyperclair local server needed for reverse proxy and file server +func startLocalServer() { + sURL, err := config.LocalServerIP() + if err != nil { + fmt.Println(xerrors.InternalError) + logrus.Fatalf("retrieving internal server IP: %v", err) + } + err = server.Serve(sURL) + if err != nil { + fmt.Println(xerrors.InternalError) + logrus.Fatalf("starting local server: %v", err) + } +} diff --git a/cmd/clairctl/cmd/report.go b/cmd/clairctl/cmd/report.go new file mode 100644 index 00000000..e3bae8b9 --- /dev/null +++ b/cmd/clairctl/cmd/report.go @@ -0,0 +1,88 @@ +package cmd + +import ( + "fmt" + "os" + "strings" + + "github.com/Sirupsen/logrus" + "github.com/spf13/cobra" + "github.com/spf13/viper" + "github.com/coreos/clair/cmd/clairctl/clair" + "github.com/coreos/clair/cmd/clairctl/docker" + "github.com/coreos/clair/cmd/clairctl/xerrors" + "github.com/coreos/clair/cmd/clairctl/xstrings" +) + +var reportCmd = &cobra.Command{ + Use: "report IMAGE", + Short: "Generate Docker Image vulnerabilities report", + Long: `Generate Docker Image vulnerabilities report as HTML or JSON`, + Run: func(cmd *cobra.Command, args []string) { + if len(args) != 1 { + fmt.Printf("hyperclair: \"report\" requires a minimum of 1 argument") + os.Exit(1) + } + + analyses := analyse(args[0]) + imageName := strings.Replace(analyses.ImageName, "/", "-", -1) + "-" + analyses.Tag + switch clair.Report.Format { + case "html": + html, err := clair.ReportAsHTML(analyses) + if err != nil { + fmt.Println(xerrors.InternalError) + logrus.Fatalf("generating HTML report: %v", err) + } + err = saveReport(imageName, string(html)) + if err != nil { + fmt.Println(xerrors.InternalError) + logrus.Fatalf("saving HTML report: %v", err) + } + + case "json": + json, err := xstrings.ToIndentJSON(analyses) + + if err != nil { + fmt.Println(xerrors.InternalError) + logrus.Fatalf("indenting JSON: %v", err) + } + err = saveReport(imageName, string(json)) + if err != nil { + fmt.Println(xerrors.InternalError) + logrus.Fatalf("saving JSON report: %v", err) + } + + default: + fmt.Printf("Unsupported Report format: %v", clair.Report.Format) + logrus.Fatalf("Unsupported Report format: %v", clair.Report.Format) + } + }, +} + +func saveReport(name string, content string) error { + path := viper.GetString("clair.report.path") + "/" + clair.Report.Format + if err := os.MkdirAll(path, 0777); err != nil { + return err + } + + reportsName := fmt.Sprintf("%v/analysis-%v.%v", path, name, strings.ToLower(clair.Report.Format)) + f, err := os.Create(reportsName) + if err != nil { + return fmt.Errorf("creating report file: %v", err) + } + + _, err = f.WriteString(content) + + if err != nil { + return fmt.Errorf("writing report file: %v", err) + } + fmt.Printf("%v report at %v\n", strings.ToUpper(clair.Report.Format), reportsName) + return nil +} + +func init() { + RootCmd.AddCommand(reportCmd) + reportCmd.Flags().BoolVarP(&docker.IsLocal, "local", "l", false, "Use local images") + reportCmd.Flags().StringP("format", "f", "html", "Format for Report [html,json]") + viper.BindPFlag("clair.report.format", reportCmd.Flags().Lookup("format")) +} diff --git a/cmd/clairctl/cmd/root.go b/cmd/clairctl/cmd/root.go new file mode 100644 index 00000000..32a52cd6 --- /dev/null +++ b/cmd/clairctl/cmd/root.go @@ -0,0 +1,56 @@ +// Copyright © 2016 NAME HERE +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package cmd + +import ( + "fmt" + "os" + + "github.com/spf13/cobra" + "github.com/coreos/clair/cmd/clairctl/config" +) + +var cfgFile string +var logLevel string + +// RootCmd represents the base command when called without any subcommands +var RootCmd = &cobra.Command{ + Use: "hyperclair", + Short: "Analyse your docker image with Clair, directly from your registry.", + Long: ``, + // Uncomment the following line if your bare application + // has an action associated with it: + // Run: func(cmd *cobra.Command, args []string) { + // }, +} + +// Execute adds all child commands to the root command sets flags appropriately. +// This is called by main.main(). It only needs to happen once to the rootCmd. +func Execute() { + if err := RootCmd.Execute(); err != nil { + fmt.Println(err) + os.Exit(-1) + } +} + +func init() { + cobra.OnInitialize(initConfig) + RootCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "config file (default is $HOME/.hyperclair.yml)") + RootCmd.PersistentFlags().StringVar(&logLevel, "log-level", "", "log level [Panic,Fatal,Error,Warn,Info,Debug]") +} + +func initConfig() { + config.Init(cfgFile, logLevel) +} diff --git a/cmd/clairctl/cmd/version.go b/cmd/clairctl/cmd/version.go new file mode 100644 index 00000000..58ff9e80 --- /dev/null +++ b/cmd/clairctl/cmd/version.go @@ -0,0 +1,37 @@ +package cmd + +import ( + "fmt" + "os" + "text/template" + + "github.com/Sirupsen/logrus" + "github.com/spf13/cobra" + "github.com/coreos/clair/cmd/clairctl/xerrors" +) + +const versionTplt = ` +Hyperclair version {{.}} +` + +var version string + +var templ = template.Must(template.New("versions").Parse(versionTplt)) + +var versionCmd = &cobra.Command{ + Use: "version", + Short: "Get Versions of Hyperclair and underlying services", + Long: `Get Versions of Hyperclair and underlying services`, + Run: func(cmd *cobra.Command, args []string) { + + err := templ.Execute(os.Stdout, version) + if err != nil { + fmt.Println(xerrors.InternalError) + logrus.Fatalf("rendering the version: %v", err) + } + }, +} + +func init() { + RootCmd.AddCommand(versionCmd) +} diff --git a/cmd/clairctl/config/config.go b/cmd/clairctl/config/config.go new file mode 100644 index 00000000..311652e6 --- /dev/null +++ b/cmd/clairctl/config/config.go @@ -0,0 +1,216 @@ +package config + +import ( + "bytes" + "fmt" + "io" + "os" + "os/exec" + "os/user" + "strings" + + "gopkg.in/yaml.v2" + + "github.com/Sirupsen/logrus" + "github.com/spf13/viper" + "github.com/coreos/clair/cmd/clairctl/clair" + "github.com/coreos/clair/cmd/clairctl/xerrors" +) + +type r struct { + Path, Format string +} +type c struct { + URI, Priority string + Port, HealthPort int + Report r +} +type a struct { + InsecureSkipVerify bool +} +type h struct { + IP, TempFolder string + Port int +} +type config struct { + Clair c + Auth a + Hyperclair h +} + +// Init reads in config file and ENV variables if set. +func Init(cfgFile string, logLevel string) { + lvl := logrus.WarnLevel + if logLevel != "" { + var err error + lvl, err = logrus.ParseLevel(logLevel) + if err != nil { + logrus.Warningf("Wrong Log level %v, defaults to [Warning]", logLevel) + lvl = logrus.WarnLevel + } + } + logrus.SetLevel(lvl) + + viper.SetEnvPrefix("hyperclair") + viper.SetConfigName("hyperclair") // name of config file (without extension) + viper.AddConfigPath("$HOME/.hyperclair") // adding home directory as first search path + viper.AddConfigPath(".") // adding home directory as first search path + viper.AutomaticEnv() // read in environment variables that match + if cfgFile != "" { + viper.SetConfigFile(cfgFile) + } + err := viper.ReadInConfig() + if err != nil { + logrus.Debugf("No config file used") + } else { + logrus.Debugf("Using config file: %v", viper.ConfigFileUsed()) + } + + if viper.Get("clair.uri") == nil { + viper.Set("clair.uri", "http://localhost") + } + if viper.Get("clair.port") == nil { + viper.Set("clair.port", "6060") + } + if viper.Get("clair.healthPort") == nil { + viper.Set("clair.healthPort", "6061") + } + if viper.Get("clair.priority") == nil { + viper.Set("clair.priority", "Low") + } + if viper.Get("clair.report.path") == nil { + viper.Set("clair.report.path", "reports") + } + if viper.Get("clair.report.format") == nil { + viper.Set("clair.report.format", "html") + } + if viper.Get("auth.insecureSkipVerify") == nil { + viper.Set("auth.insecureSkipVerify", "true") + } + if viper.Get("hyperclair.ip") == nil { + viper.Set("hyperclair.ip", "") + } + if viper.Get("hyperclair.port") == nil { + viper.Set("hyperclair.port", 0) + } + if viper.Get("hyperclair.tempFolder") == nil { + viper.Set("hyperclair.tempFolder", "/tmp/hyperclair") + } + clair.Config() +} + +func values() config { + return config{ + Clair: c{ + URI: viper.GetString("clair.uri"), + Port: viper.GetInt("clair.port"), + HealthPort: viper.GetInt("clair.healthPort"), + Priority: viper.GetString("clair.priority"), + Report: r{ + Path: viper.GetString("clair.report.path"), + Format: viper.GetString("clair.report.format"), + }, + }, + Auth: a{ + InsecureSkipVerify: viper.GetBool("auth.insecureSkipVerify"), + }, + Hyperclair: h{ + IP: viper.GetString("hyperclair.ip"), + Port: viper.GetInt("hyperclair.port"), + TempFolder: viper.GetString("hyperclair.tempFolder"), + }, + } +} + +func Print() { + cfg := values() + cfgBytes, err := yaml.Marshal(cfg) + if err != nil { + logrus.Fatalf("marshalling configuration: %v", err) + } + + fmt.Println("Configuration") + fmt.Printf("%v", string(cfgBytes)) +} + +func HyperclairHome() string { + usr, err := user.Current() + if err != nil { + fmt.Println(xerrors.InternalError) + logrus.Fatalf("retrieving user: %v", err) + } + p := usr.HomeDir + "/.hyperclair" + + if _, err := os.Stat(p); os.IsNotExist(err) { + os.Mkdir(p, 0700) + } + return p +} + +func HyperclairConfig() string { + return HyperclairHome() + "/config.json" +} + +//LocalServerIP return the local hyperclair server IP +func LocalServerIP() (string, error) { + localPort := viper.GetString("hyperclair.port") + localIP := viper.GetString("hyperclair.ip") + if localIP == "" { + logrus.Infoln("retrieving docker0 interface as local IP") + var err error + localIP, err = Docker0InterfaceIP() + if err != nil { + return "", fmt.Errorf("retrieving docker0 interface ip: %v", err) + } + } + return strings.TrimSpace(localIP) + ":" + localPort, nil +} + +//Docker0InterfaceIP return the docker0 interface ip by running `ip route show | grep docker0 | awk {print $9}` +func Docker0InterfaceIP() (string, error) { + var localIP bytes.Buffer + + ip := exec.Command("ip", "route", "show") + rGrep, wIP := io.Pipe() + grep := exec.Command("grep", "docker0") + ip.Stdout = wIP + grep.Stdin = rGrep + awk := exec.Command("awk", "{print $9}") + rAwk, wGrep := io.Pipe() + grep.Stdout = wGrep + awk.Stdin = rAwk + awk.Stdout = &localIP + err := ip.Start() + if err != nil { + return "", err + } + err = grep.Start() + if err != nil { + return "", err + } + err = awk.Start() + if err != nil { + return "", err + } + err = ip.Wait() + if err != nil { + return "", err + } + err = wIP.Close() + if err != nil { + return "", err + } + err = grep.Wait() + if err != nil { + return "", err + } + err = wGrep.Close() + if err != nil { + return "", err + } + err = awk.Wait() + if err != nil { + return "", err + } + return localIP.String(), nil +} diff --git a/cmd/clairctl/config/config_test.go b/cmd/clairctl/config/config_test.go new file mode 100644 index 00000000..142e5d07 --- /dev/null +++ b/cmd/clairctl/config/config_test.go @@ -0,0 +1,123 @@ +package config + +import ( + "fmt" + "os" + "testing" + + "github.com/spf13/viper" + "github.com/coreos/clair/cmd/clairctl/test" + + "gopkg.in/yaml.v2" +) + +const defaultValues = ` +clair: + uri: http://localhost + priority: Low + port: 6060 + healthport: 6061 + report: + path: reports + format: html +auth: + insecureskipverify: true +hyperclair: + ip: "" + tempfolder: /tmp/hyperclair + port: 0 +` + +const customValues = ` +clair: + uri: http://clair + priority: High + port: 6061 + healthport: 6062 + report: + path: reports/test + format: json +auth: + insecureskipverify: false +hyperclair: + ip: "localhost" + tempfolder: /tmp/hyperclair/test + port: 64157 +` + +func TestInitDefault(t *testing.T) { + Init("", "INFO") + + cfg := values() + + var expected config + err := yaml.Unmarshal([]byte(defaultValues), &expected) + if err != nil { + t.Fatal(err) + } + + if cfg != expected { + t.Error("Default values are not correct") + } + viper.Reset() +} + +func TestInitCustomLocal(t *testing.T) { + tmpfile := test.CreateConfigFile(customValues, "hyperclair.yml", ".") + defer os.Remove(tmpfile) // clean up + fmt.Println(tmpfile) + Init("", "INFO") + + cfg := values() + + var expected config + err := yaml.Unmarshal([]byte(customValues), &expected) + if err != nil { + t.Fatal(err) + } + + if cfg != expected { + t.Error("values are not correct") + } + viper.Reset() +} + +func TestInitCustomHome(t *testing.T) { + tmpfile := test.CreateConfigFile(customValues, "hyperclair.yml", HyperclairHome()) + defer os.Remove(tmpfile) // clean up + fmt.Println(tmpfile) + Init("", "INFO") + + cfg := values() + + var expected config + err := yaml.Unmarshal([]byte(customValues), &expected) + if err != nil { + t.Fatal(err) + } + + if cfg != expected { + t.Error("values are not correct") + } + viper.Reset() +} + +func TestInitCustom(t *testing.T) { + tmpfile := test.CreateConfigFile(customValues, "hyperclair.yml", "/tmp") + defer os.Remove(tmpfile) // clean up + fmt.Println(tmpfile) + Init(tmpfile, "INFO") + + cfg := values() + + var expected config + err := yaml.Unmarshal([]byte(customValues), &expected) + if err != nil { + t.Fatal(err) + } + + if cfg != expected { + t.Error("values are not correct") + } + viper.Reset() +} diff --git a/cmd/clairctl/contrib/.hyperclair.yml b/cmd/clairctl/contrib/.hyperclair.yml new file mode 100644 index 00000000..743c73e3 --- /dev/null +++ b/cmd/clairctl/contrib/.hyperclair.yml @@ -0,0 +1,8 @@ +clair: + port: 6060 + healthPort: 6061 + uri: http://clair + priority: Low + report: + path: ./reports + format: html diff --git a/cmd/clairctl/contrib/Dockerfile b/cmd/clairctl/contrib/Dockerfile new file mode 100644 index 00000000..5130fdf8 --- /dev/null +++ b/cmd/clairctl/contrib/Dockerfile @@ -0,0 +1,5 @@ +FROM golang:latest +WORKDIR /go/src/github.com/coreos/clair/cmd/clairctl +EXPOSE 9999 +RUN mkdir -p /data +ENTRYPOINT bash diff --git a/cmd/clairctl/contrib/README.md b/cmd/clairctl/contrib/README.md new file mode 100644 index 00000000..48498a03 --- /dev/null +++ b/cmd/clairctl/contrib/README.md @@ -0,0 +1,17 @@ +CONTRIBUTION +----------------- + +# Running full dev environnement + +```bash +# Running Authentication server, Registry, Clair , Hyperclair-server and Hyperclair-DEV-BOX +docker-compose up -d + +# Enter the hyperclair dev box +docker exec -ti hyperclair_dev bash + +# Run Any command ex: +go run main.go help +# Or +go run main.go pull registry:5000/wemanity-belgium/ubuntu-git +``` diff --git a/cmd/clairctl/contrib/auth_server/config/auth_config.yml b/cmd/clairctl/contrib/auth_server/config/auth_config.yml new file mode 100644 index 00000000..f205f685 --- /dev/null +++ b/cmd/clairctl/contrib/auth_server/config/auth_config.yml @@ -0,0 +1,29 @@ +server: + addr: :5001 + certificate: /ssl/server.pem + key: /ssl/server.key +token: + issuer: auth_service + expiration: 900 +users: + "": {} + jgsqware: + password: $2y$05$oGKwJ8QJDLBOoTBmC/EQiefIMV1N9Yt9jpX3SqMoRqZRRql6q7yym +acl: +- match: + account: jgsqware + actions: ['*'] +- match: + account: /.+/ + name: ${account}/* + actions: ['*'] +- match: + type: registry + name: catalog + actions: ['*'] + comment: Anonymous users can get catalog. +- match: + account: "" + name: /.*/ + actions: [pull] + comment: Anonymous users can pull everything. diff --git a/cmd/clairctl/contrib/auth_server/ssl/old/server.key b/cmd/clairctl/contrib/auth_server/ssl/old/server.key new file mode 100644 index 00000000..937d2b07 --- /dev/null +++ b/cmd/clairctl/contrib/auth_server/ssl/old/server.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQClbJbUWDCY31g5 +hyFlhCpgXOntcqR72vVRew6vw9ooN7LKjC/ev1AbBD3JYca1R9vd/7D6wI5rYNR0 +ZtCMxaQLEgvDf166VdrZewkq8UmbVSFwqtBvcZCG7mTapzgap6jD5H/fFoFoSkFa +V3dGWlEaS5emtk7fLjXTKO0OpByuO2mmRqAoTsnN4O3tYfrW7ReBHueibVIpjZo9 +0qyFK3sZ2ewKG98m8OGh1jzOhxM8PZDKs9KjkZ/SJiGwxIQ/Ny+rXci7q3cshQna +n7ac2Wf0nG21j7eNk0lSKOkT3unb2+1B2+59mEtLauoYs1VcEmM55RnVdawvCmIy +LRowuLlDAgMBAAECggEAP3ELz1gbGyXcwgNPDY3Iarh3hncHGfD5UExvb30fN3lU ++lUVLsoUQKg5wffbqz5p1hPvndsnQ4sZL6MWrEZICW7cUBeTDsdKbUnAVFXBMu9N +KdZ4paTaFsVqrGihHafbE3WYjMgmzQZdVfZhafvNStZezLLyQKmKPvddItZRoYfN +sc+iFpT94hPp9Hjs9ClLQv/w9Xt8lVgD1FUh6yAlLUAn77HzbZuyC2nF4gbD2LiS +4G+xHcH77FyAU5W6BRv1DqNsuu0ksX/93GiYx0EebzT/IXa7xc0mYE0758EXk72y +yoznglkPkSOyyhcuI75FKMyYdQGKpyvw+y4aEv5JwQKBgQDTAaQ827Tpn/aMhP7L +jngFgTdfeq/7Q3eZjGgtr5RFnen6YS6WzWigvh5/70ASDziFd4fyd0P41/MjPkO6 +FTFWisRCpW14+mSTUSDmgTQfsONy1Xr2ib4v4CX2NEy+nUsvpdl72dwZAG/fSu3K +MfkVksd5Z56WJ4wxKrB4riHukQKBgQDIsren8ljtxrLepMHvaNLx5Gl1EtrgX3gy +zTuUM2CSQktwBYNsp68AloOi6/tuH8t1xcBc8ywgCZ2WXzYdRL/koXsd2IpOTsLd +m/zGILgRPVow70yoxKxqxW8YYuQ1gLeAOshj8IHGGfnXTvvpNQNvrnja0NzavjFU +tR3aZQb8kwKBgQCOqNx2vQCKt7kEdmKiE1e4OQ3MAvH6SjoRWWmSAdSYYNSxkITk +NkpX61JJouNJknrfWdpTJymQk8hx+oXlyLBL15Qrjxb9pSTcqQw6a/5msryEhisV +hjlMuxpPZDrC4SvVMidhYgE58h6w9ELi4niKimtM/K6uzFwvXbJkVS7h0QKBgErT +Zum0zzcHZ9TedHfACzWoRTEi8HvK3FOEdPwSE6U0FlATniY6dmKvuzBY7wrly8OD +EO8WspLXQuu3X8OVyD2DfxVnkFkVwE1DRQDRXg7/YsrvzRL3EJlWNs9Ov2q7LK8g +O2oXVyr2sFF33y/ZVgijceeTC2R6mIXOaOzt0acFAoGASB7aF8PTT7YzFCGK/x2O +kg4GLJJSlDyhAZzQqe5LBZB+RhkoHZjdQHcMW84iHp8CsFqb3/D8X+5FsDkwBSMP +bN1fCFE03BsqubtKhI9kMz5hP1OhxlMZdMxRscbdRZqo57f3imtXg6laOktYyPOy +uOzr/Cxm5YUQqyAJ/S4zVuc= +-----END PRIVATE KEY----- diff --git a/cmd/clairctl/contrib/auth_server/ssl/old/server.pem b/cmd/clairctl/contrib/auth_server/ssl/old/server.pem new file mode 100644 index 00000000..73fd3cae --- /dev/null +++ b/cmd/clairctl/contrib/auth_server/ssl/old/server.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDXTCCAkWgAwIBAgIJAOMN706JOuJOMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQwHhcNMTYwMTI4MTcwNjE4WhcNMTcwMTI3MTcwNjE4WjBF +MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50 +ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEApWyW1FgwmN9YOYchZYQqYFzp7XKke9r1UXsOr8PaKDeyyowv3r9QGwQ9 +yWHGtUfb3f+w+sCOa2DUdGbQjMWkCxILw39eulXa2XsJKvFJm1UhcKrQb3GQhu5k +2qc4Gqeow+R/3xaBaEpBWld3RlpRGkuXprZO3y410yjtDqQcrjtppkagKE7JzeDt +7WH61u0XgR7nom1SKY2aPdKshSt7GdnsChvfJvDhodY8zocTPD2QyrPSo5Gf0iYh +sMSEPzcvq13Iu6t3LIUJ2p+2nNln9JxttY+3jZNJUijpE97p29vtQdvufZhLS2rq +GLNVXBJjOeUZ1XWsLwpiMi0aMLi5QwIDAQABo1AwTjAdBgNVHQ4EFgQUWCDpNrvl +IPntyV7Y4uyoAq+aPiQwHwYDVR0jBBgwFoAUWCDpNrvlIPntyV7Y4uyoAq+aPiQw +DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAROOTzaxkx9YdvnAEj8Pt +Ej1FgiN1ogxrL4RMwyXs5cAdHi0G71En9onB/8CaWXVrrJbu6DosNn2RQmNapxPG +CkT7QfuYVyZF5jtigsxc+W7aLzASLZHHRA0FcgxUAlEUVaxD3xs6U2jMMntp53ij +kOWmalMi5qOBps8PCD9sd9MDejLFihPAIz15l3TgVkbRvtcUlfmMio5AJYzjbm4/ +0c8brR9tOp3qapeT78AhOmsF7zOVygd/BRIBG+Ynzo2DudBUs/j/4VOt9D9XO4I7 +e3UaqN2OMcL5RYZ5cHemAAy9jjq9/NAYUyLLP0DiCe6OY7SKsDlGfkYVLpZMbUth +9w== +-----END CERTIFICATE----- diff --git a/cmd/clairctl/contrib/auth_server/ssl/server.key b/cmd/clairctl/contrib/auth_server/ssl/server.key new file mode 100644 index 00000000..45340de1 --- /dev/null +++ b/cmd/clairctl/contrib/auth_server/ssl/server.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDP8wLYKQgqxNRw +Liy4ZuYGHvDfK/NT0CIlvMJuobPt6NIGi6NRISLyR7eZvo6oHTN3i0ElpblzL0Hq +JmF87d7o7tqVxO2Fq+faslXrKTgMpDiPj+WxUR3igTy2+DZ4ZP00Y4jwaPYtvwSi +sOP2YeM6r+3sSETj5XonIr+/U3mQYkU9GgFQIbPmJnyPb+WaS0fBZ686zeIKvY3Y ++enSCKOjss1QFyTb0TmmwQUcTBCiEXV10FSgzV383ghj+Fq9+nKo3cwooHNYwU+a +/6gpI1GGWR074J7PGeBId4DNItcpR1x58BGmgaVHabsEW+9RdMNnh17QFk3Wt2eT +S5Knl4UTAgMBAAECggEAcmSoZ+kKiRyGEMAV8csJNszGjL5MuQqB/mh8PQfPR00Q +XHFsgjDMXKN/KKBfMbP+oACG8gLcpbSVeg1rC6J/QXxD2qfeUe5jOTdpdFfUcX/V +bYQnQwfwfK3DjJO2wzwq3irzJe1Xn4q5LhZJETyAF8S4CYcn/oY6UFUZTlLJSNcH +chQOFWvjk13DBjGAmZmjwWKxHoZsKs0ioHtShgONpPM8TZU6SmtJxdFD2pBNp+ba +Lj5IQUYWrfCudBlzqvpXmqBlZe1J1MG+FafvAKx2CFbYkVObjRa/5DtQs99qac8y +rhn8uloK9gljiszwwUVq/ImrUICP+20rHW+kLfHeYQKBgQD9U2XqXz0d2asD72wS ++6yhxY4KZ3TD6W3GgfADC/kTfY+pME7KAXr//7paJJP/GtOxsLGRDHV347c3o3js +OGlFWuUSsuJxGq4SwKuo9eRVbOMEXiVlgCuUL5HAk2co1MbKVhSJ5RGbrp6785JO +JJcuNUTlaUsgQExEsIFJmZpbdQKBgQDSJPwl3uZIg0GC4QbQTAG1ueiQ9oPJ9kyz +cjT31ar9L6VrLwY/MMHYKgBD5JLxkq8qL1h9ii/LJKjX7rX3yttu/qtTMO4Y82CP +XnmR5kbODUUfiirQjTQFS3YP390nAewLwRgYPcvpyNIWA6Im6UdFJECLOTUBeiYg +VumEhSe1ZwKBgAEj6faHHThQLYPkBQGE3n8P65bCZnUnTNYy6Yip+iILU6U4UXJ5 +VTtnxEf5mCzyyvcmy3XSr4itnrqCYt31Vwv338YYxgoqS5RMB7nH+ZIk3lS7s8Fk +NU4CdM6AG1vEsWxhvM/uFwkzXQWNkCAH7CJKHRhHRA5OG8nHXZ2eMmKtAoGBAJ0J +1IA8fVys8bTrkprwYcq6/ifugHfZnmHvM9QNEXWZOIXLo2BvgDyYzo/t7T2nv0zI +Ctnt/V9SqvaKxeNB7g+ZMtC9XQC6R2t8T18PddQfqIs0RmCJVNmsFbMxOOQglJQI +HYhoDc1MLGsVFgT8CS2LNMyV2J2c+YbrTCCjHRR7AoGAICzoSClfvjmRg+4TP9/d +rixJF1UX77TnEhcHaFNBDnmSEX0K4rUr1o6GVZCwI+urL7ZmziDdmTDdbXWjqviJ +73COPw798Ox50VoVWssMGZQkXfbkk2yilLbok08ohlvVhzpiyecgbxAe4C6KRWWg +WEALyN3lILlyj1cYknRJ7gk= +-----END PRIVATE KEY----- diff --git a/cmd/clairctl/contrib/auth_server/ssl/server.pem b/cmd/clairctl/contrib/auth_server/ssl/server.pem new file mode 100644 index 00000000..07464fd0 --- /dev/null +++ b/cmd/clairctl/contrib/auth_server/ssl/server.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDezCCAmOgAwIBAgIJAJXlshcLjIlpMA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxDTALBgNVBAMMBGF1dGgwHhcNMTYwMTI5MDcyMTE3WhcN +MTcwMTI4MDcyMTE3WjBUMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0 +ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ0wCwYDVQQDDARh +dXRoMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/MC2CkIKsTUcC4s +uGbmBh7w3yvzU9AiJbzCbqGz7ejSBoujUSEi8ke3mb6OqB0zd4tBJaW5cy9B6iZh +fO3e6O7alcTthavn2rJV6yk4DKQ4j4/lsVEd4oE8tvg2eGT9NGOI8Gj2Lb8EorDj +9mHjOq/t7EhE4+V6JyK/v1N5kGJFPRoBUCGz5iZ8j2/lmktHwWevOs3iCr2N2Pnp +0gijo7LNUBck29E5psEFHEwQohF1ddBUoM1d/N4IY/havfpyqN3MKKBzWMFPmv+o +KSNRhlkdO+CezxngSHeAzSLXKUdcefARpoGlR2m7BFvvUXTDZ4de0BZN1rdnk0uS +p5eFEwIDAQABo1AwTjAdBgNVHQ4EFgQUcCD00y15Rdvwe8VnwoZee+J+6ucwHwYD +VR0jBBgwFoAUcCD00y15Rdvwe8VnwoZee+J+6ucwDAYDVR0TBAUwAwEB/zANBgkq +hkiG9w0BAQsFAAOCAQEAvmlCA49FGGOZS5CWl/NzH3es3N1Gr8MihdAK0vYLxbOM +8qA2PirEjJ6sWSeB0ZthVpk/dcod68r4dpFh7hpypvaEerFbpr+eWa9nf/KVJ/ft +ClLw+iWZpjEjmtSbSg/XIfraWfvwQp9XNMcmIeHvovHd4HyyU1Ulx6aE31wnZ6SJ +UKhTPgft0DRsmvFMc683jjeUg/Ik/XknnCiSyfVvwv7UEUs7sH85mE0p4giJxhEv +7MdGlQkob+58BpzsErjoj+RpZSljna98NpwBZUfbxkYE2KzU0oqPC0zQ8KawPtw1 +OB9O45KN2mJ9dPIAbezQHolrTQ7V+49/nhTghS/T3Q== +-----END CERTIFICATE----- diff --git a/cmd/clairctl/contrib/config/clair.yml b/cmd/clairctl/contrib/config/clair.yml new file mode 100644 index 00000000..bbbcc508 --- /dev/null +++ b/cmd/clairctl/contrib/config/clair.yml @@ -0,0 +1,73 @@ +# Copyright 2015 clair authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# The values specified here are the default values that Clair uses if no configuration file is specified or if the keys are not defined. +--- +database: + # PostgreSQL Connection string + # http://www.postgresql.org/docs/9.4/static/libpq-connect.html + source: postgresql://postgres:5432?sslmode=disable&user=postgres&password=root + + # Number of elements kept in the cache + # Values unlikely to change (e.g. namespaces) are cached in order to save prevent needless roundtrips to the database. + cacheSize: 16384 + +api: + # API server port + port: 6060 + + # Health server port + # This is an unencrypted endpoint useful for load balancers to check to healthiness of the clair server. + healthport: 6061 + + # Deadline before an API request will respond with a 503 + timeout: 900s + + # 32-bit URL-safe base64 key used to encrypt pagination tokens + # If one is not provided, it will be generated. + # Multiple clair instances in the same cluster need the same value. + paginationKey: + + # Optional PKI configuration + # If you want to easily generate client certificates and CAs, try the following projects: + # https://github.com/coreos/etcd-ca + # https://github.com/cloudflare/cfssl + cafile: + keyfile: + certfile: + +updater: + # Frequency the database will be updated with vulnerabilities from the default data sources + # The value 0 disables the updater entirely. + interval: 2h + +notifier: + # Number of attempts before the notification is marked as failed to be sent + attempts: 3 + + # Duration before a failed notification is retried + renotifyInterval: 2h + + http: + # Optional endpoint that will receive notifications via POST requests + endpoint: + + # Optional PKI configuration + # If you want to easily generate client certificates and CAs, try the following projects: + # https://github.com/coreos/etcd-ca + # https://github.com/cloudflare/cfssl + servername: + cafile: + keyfile: + certfile: diff --git a/cmd/clairctl/contrib/docker-compose.yml b/cmd/clairctl/contrib/docker-compose.yml new file mode 100644 index 00000000..250e807e --- /dev/null +++ b/cmd/clairctl/contrib/docker-compose.yml @@ -0,0 +1,89 @@ +version: '2' + +services: + auth: + image: cesanta/docker_auth:stable + ports: + - "5001:5001" + volumes: + - ./auth_server/config:/config:ro + - ./auth_server/ssl:/ssl + command: --v=2 --alsologtostderr /config/auth_config.yml + container_name: "auth" + + registry: + image: registry:2.2.1 + ports: + - 5000:5000 + volumes: + - ./auth_server/ssl:/ssl + - registry-data:/var/lib/registry + container_name: "registry" + environment: + - REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry + - REGISTRY_AUTH=token + - REGISTRY_AUTH_TOKEN_REALM=https://auth:5001/auth + - REGISTRY_AUTH_TOKEN_SERVICE="registry" + - REGISTRY_AUTH_TOKEN_ISSUER="auth_service" + - REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/ssl/server.pem + + # Uncomment to deploy an insecure registry + # registry_insecure: + # image: registry:2.2.1 + # ports: + # - 5002:5000 + # container_name: "registry_insecure" + + + clair: + image: quay.io/coreos/clair:v1.0.0-rc1 + volumes: + - /tmp:/tmp + - ./config:/config + - clair-data:/var/local + ports: + - 6060:6060 + - 6061:6061 + container_name: "clair" + command: --log-level=debug --config=/config/clair.yml + + postgres: + image: postgres + container_name: "postgres" + environment: + - POSTGRES_PASSWORD=root + + hyperclair: + build: . + volumes: + - $GOPATH:/go + - hyperclair-data:/data + ports: + - 9999:9999 + tty: true + container_name: "hyperclair" + entrypoint: ["go","run","main.go","--log-level","debug","serve"] + + ui: + image: jgsqware/registry-ui + ports: + - 5080:8080 + environment: + - REGISTRYUI_HUB_URI=registry:5000 + - REGISTRYUI_ACCOUNT_MGMT_ENABLED=true + - REGISTRYUI_ACCOUNT_MGMT_CONFIG=./config/auth_config.yml + - REGISTRYUI_HYPERCLAIR_REPORT_ENABLED=true + # hyperclair_dev: + # build: . + # volumes: + # - $GOPATH:/go + # tty: true + # container_name: "hyperclair_dev" + +volumes: + clair-data: + driver: local + hyperclair-data: + driver: local + registry-data: + driver: local diff --git a/cmd/clairctl/database/database.go b/cmd/clairctl/database/database.go new file mode 100644 index 00000000..7b6e0b0e --- /dev/null +++ b/cmd/clairctl/database/database.go @@ -0,0 +1,28 @@ +package database + +import ( + "fmt" + + "github.com/Sirupsen/logrus" +) + +var registryMapping map[string]string + +//InsertRegistryMapping insert the pair layerID,RegistryURI +func InsertRegistryMapping(layerDigest string, registryURI string) { + logrus.Debugf("Saving %s[%s]", layerDigest, registryURI) + registryMapping[layerDigest] = registryURI +} + +//GetRegistryMapping return the registryURI corresponding to the layerID passed as parameter +func GetRegistryMapping(layerDigest string) (string, error) { + registryURI, present := registryMapping[layerDigest] + if !present { + return "", fmt.Errorf("%v mapping not found", layerDigest) + } + return registryURI, nil +} + +func init() { + registryMapping = map[string]string{} +} diff --git a/cmd/clairctl/database/database_test.go b/cmd/clairctl/database/database_test.go new file mode 100644 index 00000000..2ab29888 --- /dev/null +++ b/cmd/clairctl/database/database_test.go @@ -0,0 +1,28 @@ +package database + +import "testing" + +func TestInsertRegistryMapping(t *testing.T) { + layerID := "sha256:13be4a52fdee2f6c44948b99b5b65ec703b1ca76c1ab5d2d90ae9bf18347082e" + registryURI := "registry:5000" + InsertRegistryMapping(layerID, registryURI) + + if r := registryMapping[layerID]; r != registryURI { + t.Errorf("InsertRegistryMapping(%q,%q) => %q, want %q", layerID, registryURI, r, registryURI) + } +} + +func TestGetRegistryMapping(t *testing.T) { + layerID := "sha256:13be4a52fdee2f6c44948b99b5b65ec703b1ca76c1ab5d2d90ae9bf18347082e" + registryURI := "registry:5000" + InsertRegistryMapping(layerID, registryURI) + + if r, err := GetRegistryMapping(layerID); r != registryURI { + + if err != nil { + t.Errorf("InsertRegistryMapping(%q,%q) failed => %v", layerID, registryURI, err) + } else { + t.Errorf("InsertRegistryMapping(%q,%q) => %q, want %q", layerID, registryURI, r, registryURI) + } + } +} diff --git a/cmd/clairctl/docker/analyse.go b/cmd/clairctl/docker/analyse.go new file mode 100644 index 00000000..b75dc8f1 --- /dev/null +++ b/cmd/clairctl/docker/analyse.go @@ -0,0 +1,32 @@ +package docker + +import ( + "github.com/Sirupsen/logrus" + "github.com/coreos/clair/api/v1" + "github.com/coreos/clair/cmd/clairctl/clair" + "github.com/coreos/clair/cmd/clairctl/xstrings" +) + +//Analyse return Clair Image analysis +func Analyse(image Image) clair.ImageAnalysis { + c := len(image.FsLayers) + res := []v1.LayerEnvelope{} + + for i := range image.FsLayers { + l := image.FsLayers[c-i-1].BlobSum + lShort := xstrings.Substr(l, 0, 12) + + if a, err := clair.Analyse(l); err != nil { + logrus.Infof("analysing layer [%v] %d/%d: %v", lShort, i+1, c, err) + } else { + logrus.Infof("analysing layer [%v] %d/%d", lShort, i+1, c) + res = append(res, a) + } + } + return clair.ImageAnalysis{ + Registry: xstrings.TrimPrefixSuffix(image.Registry, "http://", "/v2"), + ImageName: image.Name, + Tag: image.Tag, + Layers: res, + } +} diff --git a/cmd/clairctl/docker/auth.go b/cmd/clairctl/docker/auth.go new file mode 100644 index 00000000..32e19dcd --- /dev/null +++ b/cmd/clairctl/docker/auth.go @@ -0,0 +1,89 @@ +package docker + +import ( + "encoding/json" + "fmt" + "io/ioutil" + "net/http" + "strings" + + "github.com/coreos/clair/cmd/clairctl/docker/httpclient" + "github.com/coreos/clair/cmd/clairctl/xerrors" +) + +type Authentication struct { + Username, Password string +} + +var User Authentication + +type token struct { + Value string `json:"token"` +} + +func (tok token) String() string { + return tok.Value +} + +//BearerAuthParams parse Bearer Token on Www-Authenticate header +func BearerAuthParams(r *http.Response) map[string]string { + s := strings.Fields(r.Header.Get("Www-Authenticate")) + if len(s) != 2 || s[0] != "Bearer" { + return nil + } + result := map[string]string{} + + for _, kv := range strings.Split(s[1], ",") { + parts := strings.Split(kv, "=") + if len(parts) != 2 { + continue + } + result[strings.Trim(parts[0], "\" ")] = strings.Trim(parts[1], "\" ") + } + return result +} + +func AuthenticateResponse(dockerResponse *http.Response, request *http.Request) error { + bearerToken := BearerAuthParams(dockerResponse) + url := bearerToken["realm"] + "?service=" + bearerToken["service"] + if bearerToken["scope"] != "" { + url += "&scope=" + bearerToken["scope"] + } + req, err := http.NewRequest("GET", url, nil) + + if err != nil { + return err + } + req.SetBasicAuth(User.Username, User.Password) + + response, err := httpclient.Get().Do(req) + + if err != nil { + return err + } + + if response.StatusCode == http.StatusUnauthorized { + return xerrors.Unauthorized + } + + if response.StatusCode != http.StatusOK { + return fmt.Errorf("authentication server response: %v - %v", response.StatusCode, response.Status) + } + + defer response.Body.Close() + body, err := ioutil.ReadAll(response.Body) + + if err != nil { + return err + } + + var tok token + err = json.Unmarshal(body, &tok) + + if err != nil { + return err + } + request.Header.Set("Authorization", "Bearer "+tok.String()) + + return nil +} diff --git a/cmd/clairctl/docker/httpclient/httpclient.go b/cmd/clairctl/docker/httpclient/httpclient.go new file mode 100644 index 00000000..2d9f9906 --- /dev/null +++ b/cmd/clairctl/docker/httpclient/httpclient.go @@ -0,0 +1,24 @@ +package httpclient + +import ( + "crypto/tls" + "net/http" + + "github.com/spf13/viper" +) + +var client *http.Client + +//Get create a http.Client with Transport configuration +func Get() *http.Client { + + if client == nil { + tr := &http.Transport{ + TLSClientConfig: &tls.Config{InsecureSkipVerify: viper.GetBool("auth.insecureSkipVerify")}, + DisableCompression: true, + } + client = &http.Client{Transport: tr} + } + + return client +} diff --git a/cmd/clairctl/docker/image.go b/cmd/clairctl/docker/image.go new file mode 100644 index 00000000..3e16e5d4 --- /dev/null +++ b/cmd/clairctl/docker/image.go @@ -0,0 +1,108 @@ +package docker + +import ( + "encoding/json" + "fmt" + "regexp" + "strings" + + "github.com/spf13/viper" + "github.com/coreos/clair/cmd/clairctl/xerrors" +) + +//Image represent Image Manifest from Docker image, including the registry URL +type Image struct { + Name string + Tag string + Registry string + FsLayers []Layer +} + +//Layer represent the digest of a image layer +type Layer struct { + BlobSum string + History string +} + +const dockerImageRegex = "^(?:([^/]+)/)?(?:([^/]+)/)?([^@:/]+)(?:[@:](.+))?" +const DockerHub = "registry-1.docker.io" +const hubURI = "https://" + DockerHub + "/v2" + +var IsLocal = false + +func TmpLocal() string { + return viper.GetString("hyperclair.tempFolder") +} + +// Parse is used to parse a docker image command +// +//Example: +//"register.com:5080/wemanity-belgium/alpine" +//"register.com:5080/wemanity-belgium/alpine:latest" +//"register.com:5080/alpine" +//"register.com/wemanity-belgium/alpine" +//"register.com/alpine" +//"register.com/wemanity-belgium/alpine:latest" +//"alpine" +//"wemanity-belgium/alpine" +//"wemanity-belgium/alpine:latest" +func Parse(image string) (Image, error) { + imageRegex := regexp.MustCompile(dockerImageRegex) + + if imageRegex.MatchString(image) == false { + return Image{}, fmt.Errorf("cannot parse image name: %v", image) + } + groups := imageRegex.FindStringSubmatch(image) + + registry, repository, name, tag := groups[1], groups[2], groups[3], groups[4] + + if tag == "" { + tag = "latest" + } + + if repository == "" && !strings.ContainsAny(registry, ":.") { + repository, registry = registry, hubURI //Regex problem, if no registry in url, regex parse repository as registry, so need to invert it + + } else { + //FIXME We need to move to https. + //Maybe using a `insecure-registry` flag in configuration + if strings.Contains(registry, "docker") { + registry = "https://" + registry + "/v2" + + } else { + registry = "http://" + registry + "/v2" + } + } + + if repository != "" { + name = repository + "/" + name + } + + if strings.Contains(registry, "docker.io") && repository == "" { + return Image{}, xerrors.ErrDisallowed + } + + return Image{ + Registry: registry, + Name: name, + Tag: tag, + }, nil +} + +// BlobsURI run Blobs URI as //blobs/ +// eg: "http://registry:5000/v2/jgsqware/ubuntu-git/blobs/sha256:13be4a52fdee2f6c44948b99b5b65ec703b1ca76c1ab5d2d90ae9bf18347082e" +func (image Image) BlobsURI(digest string) string { + return strings.Join([]string{image.Registry, image.Name, "blobs", digest}, "/") +} + +func (image Image) String() string { + return image.Registry + "/" + image.Name + ":" + image.Tag +} + +func (image Image) AsJSON() (string, error) { + b, err := json.Marshal(image) + if err != nil { + return "", fmt.Errorf("cannot marshal image: %v", err) + } + return string(b), nil +} diff --git a/cmd/clairctl/docker/image_test.go b/cmd/clairctl/docker/image_test.go new file mode 100644 index 00000000..371b6104 --- /dev/null +++ b/cmd/clairctl/docker/image_test.go @@ -0,0 +1,78 @@ +package docker + +import ( + "testing" + + "github.com/coreos/clair/cmd/clairctl/xerrors" +) + +var imageNameTests = []struct { + in string + out string +}{ + {"jgsqware/ubuntu-git", hubURI + "/jgsqware/ubuntu-git:latest"}, + {"wemanity-belgium/registry-backup", hubURI + "/wemanity-belgium/registry-backup:latest"}, + {"wemanity-belgium/alpine:latest", hubURI + "/wemanity-belgium/alpine:latest"}, + {"register.com/alpine", "http://register.com/v2/alpine:latest"}, + {"register.com/wemanity-belgium/alpine", "http://register.com/v2/wemanity-belgium/alpine:latest"}, + {"register.com/wemanity-belgium/alpine:latest", "http://register.com/v2/wemanity-belgium/alpine:latest"}, + {"register.com:5080/alpine", "http://register.com:5080/v2/alpine:latest"}, + {"register.com:5080/wemanity-belgium/alpine", "http://register.com:5080/v2/wemanity-belgium/alpine:latest"}, + {"register.com:5080/wemanity-belgium/alpine:latest", "http://register.com:5080/v2/wemanity-belgium/alpine:latest"}, + {"registry:5000/google/cadvisor", "http://registry:5000/v2/google/cadvisor:latest"}, +} + +var invalidImageNameTests = []struct { + in string + out string +}{ + {"alpine", hubURI + "/alpine:latest"}, + {"docker.io/golang", hubURI + "/golang:latest"}, +} + +func TestParse(t *testing.T) { + for _, imageName := range imageNameTests { + image, err := Parse(imageName.in) + if err != nil { + t.Errorf("Parse(\"%s\") should be valid: %v", imageName.in, err) + } + if image.String() != imageName.out { + t.Errorf("Parse(\"%s\") => %v, want %v", imageName.in, image, imageName.out) + + } + } +} + +func TestParseDisallowed(t *testing.T) { + for _, imageName := range invalidImageNameTests { + _, err := Parse(imageName.in) + if err != xerrors.ErrDisallowed { + t.Errorf("Parse(\"%s\") should failed with err \"%v\": %v", imageName.in, xerrors.ErrDisallowed, err) + } + } +} + +func TestMBlobstURI(t *testing.T) { + image, err := Parse("localhost:5000/alpine") + + if err != nil { + t.Error(err) + } + + result := image.BlobsURI("sha256:13be4a52fdee2f6c44948b99b5b65ec703b1ca76c1ab5d2d90ae9bf18347082e") + if result != "http://localhost:5000/v2/alpine/blobs/sha256:13be4a52fdee2f6c44948b99b5b65ec703b1ca76c1ab5d2d90ae9bf18347082e" { + t.Errorf("Is %s, should be http://localhost:5000/v2/alpine/blobs/sha256:13be4a52fdee2f6c44948b99b5b65ec703b1ca76c1ab5d2d90ae9bf18347082e", result) + } +} + +func TestUniqueLayer(t *testing.T) { + image := Image{ + FsLayers: []Layer{Layer{BlobSum: "test1"}, Layer{BlobSum: "test1"}, Layer{BlobSum: "test2"}}, + } + + image.uniqueLayers() + + if len(image.FsLayers) > 2 { + t.Errorf("Layers must be unique: %v", image.FsLayers) + } +} diff --git a/cmd/clairctl/docker/local.go b/cmd/clairctl/docker/local.go new file mode 100644 index 00000000..391eeff6 --- /dev/null +++ b/cmd/clairctl/docker/local.go @@ -0,0 +1,171 @@ +package docker + +import ( + "bufio" + "bytes" + "encoding/json" + "errors" + "fmt" + "os" + "os/exec" + "strings" + + "github.com/Sirupsen/logrus" +) + +//Prepare populate image.FSLayers with the layer from manifest coming from `docker save` command. Layer.History will be populated with `docker history` command +func Prepare(im *Image) error { + imageName := im.Name + ":" + im.Tag + logrus.Debugf("preparing %v", imageName) + + path, err := save(imageName) + // defer os.RemoveAll(path) + if err != nil { + return fmt.Errorf("could not save image: %s", err) + } + + // Retrieve history. + logrus.Infoln("Getting image's history") + manifestLayerIDs, err := historyFromManifest(path) + + historyLayerIDs, err := historyFromCommand(imageName) + + if err != nil || (len(manifestLayerIDs) == 0 && len(historyLayerIDs) == 0) { + return fmt.Errorf("Could not get image's history: %s", err) + } + + for i, l := range manifestLayerIDs { + im.FsLayers = append(im.FsLayers, Layer{BlobSum: l, History: historyLayerIDs[i]}) + } + + return nil +} + +//FromHistory populate image.FSLayers with the layer from `docker history` command +func FromHistory(im *Image) error { + imageName := im.Name + ":" + im.Tag + layerIDs, err := historyFromCommand(imageName) + + if err != nil || len(layerIDs) == 0 { + return fmt.Errorf("Could not get image's history: %s", err) + } + + for _, l := range layerIDs { + im.FsLayers = append(im.FsLayers, Layer{BlobSum: l}) + } + + return nil +} + +func cleanLocal() error { + logrus.Debugln("cleaning temporary local repository") + err := os.RemoveAll(TmpLocal()) + + if err != nil { + return fmt.Errorf("cleaning temporary local repository: %v", err) + } + + return nil +} + +func save(imageName string) (string, error) { + path := TmpLocal() + "/" + strings.Split(imageName, ":")[0] + "/blobs" + + if _, err := os.Stat(path); os.IsExist(err) { + err := os.RemoveAll(path) + if err != nil { + return "", err + } + } + + err := os.MkdirAll(path, 0755) + if err != nil { + return "", err + } + + var stderr bytes.Buffer + logrus.Debugln("docker image to save: ", imageName) + logrus.Debugln("saving in: ", path) + save := exec.Command("docker", "save", imageName) + save.Stderr = &stderr + extract := exec.Command("tar", "xf", "-", "-C"+path) + extract.Stderr = &stderr + pipe, err := extract.StdinPipe() + if err != nil { + return "", err + } + save.Stdout = pipe + + err = extract.Start() + if err != nil { + return "", errors.New(stderr.String()) + } + err = save.Run() + if err != nil { + return "", errors.New(stderr.String()) + } + err = pipe.Close() + if err != nil { + return "", err + } + err = extract.Wait() + if err != nil { + return "", errors.New(stderr.String()) + } + return path, nil +} + +func historyFromManifest(path string) ([]string, error) { + mf, err := os.Open(path + "/manifest.json") + if err != nil { + return nil, err + } + defer mf.Close() + + // https://github.com/docker/docker/blob/master/image/tarexport/tarexport.go#L17 + type manifestItem struct { + Config string + RepoTags []string + Layers []string + } + + var manifest []manifestItem + if err = json.NewDecoder(mf).Decode(&manifest); err != nil { + return nil, err + } else if len(manifest) != 1 { + return nil, err + } + var layers []string + for _, layer := range manifest[0].Layers { + layers = append(layers, strings.TrimSuffix(layer, "/layer.tar")) + } + return layers, nil +} + +func historyFromCommand(imageName string) ([]string, error) { + var stderr bytes.Buffer + cmd := exec.Command("docker", "history", "-q", "--no-trunc", imageName) + cmd.Stderr = &stderr + stdout, err := cmd.StdoutPipe() + if err != nil { + return []string{}, err + } + + err = cmd.Start() + if err != nil { + return []string{}, errors.New(stderr.String()) + } + + var layers []string + scanner := bufio.NewScanner(stdout) + for scanner.Scan() { + layers = append(layers, scanner.Text()) + } + + for i := len(layers)/2 - 1; i >= 0; i-- { + opp := len(layers) - 1 - i + layers[i], layers[opp] = layers[opp], layers[i] + } + + return layers, nil +} diff --git a/cmd/clairctl/docker/login.go b/cmd/clairctl/docker/login.go new file mode 100644 index 00000000..52e1b7c2 --- /dev/null +++ b/cmd/clairctl/docker/login.go @@ -0,0 +1,47 @@ +package docker + +import ( + "fmt" + "net/http" + "strings" + + "github.com/Sirupsen/logrus" + "github.com/coreos/clair/cmd/clairctl/docker/httpclient" + "github.com/coreos/clair/cmd/clairctl/xerrors" +) + +//Pull Image from Registry or Hub depending on image name +func Login(registry string) (bool, error) { + + logrus.Info("log in: ", registry) + + if strings.Contains(registry, "docker") { + registry = "https://" + registry + "/v2" + + } else { + registry = "http://" + registry + "/v2" + } + + client := httpclient.Get() + request, err := http.NewRequest("GET", registry, nil) + response, err := client.Do(request) + if err != nil { + return false, fmt.Errorf("log in %v: %v", registry, err) + } + authorized := response.StatusCode != http.StatusUnauthorized + if !authorized { + logrus.Info("Unauthorized access") + err := AuthenticateResponse(response, request) + + if err != nil { + if err == xerrors.Unauthorized { + authorized = false + } + return false, err + } else { + authorized = true + } + } + + return authorized, nil +} diff --git a/cmd/clairctl/docker/pull.go b/cmd/clairctl/docker/pull.go new file mode 100644 index 00000000..fabdfeb6 --- /dev/null +++ b/cmd/clairctl/docker/pull.go @@ -0,0 +1,88 @@ +package docker + +import ( + "encoding/json" + "fmt" + "io/ioutil" + "net/http" + + "github.com/Sirupsen/logrus" + "github.com/coreos/clair/cmd/clairctl/docker/httpclient" + "github.com/coreos/clair/cmd/clairctl/xerrors" +) + +//Pull Image from Registry or Hub depending on image name +func Pull(imageName string) (Image, error) { + image, err := Parse(imageName) + if err != nil { + return Image{}, err + } + + logrus.Info("pulling image: ", image) + + mURI := fmt.Sprintf("%v/%v/manifests/%v", image.Registry, image.Name, image.Tag) + client := httpclient.Get() + request, err := http.NewRequest("GET", mURI, nil) + response, err := client.Do(request) + if err != nil { + return Image{}, fmt.Errorf("retrieving manifest: %v", err) + } + + if response.StatusCode == http.StatusUnauthorized { + logrus.Info("Pull is Unauthorized") + err := AuthenticateResponse(response, request) + + if err != nil { + return Image{}, fmt.Errorf("authenticating: %v", err) + } + response, err = client.Do(request) + if err != nil { + return Image{}, fmt.Errorf("retrieving manifest: %v", err) + } + } + + body, err := ioutil.ReadAll(response.Body) + if err != nil { + return Image{}, fmt.Errorf("reading manifest body: %v", err) + } + if response.StatusCode != 200 { + switch response.StatusCode { + case http.StatusUnauthorized: + return Image{}, xerrors.Unauthorized + case http.StatusNotFound: + return Image{}, xerrors.NotFound + default: + return Image{}, fmt.Errorf("%d - %s", response.StatusCode, string(body)) + } + } + if err := image.parseManifest(body); err != nil { + return Image{}, fmt.Errorf("parsing manifest: %v", err) + } + + return image, nil +} + +func (image *Image) parseManifest(body []byte) error { + + err := json.Unmarshal(body, &image) + + if err != nil { + return fmt.Errorf("unmarshalling manifest body: %v", err) + } + + image.uniqueLayers() + return nil +} + +func (image *Image) uniqueLayers() { + encountered := map[Layer]bool{} + result := []Layer{} + + for index := range image.FsLayers { + if encountered[image.FsLayers[index]] != true { + encountered[image.FsLayers[index]] = true + result = append(result, image.FsLayers[index]) + } + } + image.FsLayers = result +} diff --git a/cmd/clairctl/docker/push.go b/cmd/clairctl/docker/push.go new file mode 100644 index 00000000..7da2786a --- /dev/null +++ b/cmd/clairctl/docker/push.go @@ -0,0 +1,68 @@ +package docker + +import ( + "fmt" + "strings" + + "github.com/Sirupsen/logrus" + "github.com/coreos/clair/api/v1" + "github.com/coreos/clair/cmd/clairctl/clair" + "github.com/coreos/clair/cmd/clairctl/config" + "github.com/coreos/clair/cmd/clairctl/database" + "github.com/coreos/clair/cmd/clairctl/xstrings" +) + +//Push image to Clair for analysis +func Push(image Image) error { + layerCount := len(image.FsLayers) + + parentID := "" + + if layerCount == 0 { + logrus.Warningln("there is no layer to push") + } + localIP, err := config.LocalServerIP() + if err != nil { + return err + } + hURL := fmt.Sprintf("http://%v/v2", localIP) + if IsLocal { + hURL += "/local" + logrus.Infof("using %v as local url", hURL) + } + + for index, layer := range image.FsLayers { + lUID := xstrings.Substr(layer.BlobSum, 0, 12) + logrus.Infof("Pushing Layer %d/%d [%v]", index+1, layerCount, lUID) + + database.InsertRegistryMapping(layer.BlobSum, image.Registry) + payload := v1.LayerEnvelope{Layer: &v1.Layer{ + Name: layer.BlobSum, + Path: image.BlobsURI(layer.BlobSum), + ParentName: parentID, + Format: "Docker", + }} + + //FIXME Update to TLS + if IsLocal { + payload.Layer.Name = layer.History + payload.Layer.Path += "/layer.tar" + } + payload.Layer.Path = strings.Replace(payload.Layer.Path, image.Registry, hURL, 1) + if err := clair.Push(payload); err != nil { + logrus.Infof("adding layer %d/%d [%v]: %v", index+1, layerCount, lUID, err) + if err != clair.OSNotSupported { + return err + } + parentID = "" + } else { + parentID = payload.Layer.Name + } + } + if IsLocal { + if err := cleanLocal(); err != nil { + return err + } + } + return nil +} diff --git a/cmd/clairctl/hyperclair.yml.default b/cmd/clairctl/hyperclair.yml.default new file mode 100644 index 00000000..743c73e3 --- /dev/null +++ b/cmd/clairctl/hyperclair.yml.default @@ -0,0 +1,8 @@ +clair: + port: 6060 + healthPort: 6061 + uri: http://clair + priority: Low + report: + path: ./reports + format: html diff --git a/cmd/clairctl/main.go b/cmd/clairctl/main.go new file mode 100644 index 00000000..d60590e8 --- /dev/null +++ b/cmd/clairctl/main.go @@ -0,0 +1,21 @@ +// Copyright © 2016 NAME HERE +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package main + +import "github.com/coreos/clair/cmd/clairctl/cmd" + +func main() { + cmd.Execute() +} diff --git a/cmd/clairctl/reports/html/analysis-jgsqware-clair-latest.html b/cmd/clairctl/reports/html/analysis-jgsqware-clair-latest.html new file mode 100644 index 00000000..df292616 --- /dev/null +++ b/cmd/clairctl/reports/html/analysis-jgsqware-clair-latest.html @@ -0,0 +1,102919 @@ + + + + Hyperclair report : jgsqware/clair + + + + + + + +
+
+

Hyperclair report

+
+ +
+

Image: jgsqware/clair

+ +
+
+ +

Total : 4215

+

+ Critical : 923 + +

+

+ Medium : 661 + +

+

+ Low : 371 + +

+ Negligible : 1197 +

+

+ +
+
+ +
+ + +
+
+
CVE-2015-8607
+
High
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2014-9769
+
High
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-5277
+
High
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2015-8390
+
High
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-8395
+
High
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-8387
+
High
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-8607
+
High
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-2328
+
High
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-8389
+
High
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-2856
+
High
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2015-8380
+
High
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-1283
+
High
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-8381
+
High
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-8383
+
High
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-3191
+
High
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-8385
+
High
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-2327
+
High
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-8392
+
High
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-8386
+
High
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-0494
+
High
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-4844
+
High
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2014-9769
+
High
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-8394
+
High
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-2315
+
High
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-2324
+
High
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-8390
+
High
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-8395
+
High
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-8387
+
High
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-2328
+
High
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-8389
+
High
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-8391
+
High
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-8388
+
High
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-8384
+
High
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-8380
+
High
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-1283
+
High
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-8381
+
High
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-8383
+
High
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-3191
+
High
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-8385
+
High
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2014-9769
+
High
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2015-8390
+
High
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2015-2327
+
High
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-8395
+
High
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2015-8387
+
High
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2015-2328
+
High
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2015-8389
+
High
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2016-2842
+
High
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-8380
+
High
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2016-1283
+
High
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2015-8381
+
High
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2015-8383
+
High
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2016-0705
+
High
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-0799
+
High
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-0798
+
High
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-3191
+
High
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2015-8385
+
High
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2015-2327
+
High
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2015-8607
+
High
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-0728
+
High
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-2842
+
High
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2013-7445
+
High
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-0705
+
High
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-8392
+
High
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2016-0494
+
High
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-8392
+
High
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-8386
+
High
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2015-8386
+
High
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2013-7445
+
High
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-4844
+
High
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-8394
+
High
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2015-8394
+
High
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-0799
+
High
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-8391
+
High
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-8388
+
High
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-0798
+
High
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-8384
+
High
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-2856
+
High
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-5277
+
High
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-8391
+
High
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2015-8384
+
High
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-0728
+
High
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-8388
+
High
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-8391
+
High
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-8394
+
High
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-8386
+
High
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-8388
+
High
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2015-8392
+
High
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-2324
+
High
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-2315
+
High
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-2327
+
High
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-0798
+
High
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-8384
+
High
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2016-0799
+
High
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-8385
+
High
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-0705
+
High
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-2842
+
High
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-3191
+
High
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-8384
+
High
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-8383
+
High
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-8388
+
High
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-8391
+
High
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-8394
+
High
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-8386
+
High
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-8392
+
High
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-2327
+
High
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-8385
+
High
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-3191
+
High
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-8383
+
High
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-8381
+
High
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-1283
+
High
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-8380
+
High
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-8381
+
High
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-8389
+
High
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-2328
+
High
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-8387
+
High
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-8395
+
High
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-8390
+
High
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2014-9769
+
High
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-4844
+
High
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-0494
+
High
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-1283
+
High
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-8380
+
High
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-8803
+
High
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-8805
+
High
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-8804
+
High
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-8804
+
High
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2013-7445
+
High
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-8805
+
High
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-8803
+
High
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-8607
+
High
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-5600
+
High
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-8389
+
High
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-2856
+
High
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-2328
+
High
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-5277
+
High
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-5277
+
High
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-7182
+
High
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-7181
+
High
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-8387
+
High
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-5277
+
High
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-8607
+
High
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2015-5600
+
High
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-7181
+
High
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-8395
+
High
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-7182
+
High
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-8390
+
High
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-2856
+
High
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-0494
+
High
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-4844
+
High
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-8607
+
High
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2014-9769
+
High
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-2856
+
High
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-2842
+
High
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-0705
+
High
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-5277
+
High
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2014-9769
+
High
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-0799
+
High
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-0798
+
High
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-2856
+
High
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-8390
+
High
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-8395
+
High
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-5600
+
High
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-8387
+
High
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-2328
+
High
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-8803
+
High
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-8805
+
High
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-8389
+
High
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-8380
+
High
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-1283
+
High
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-8804
+
High
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-8607
+
High
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-8381
+
High
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-5600
+
High
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-8383
+
High
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-2856
+
High
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-2324
+
High
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-2315
+
High
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-5277
+
High
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-3191
+
High
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-0728
+
High
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2013-7445
+
High
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-8385
+
High
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-8804
+
High
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-8805
+
High
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-8803
+
High
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2014-9769
+
High
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-7181
+
High
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-8390
+
High
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-7182
+
High
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-8395
+
High
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-8387
+
High
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-2328
+
High
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-8389
+
High
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-8380
+
High
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-2842
+
High
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-0705
+
High
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-1283
+
High
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-8381
+
High
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-0799
+
High
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-0798
+
High
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-8383
+
High
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-3191
+
High
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-2315
+
High
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-2324
+
High
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-8385
+
High
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-2327
+
High
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-8392
+
High
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-8386
+
High
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-8394
+
High
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-8391
+
High
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-2324
+
High
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-8607
+
High
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-8388
+
High
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-2315
+
High
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-8384
+
High
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-2327
+
High
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-0728
+
High
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-8392
+
High
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-8386
+
High
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-8607
+
High
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-8804
+
High
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-8805
+
High
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2014-9769
+
High
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2015-8390
+
High
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2015-8804
+
High
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-8805
+
High
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-8803
+
High
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-8394
+
High
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-0494
+
High
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-8803
+
High
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-4844
+
High
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-8391
+
High
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-8388
+
High
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-8395
+
High
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2015-5600
+
High
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-8387
+
High
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2015-8384
+
High
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-0798
+
High
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-0728
+
High
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-0799
+
High
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-8388
+
High
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-8391
+
High
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-0705
+
High
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-2842
+
High
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-8607
+
High
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-5600
+
High
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-8394
+
High
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-8386
+
High
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-2328
+
High
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2015-8392
+
High
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-8389
+
High
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2015-2327
+
High
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2013-7445
+
High
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-8385
+
High
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-3191
+
High
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-8380
+
High
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2016-1283
+
High
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2015-8381
+
High
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2015-8383
+
High
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2016-3191
+
High
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2015-8385
+
High
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2015-2327
+
High
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2015-8392
+
High
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2015-8383
+
High
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-8386
+
High
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2015-8394
+
High
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2015-8391
+
High
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2015-8388
+
High
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2015-8381
+
High
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-8384
+
High
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2013-7445
+
High
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-0494
+
High
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-4844
+
High
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-8380
+
High
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-8389
+
High
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-2328
+
High
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2014-9769
+
High
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-8390
+
High
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-8395
+
High
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-8387
+
High
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-8395
+
High
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-8390
+
High
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-0728
+
High
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2014-9769
+
High
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-8387
+
High
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-2315
+
High
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-2328
+
High
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-8389
+
High
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-2324
+
High
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2013-7445
+
High
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-8384
+
High
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-8380
+
High
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-1283
+
High
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-0798
+
High
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-8381
+
High
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-8383
+
High
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-3191
+
High
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-8385
+
High
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-0799
+
High
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-2327
+
High
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-8392
+
High
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-2842
+
High
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-0728
+
High
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-8386
+
High
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-0705
+
High
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-8394
+
High
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-8391
+
High
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-8388
+
High
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-2842
+
High
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-8384
+
High
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-7182
+
High
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-7181
+
High
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-0705
+
High
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-5277
+
High
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-0799
+
High
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-8607
+
High
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2016-2856
+
High
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-0798
+
High
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-8384
+
High
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-0728
+
High
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-8388
+
High
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-8391
+
High
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-8394
+
High
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-8386
+
High
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-8392
+
High
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-2327
+
High
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-8385
+
High
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-3191
+
High
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-8383
+
High
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-8381
+
High
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-1283
+
High
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-8380
+
High
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-5600
+
High
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-8389
+
High
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-2328
+
High
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-8387
+
High
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-8395
+
High
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-8390
+
High
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2014-9769
+
High
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-4844
+
High
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-0494
+
High
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-2315
+
High
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-8803
+
High
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-8805
+
High
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-8804
+
High
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2013-7445
+
High
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-5277
+
High
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-2324
+
High
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-8803
+
High
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-8805
+
High
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-8804
+
High
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-5277
+
High
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2015-4844
+
High
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-0494
+
High
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-5600
+
High
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-2856
+
High
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-1283
+
High
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-2842
+
High
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-5277
+
High
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-0705
+
High
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-0799
+
High
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-7182
+
High
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-7181
+
High
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-0798
+
High
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-8607
+
High
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-0494
+
High
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-4844
+
High
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-8384
+
High
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-2856
+
High
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2015-5277
+
High
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-0728
+
High
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-2856
+
High
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-8388
+
High
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-8391
+
High
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-5600
+
High
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-2856
+
High
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8394
+
High
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-8386
+
High
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-5277
+
High
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8392
+
High
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-2327
+
High
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-8385
+
High
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-3191
+
High
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-2315
+
High
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-2324
+
High
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2013-7445
+
High
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-8383
+
High
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-8381
+
High
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-1283
+
High
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-8380
+
High
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-8389
+
High
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-0798
+
High
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-0799
+
High
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-2328
+
High
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-0705
+
High
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-2842
+
High
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-8387
+
High
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-5600
+
High
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8384
+
High
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-8395
+
High
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-2324
+
High
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-2315
+
High
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2014-9769
+
High
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-8384
+
High
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8390
+
High
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-8388
+
High
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8391
+
High
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8394
+
High
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8386
+
High
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8392
+
High
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-2327
+
High
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8385
+
High
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-3191
+
High
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8383
+
High
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8381
+
High
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-1283
+
High
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8380
+
High
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8395
+
High
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-8389
+
High
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-2328
+
High
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8387
+
High
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8395
+
High
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8390
+
High
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2014-9769
+
High
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8387
+
High
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-2328
+
High
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-8389
+
High
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-8380
+
High
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-1283
+
High
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-8381
+
High
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-8383
+
High
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-3191
+
High
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-8385
+
High
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-2327
+
High
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-0798
+
High
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-8392
+
High
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-0799
+
High
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-8803
+
High
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8805
+
High
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8804
+
High
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8386
+
High
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-8394
+
High
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-8391
+
High
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-8388
+
High
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-8384
+
High
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2013-7445
+
High
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-8390
+
High
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-8388
+
High
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-8391
+
High
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2014-9769
+
High
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-2856
+
High
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-0705
+
High
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-5600
+
High
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-2842
+
High
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2016-0728
+
High
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-8394
+
High
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-2315
+
High
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-2324
+
High
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-8386
+
High
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-4844
+
High
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-0494
+
High
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-8804
+
High
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-8805
+
High
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-8803
+
High
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-8607
+
High
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-5600
+
High
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-8392
+
High
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-2327
+
High
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2014-9769
+
High
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-8390
+
High
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-8395
+
High
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-8387
+
High
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-2328
+
High
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-8389
+
High
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-8385
+
High
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-8380
+
High
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2016-3191
+
High
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-8383
+
High
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-8381
+
High
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-1283
+
High
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-8381
+
High
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-8383
+
High
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-7182
+
High
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-7181
+
High
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-8804
+
High
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-8805
+
High
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-8803
+
High
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-3191
+
High
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-5600
+
High
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-1283
+
High
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-8385
+
High
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-8380
+
High
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2013-7445
+
High
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-0798
+
High
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-2327
+
High
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2016-0799
+
High
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2013-7445
+
High
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-0705
+
High
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-2842
+
High
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-0494
+
High
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-4844
+
High
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2014-9769
+
High
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-8390
+
High
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-8392
+
High
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-8395
+
High
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-0728
+
High
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-0728
+
High
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-8387
+
High
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-2328
+
High
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-8389
+
High
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-8386
+
High
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-8394
+
High
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-8380
+
High
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-1283
+
High
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2013-7445
+
High
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-8381
+
High
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-2315
+
High
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-8383
+
High
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-2842
+
High
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-0705
+
High
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-3191
+
High
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-8385
+
High
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-0799
+
High
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-0798
+
High
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-2327
+
High
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-8392
+
High
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-8386
+
High
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-8394
+
High
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-8391
+
High
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-4844
+
High
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-0494
+
High
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8388
+
High
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-2324
+
High
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-8384
+
High
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-8607
+
High
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8391
+
High
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-7181
+
High
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8389
+
High
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-7182
+
High
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-2328
+
High
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-5277
+
High
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-2856
+
High
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-0728
+
High
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-8387
+
High
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-8395
+
High
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-8390
+
High
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-8388
+
High
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2014-9769
+
High
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-0494
+
High
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-4844
+
High
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-5600
+
High
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-2842
+
High
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-2315
+
High
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-2324
+
High
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-8607
+
High
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-8384
+
High
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2016-2324
+
High
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-2315
+
High
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-2856
+
High
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-5277
+
High
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-8804
+
High
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-0705
+
High
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-0728
+
High
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-8805
+
High
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-0799
+
High
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-0798
+
High
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-5600
+
High
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-8607
+
High
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-8803
+
High
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-2324
+
High
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-2315
+
High
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-2856
+
High
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2013-7445
+
High
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-8803
+
High
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-8805
+
High
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-8804
+
High
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-8803
+
High
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-4844
+
High
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-0494
+
High
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-8607
+
High
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-8805
+
High
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-8804
+
High
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-5277
+
High
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-5600
+
High
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-0494
+
High
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-4844
+
High
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2013-7445
+
High
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-8804
+
High
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-8805
+
High
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-2315
+
High
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-2856
+
High
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-2324
+
High
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-8803
+
High
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-5277
+
High
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-8384
+
High
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-8804
+
High
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-7182
+
High
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-2324
+
High
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-8805
+
High
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2016-2315
+
High
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-8803
+
High
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-7181
+
High
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-8388
+
High
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2014-9769
+
High
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-5277
+
High
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-8390
+
High
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-2856
+
High
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-8395
+
High
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-8387
+
High
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-2328
+
High
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-5277
+
High
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-8389
+
High
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-8380
+
High
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-8384
+
High
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-2856
+
High
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2016-1283
+
High
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-8607
+
High
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-5600
+
High
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-8381
+
High
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-8383
+
High
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-3191
+
High
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-8385
+
High
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-2327
+
High
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-8392
+
High
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-8386
+
High
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-8394
+
High
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-8391
+
High
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-8388
+
High
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-8384
+
High
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-8391
+
High
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-8394
+
High
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-8386
+
High
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-8392
+
High
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-2324
+
High
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-2315
+
High
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-8804
+
High
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-8805
+
High
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-8803
+
High
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-8388
+
High
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2013-7445
+
High
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-2327
+
High
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-8607
+
High
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-8385
+
High
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-3191
+
High
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-0798
+
High
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-0799
+
High
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-5277
+
High
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-0705
+
High
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-8383
+
High
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-2842
+
High
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2014-9769
+
High
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-2856
+
High
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-0728
+
High
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-8390
+
High
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-8381
+
High
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-8395
+
High
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-8387
+
High
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-2328
+
High
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-8380
+
High
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-8389
+
High
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-8389
+
High
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-8380
+
High
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-1283
+
High
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-7181
+
High
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-2328
+
High
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-7182
+
High
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-8387
+
High
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-8395
+
High
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-8390
+
High
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2014-9769
+
High
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-8607
+
High
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-8381
+
High
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-8383
+
High
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-3191
+
High
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-8385
+
High
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-2327
+
High
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-8392
+
High
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-8386
+
High
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-8394
+
High
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-8391
+
High
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-8388
+
High
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-0728
+
High
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-0728
+
High
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-8803
+
High
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-8384
+
High
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-8805
+
High
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-8388
+
High
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-8391
+
High
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-8394
+
High
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-8386
+
High
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-8392
+
High
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-2327
+
High
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-8385
+
High
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-3191
+
High
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-8383
+
High
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-8381
+
High
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-1283
+
High
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-8380
+
High
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-8804
+
High
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-8389
+
High
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-2328
+
High
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-8387
+
High
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-8395
+
High
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-8390
+
High
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2014-9769
+
High
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-2842
+
High
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-0705
+
High
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-0728
+
High
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-8384
+
High
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-0799
+
High
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-0798
+
High
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-4844
+
High
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-8391
+
High
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-0494
+
High
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2013-7445
+
High
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-8394
+
High
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2013-7445
+
High
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-8803
+
High
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-8805
+
High
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-4844
+
High
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-0494
+
High
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-8804
+
High
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-2842
+
High
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-8386
+
High
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-0705
+
High
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-0799
+
High
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-0798
+
High
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-8607
+
High
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-4844
+
High
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-0494
+
High
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-0494
+
High
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-2842
+
High
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-0705
+
High
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-8385
+
High
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-4844
+
High
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-0799
+
High
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-0798
+
High
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-8607
+
High
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-8392
+
High
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-5600
+
High
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-2327
+
High
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-8385
+
High
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-3191
+
High
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-8383
+
High
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2013-7445
+
High
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-2315
+
High
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-0728
+
High
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-0798
+
High
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2014-9769
+
High
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-0799
+
High
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-8390
+
High
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-2315
+
High
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-2324
+
High
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-8395
+
High
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-0705
+
High
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-8387
+
High
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-2328
+
High
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-8389
+
High
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-2842
+
High
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-0798
+
High
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-8380
+
High
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-1283
+
High
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-5600
+
High
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-8381
+
High
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-8383
+
High
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-2324
+
High
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-0799
+
High
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-0705
+
High
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-2856
+
High
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-5277
+
High
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-0494
+
High
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-3191
+
High
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-8385
+
High
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-2327
+
High
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-8392
+
High
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-8386
+
High
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-4844
+
High
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-2842
+
High
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-5277
+
High
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-8394
+
High
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-8804
+
High
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-2856
+
High
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-8805
+
High
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-8803
+
High
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2014-9769
+
High
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-8390
+
High
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-8391
+
High
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-8388
+
High
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-8395
+
High
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-8387
+
High
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-2328
+
High
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-8389
+
High
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-8380
+
High
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-1283
+
High
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-8381
+
High
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-8383
+
High
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-8607
+
High
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-8384
+
High
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2013-7445
+
High
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-3191
+
High
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-8381
+
High
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-1283
+
High
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-8385
+
High
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-2327
+
High
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-8380
+
High
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-8392
+
High
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-0494
+
High
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-8386
+
High
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-4844
+
High
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-8394
+
High
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-8391
+
High
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-0728
+
High
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-0798
+
High
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-8388
+
High
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-0799
+
High
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-8384
+
High
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-0705
+
High
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-2842
+
High
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-2842
+
High
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-0705
+
High
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-7181
+
High
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-5600
+
High
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-7182
+
High
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-0799
+
High
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-0798
+
High
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-7182
+
High
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-7181
+
High
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-5600
+
High
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-0728
+
High
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-0798
+
High
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2016-0494
+
High
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-4844
+
High
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-8607
+
High
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-5277
+
High
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-4844
+
High
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2013-7445
+
High
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-0494
+
High
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2016-2856
+
High
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-5277
+
High
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-0799
+
High
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-5600
+
High
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-5600
+
High
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-8384
+
High
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-8388
+
High
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2016-0705
+
High
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2016-2842
+
High
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2016-2856
+
High
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-8391
+
High
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-8389
+
High
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-8394
+
High
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2016-2856
+
High
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-8386
+
High
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-2328
+
High
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-5277
+
High
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-8392
+
High
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-8387
+
High
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-2327
+
High
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-8395
+
High
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-1283
+
High
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-8390
+
High
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2014-9769
+
High
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-3191
+
High
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-8607
+
High
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-8607
+
High
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-8383
+
High
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2016-2324
+
High
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2016-2315
+
High
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-4844
+
High
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-0494
+
High
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-8381
+
High
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2016-1283
+
High
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-8380
+
High
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-8389
+
High
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-8804
+
High
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-2328
+
High
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-8387
+
High
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-8804
+
High
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-8805
+
High
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-8395
+
High
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-8803
+
High
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-8803
+
High
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-8805
+
High
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-8804
+
High
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-8390
+
High
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2014-9769
+
High
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-5277
+
High
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-8805
+
High
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-8803
+
High
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-8803
+
High
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-8384
+
High
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-2856
+
High
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-8388
+
High
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-8391
+
High
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-8394
+
High
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-8386
+
High
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-8392
+
High
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-2327
+
High
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-8385
+
High
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-3191
+
High
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-8383
+
High
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-8381
+
High
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-1283
+
High
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-8380
+
High
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2013-7445
+
High
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-8389
+
High
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-2328
+
High
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-8387
+
High
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-8395
+
High
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-8390
+
High
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2014-9769
+
High
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-2842
+
High
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-0705
+
High
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-0728
+
High
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-8805
+
High
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-0799
+
High
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-0798
+
High
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-2324
+
High
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-2324
+
High
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-2315
+
High
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-2315
+
High
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-8804
+
High
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-2315
+
High
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-2324
+
High
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-5352
+
Medium
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-5276
+
Medium
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2016-0797
+
Medium
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-7547
+
Medium
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2013-4312
+
Medium
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-3238
+
Medium
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-7566
+
Medium
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-0723
+
Medium
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-5352
+
Medium
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-8767
+
Medium
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-8382
+
Medium
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-0755
+
Medium
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2011-3389
+
Medium
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-8382
+
Medium
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-3115
+
Medium
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-0821
+
Medium
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-6564
+
Medium
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-3238
+
Medium
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-8631
+
Medium
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-2694
+
Medium
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-8630
+
Medium
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-8393
+
Medium
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-2632
+
Medium
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-8382
+
Medium
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-3238
+
Medium
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-7547
+
Medium
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-5276
+
Medium
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2014-8121
+
Medium
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-8393
+
Medium
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-8631
+
Medium
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-2694
+
Medium
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-8630
+
Medium
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-2059
+
Medium
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-8382
+
Medium
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2015-3238
+
Medium
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-2059
+
Medium
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-3238
+
Medium
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-0777
+
Medium
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-3238
+
Medium
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-0797
+
Medium
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-5276
+
Medium
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-8630
+
Medium
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-2694
+
Medium
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-8785
+
Medium
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2013-4312
+
Medium
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-8631
+
Medium
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-2694
+
Medium
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-8382
+
Medium
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-8630
+
Medium
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-8631
+
Medium
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-2632
+
Medium
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-0755
+
Medium
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2011-3389
+
Medium
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-0778
+
Medium
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-2694
+
Medium
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2014-8121
+
Medium
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-7547
+
Medium
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-7566
+
Medium
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-8630
+
Medium
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-8631
+
Medium
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-0723
+
Medium
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-8393
+
Medium
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-8767
+
Medium
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-2632
+
Medium
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-0821
+
Medium
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-0821
+
Medium
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-8767
+
Medium
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-0723
+
Medium
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-8393
+
Medium
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-0797
+
Medium
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-7566
+
Medium
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2013-4312
+
Medium
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-8393
+
Medium
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-8785
+
Medium
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-2632
+
Medium
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2016-0821
+
Medium
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-0778
+
Medium
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-7547
+
Medium
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-7547
+
Medium
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-8382
+
Medium
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-8767
+
Medium
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-0777
+
Medium
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-6564
+
Medium
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-0723
+
Medium
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-7547
+
Medium
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2014-8121
+
Medium
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-3115
+
Medium
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-0821
+
Medium
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-7566
+
Medium
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-5352
+
Medium
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-5276
+
Medium
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2013-4312
+
Medium
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-0797
+
Medium
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-2059
+
Medium
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-8785
+
Medium
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-7575
+
Medium
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-2632
+
Medium
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-5276
+
Medium
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-0778
+
Medium
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-0777
+
Medium
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-6564
+
Medium
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-3115
+
Medium
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-5352
+
Medium
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-8393
+
Medium
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2015-3238
+
Medium
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-1979
+
Medium
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-1978
+
Medium
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-1950
+
Medium
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-4000
+
Medium
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-1938
+
Medium
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-1950
+
Medium
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-1979
+
Medium
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-7575
+
Medium
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-0797
+
Medium
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2011-3389
+
Medium
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-5352
+
Medium
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-3115
+
Medium
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-6564
+
Medium
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-0777
+
Medium
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-0797
+
Medium
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-1938
+
Medium
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-0778
+
Medium
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-4000
+
Medium
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-8393
+
Medium
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-1978
+
Medium
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-0755
+
Medium
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2014-8121
+
Medium
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-8630
+
Medium
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-2694
+
Medium
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-0755
+
Medium
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-8382
+
Medium
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-8393
+
Medium
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-8785
+
Medium
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2013-4312
+
Medium
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-0797
+
Medium
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-7566
+
Medium
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-2632
+
Medium
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-0755
+
Medium
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-0723
+
Medium
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-8767
+
Medium
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-8393
+
Medium
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-0821
+
Medium
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-2632
+
Medium
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-5276
+
Medium
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-8382
+
Medium
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2014-8121
+
Medium
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-2059
+
Medium
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-5276
+
Medium
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-8382
+
Medium
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2011-3389
+
Medium
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-0755
+
Medium
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-8767
+
Medium
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-8630
+
Medium
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-5276
+
Medium
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2014-8121
+
Medium
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2014-8121
+
Medium
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-7547
+
Medium
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-2694
+
Medium
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-8631
+
Medium
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-0778
+
Medium
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2014-8121
+
Medium
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-7547
+
Medium
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2014-8121
+
Medium
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-2059
+
Medium
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-2632
+
Medium
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-7547
+
Medium
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-5352
+
Medium
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2011-3389
+
Medium
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-8631
+
Medium
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-0777
+
Medium
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-8631
+
Medium
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-2694
+
Medium
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-8630
+
Medium
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-6564
+
Medium
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-3115
+
Medium
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-5352
+
Medium
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-5352
+
Medium
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2016-3115
+
Medium
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-6564
+
Medium
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-5352
+
Medium
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-3115
+
Medium
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-6564
+
Medium
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-0777
+
Medium
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-3115
+
Medium
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-7547
+
Medium
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-0778
+
Medium
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-6564
+
Medium
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2016-0777
+
Medium
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2016-0755
+
Medium
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-0777
+
Medium
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-0778
+
Medium
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2016-0755
+
Medium
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-8382
+
Medium
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-2059
+
Medium
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-7575
+
Medium
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-2059
+
Medium
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-1979
+
Medium
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-8630
+
Medium
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-0797
+
Medium
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-0797
+
Medium
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-5276
+
Medium
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-8785
+
Medium
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-2694
+
Medium
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2013-4312
+
Medium
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2011-3389
+
Medium
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-2059
+
Medium
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-8631
+
Medium
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-7566
+
Medium
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-0723
+
Medium
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-2059
+
Medium
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-8767
+
Medium
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-1950
+
Medium
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-0797
+
Medium
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-0821
+
Medium
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-3238
+
Medium
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-1938
+
Medium
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-4000
+
Medium
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-0723
+
Medium
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2011-3389
+
Medium
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-2632
+
Medium
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-1978
+
Medium
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-7547
+
Medium
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2014-8121
+
Medium
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-5276
+
Medium
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2011-3389
+
Medium
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-0778
+
Medium
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-0755
+
Medium
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-1978
+
Medium
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-4000
+
Medium
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-1938
+
Medium
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-2632
+
Medium
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-8631
+
Medium
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-2694
+
Medium
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-3238
+
Medium
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-8630
+
Medium
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-8785
+
Medium
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-2632
+
Medium
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-1950
+
Medium
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-0797
+
Medium
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-1979
+
Medium
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-7575
+
Medium
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-3238
+
Medium
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2014-8121
+
Medium
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-7547
+
Medium
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-0755
+
Medium
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-5276
+
Medium
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-0797
+
Medium
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-7566
+
Medium
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-2632
+
Medium
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-5276
+
Medium
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2013-4312
+
Medium
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2011-3389
+
Medium
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-5276
+
Medium
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-3238
+
Medium
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-0821
+
Medium
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-2059
+
Medium
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-0778
+
Medium
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-8630
+
Medium
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-2694
+
Medium
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-8631
+
Medium
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-2059
+
Medium
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-0821
+
Medium
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-8767
+
Medium
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-0723
+
Medium
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-8382
+
Medium
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-0777
+
Medium
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-8767
+
Medium
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2011-3389
+
Medium
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-2632
+
Medium
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-0723
+
Medium
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-8631
+
Medium
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2016-0797
+
Medium
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-5276
+
Medium
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-7566
+
Medium
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-7566
+
Medium
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2013-4312
+
Medium
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-8785
+
Medium
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2013-4312
+
Medium
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-5276
+
Medium
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2015-8382
+
Medium
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-8785
+
Medium
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-8393
+
Medium
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-8393
+
Medium
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-2694
+
Medium
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-8630
+
Medium
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-7575
+
Medium
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-1979
+
Medium
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-1950
+
Medium
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-1938
+
Medium
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-4000
+
Medium
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-5276
+
Medium
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-1978
+
Medium
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2013-4312
+
Medium
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-2059
+
Medium
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-8382
+
Medium
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-7566
+
Medium
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-8382
+
Medium
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-3238
+
Medium
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2015-6564
+
Medium
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-8785
+
Medium
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-3115
+
Medium
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2013-4312
+
Medium
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-0755
+
Medium
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-7566
+
Medium
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-3238
+
Medium
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-7547
+
Medium
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-0723
+
Medium
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2014-8121
+
Medium
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-0797
+
Medium
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-8767
+
Medium
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-5276
+
Medium
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-5352
+
Medium
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-0821
+
Medium
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-5352
+
Medium
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-0778
+
Medium
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-0777
+
Medium
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-6564
+
Medium
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-3115
+
Medium
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-0723
+
Medium
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-5352
+
Medium
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-3115
+
Medium
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-8393
+
Medium
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-6564
+
Medium
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2011-3389
+
Medium
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2016-0821
+
Medium
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-7547
+
Medium
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2014-8121
+
Medium
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-3238
+
Medium
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2016-0777
+
Medium
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-0778
+
Medium
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-8393
+
Medium
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-8767
+
Medium
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-0755
+
Medium
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-0723
+
Medium
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-8382
+
Medium
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-7566
+
Medium
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-7547
+
Medium
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2014-8121
+
Medium
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-3238
+
Medium
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-1978
+
Medium
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-4000
+
Medium
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-7547
+
Medium
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2014-8121
+
Medium
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-1978
+
Medium
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2014-8121
+
Medium
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-4000
+
Medium
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-1938
+
Medium
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-1950
+
Medium
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-1979
+
Medium
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-7575
+
Medium
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-8393
+
Medium
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-7547
+
Medium
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-8785
+
Medium
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-1938
+
Medium
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-8767
+
Medium
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-1950
+
Medium
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-1979
+
Medium
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-8382
+
Medium
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-0755
+
Medium
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-2632
+
Medium
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2016-0778
+
Medium
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-0821
+
Medium
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-7575
+
Medium
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-0797
+
Medium
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-8630
+
Medium
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-2694
+
Medium
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-8631
+
Medium
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-0777
+
Medium
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-8785
+
Medium
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2011-3389
+
Medium
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-0755
+
Medium
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-6564
+
Medium
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-5276
+
Medium
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2016-3115
+
Medium
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-5352
+
Medium
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-8393
+
Medium
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-2059
+
Medium
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-8631
+
Medium
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2013-4312
+
Medium
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-2694
+
Medium
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2014-8121
+
Medium
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-7547
+
Medium
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-8785
+
Medium
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-8630
+
Medium
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-3238
+
Medium
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-5352
+
Medium
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-4000
+
Medium
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-3115
+
Medium
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-2632
+
Medium
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-0821
+
Medium
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-6564
+
Medium
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-2632
+
Medium
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2011-3389
+
Medium
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-0777
+
Medium
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-8767
+
Medium
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-0797
+
Medium
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-8630
+
Medium
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-0723
+
Medium
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-2694
+
Medium
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-8631
+
Medium
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-5276
+
Medium
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-0755
+
Medium
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-7566
+
Medium
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-0778
+
Medium
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-0778
+
Medium
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2013-4312
+
Medium
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-2059
+
Medium
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2014-8121
+
Medium
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-8785
+
Medium
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-0777
+
Medium
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-7547
+
Medium
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-6564
+
Medium
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-0797
+
Medium
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-3115
+
Medium
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-8785
+
Medium
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2011-3389
+
Medium
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-5352
+
Medium
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-8393
+
Medium
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-2059
+
Medium
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-3238
+
Medium
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2013-4312
+
Medium
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-8393
+
Medium
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-7566
+
Medium
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2011-3389
+
Medium
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-5276
+
Medium
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-5276
+
Medium
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-8631
+
Medium
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-0778
+
Medium
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-0755
+
Medium
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-8631
+
Medium
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-2694
+
Medium
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-8630
+
Medium
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-0777
+
Medium
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-0778
+
Medium
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-6564
+
Medium
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-3115
+
Medium
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-5352
+
Medium
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-0777
+
Medium
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-2694
+
Medium
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-2059
+
Medium
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-6564
+
Medium
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-2632
+
Medium
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-8630
+
Medium
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-8785
+
Medium
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-3238
+
Medium
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-0755
+
Medium
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-2059
+
Medium
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-0723
+
Medium
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-3115
+
Medium
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-8767
+
Medium
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-3238
+
Medium
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-7575
+
Medium
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-1979
+
Medium
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2013-4312
+
Medium
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-5352
+
Medium
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-1950
+
Medium
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8382
+
Medium
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2016-0821
+
Medium
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-1938
+
Medium
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-7547
+
Medium
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-4000
+
Medium
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2014-8121
+
Medium
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-7566
+
Medium
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-0723
+
Medium
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-0821
+
Medium
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-1978
+
Medium
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8382
+
Medium
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-8767
+
Medium
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2011-3389
+
Medium
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-8393
+
Medium
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-2632
+
Medium
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8393
+
Medium
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2016-0755
+
Medium
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-2632
+
Medium
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-8767
+
Medium
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-0797
+
Medium
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-0723
+
Medium
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-8382
+
Medium
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-7566
+
Medium
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-0821
+
Medium
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-8767
+
Medium
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-0723
+
Medium
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-8382
+
Medium
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-7566
+
Medium
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2013-4312
+
Medium
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-8785
+
Medium
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2013-4312
+
Medium
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8785
+
Medium
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-7566
+
Medium
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-2632
+
Medium
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-0755
+
Medium
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2013-4312
+
Medium
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-0723
+
Medium
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-2059
+
Medium
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-8767
+
Medium
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-0797
+
Medium
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-5352
+
Medium
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2011-3389
+
Medium
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-8785
+
Medium
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-5352
+
Medium
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-3115
+
Medium
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-6564
+
Medium
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-0777
+
Medium
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-0821
+
Medium
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-3115
+
Medium
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-0778
+
Medium
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2014-8121
+
Medium
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2016-0821
+
Medium
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-0821
+
Medium
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8382
+
Medium
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-2059
+
Medium
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-3238
+
Medium
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-8631
+
Medium
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-2694
+
Medium
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-8630
+
Medium
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-0755
+
Medium
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-2059
+
Medium
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-1978
+
Medium
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-0755
+
Medium
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-4000
+
Medium
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-1938
+
Medium
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-1950
+
Medium
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-1979
+
Medium
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-7575
+
Medium
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-3238
+
Medium
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-6564
+
Medium
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-0777
+
Medium
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-8393
+
Medium
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-8767
+
Medium
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-8382
+
Medium
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2016-0797
+
Medium
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-0723
+
Medium
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-5276
+
Medium
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-2059
+
Medium
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-7566
+
Medium
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-8631
+
Medium
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-0778
+
Medium
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-2694
+
Medium
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-8630
+
Medium
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2011-3389
+
Medium
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-0755
+
Medium
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2013-4312
+
Medium
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-8785
+
Medium
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-8393
+
Medium
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-5276
+
Medium
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-8631
+
Medium
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-2632
+
Medium
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-2694
+
Medium
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-8630
+
Medium
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-8785
+
Medium
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2011-3389
+
Medium
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-5352
+
Medium
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-3115
+
Medium
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-6564
+
Medium
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-0777
+
Medium
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-7575
+
Medium
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-1979
+
Medium
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-0778
+
Medium
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-1950
+
Medium
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-1938
+
Medium
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2013-4312
+
Medium
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-7566
+
Medium
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-4000
+
Medium
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-0723
+
Medium
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-8767
+
Medium
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2011-3389
+
Medium
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-8630
+
Medium
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8393
+
Medium
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-2694
+
Medium
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8631
+
Medium
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-1978
+
Medium
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-0821
+
Medium
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2014-8121
+
Medium
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-0797
+
Medium
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-7547
+
Medium
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-0755
+
Medium
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-0797
+
Medium
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2011-3389
+
Medium
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-8785
+
Medium
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-3238
+
Medium
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8382
+
Medium
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-5352
+
Medium
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-8393
+
Medium
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-5276
+
Medium
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8382
+
Medium
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8393
+
Medium
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2013-4312
+
Medium
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-3115
+
Medium
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-3238
+
Medium
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2015-3238
+
Medium
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-6564
+
Medium
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-8393
+
Medium
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-7566
+
Medium
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-0777
+
Medium
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-0778
+
Medium
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-0778
+
Medium
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8382
+
Medium
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2014-8121
+
Medium
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-0821
+
Medium
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-0777
+
Medium
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-0797
+
Medium
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-6564
+
Medium
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8382
+
Medium
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-3115
+
Medium
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-5352
+
Medium
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-0723
+
Medium
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-7547
+
Medium
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-2632
+
Medium
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-8631
+
Medium
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-2694
+
Medium
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-8630
+
Medium
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-8767
+
Medium
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-8767
+
Medium
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-2059
+
Medium
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2014-8121
+
Medium
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8631
+
Medium
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-7547
+
Medium
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-2694
+
Medium
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-0723
+
Medium
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-0821
+
Medium
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2011-3389
+
Medium
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2014-8121
+
Medium
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2015-7566
+
Medium
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-7547
+
Medium
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2015-8630
+
Medium
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2013-4312
+
Medium
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-5352
+
Medium
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-8393
+
Medium
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-3115
+
Medium
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-7547
+
Medium
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-6564
+
Medium
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2014-8121
+
Medium
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-0778
+
Medium
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-0777
+
Medium
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2011-3389
+
Medium
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-2632
+
Medium
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-0755
+
Medium
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-2632
+
Medium
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-0797
+
Medium
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-2059
+
Medium
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-2059
+
Medium
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-5276
+
Medium
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-1978
+
Medium
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2014-8121
+
Medium
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-0778
+
Medium
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-1938
+
Medium
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-1950
+
Medium
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-1979
+
Medium
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-7575
+
Medium
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-5276
+
Medium
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2011-3389
+
Medium
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-8785
+
Medium
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-3238
+
Medium
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-3238
+
Medium
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-0777
+
Medium
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-7547
+
Medium
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-8631
+
Medium
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-2694
+
Medium
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-8630
+
Medium
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-6564
+
Medium
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-3115
+
Medium
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-3137
+
Low
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-6563
+
Low
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-8629
+
Low
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2013-2207
+
Low
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2014-9717
+
Low
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-8629
+
Low
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-3119
+
Low
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-8777
+
Low
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-0702
+
Low
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-2185
+
Low
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2013-2207
+
Low
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-5180
+
Low
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2013-2207
+
Low
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2015-5180
+
Low
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8777
+
Low
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2013-2207
+
Low
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-3136
+
Low
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-3140
+
Low
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-3139
+
Low
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-6563
+
Low
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-8777
+
Low
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2014-9717
+
Low
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-2185
+
Low
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-2186
+
Low
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-3138
+
Low
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-3137
+
Low
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-2184
+
Low
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-8777
+
Low
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2013-2207
+
Low
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-5180
+
Low
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-5180
+
Low
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-5180
+
Low
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2016-3119
+
Low
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-8629
+
Low
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-3119
+
Low
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-3136
+
Low
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-6563
+
Low
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-3140
+
Low
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-0702
+
Low
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-2184
+
Low
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-3137
+
Low
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-3138
+
Low
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-2186
+
Low
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-2185
+
Low
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-3139
+
Low
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-2185
+
Low
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-2186
+
Low
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-3139
+
Low
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-6563
+
Low
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-3140
+
Low
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-3136
+
Low
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-3138
+
Low
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-8777
+
Low
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2013-2207
+
Low
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-0702
+
Low
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-3137
+
Low
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-2184
+
Low
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-3119
+
Low
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8629
+
Low
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-0702
+
Low
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2014-9717
+
Low
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-8777
+
Low
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2014-9717
+
Low
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8629
+
Low
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-6563
+
Low
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-3119
+
Low
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-8629
+
Low
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2014-9717
+
Low
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-0702
+
Low
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-5180
+
Low
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-3136
+
Low
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-3140
+
Low
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-3139
+
Low
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-3136
+
Low
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-3140
+
Low
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-3139
+
Low
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-2185
+
Low
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-2186
+
Low
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8629
+
Low
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-2186
+
Low
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-3138
+
Low
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-3137
+
Low
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-3119
+
Low
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2014-9717
+
Low
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-2184
+
Low
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-3138
+
Low
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-3137
+
Low
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-3119
+
Low
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-2184
+
Low
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-6563
+
Low
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-2184
+
Low
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-3137
+
Low
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-0702
+
Low
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-3138
+
Low
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-2186
+
Low
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-2184
+
Low
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-2185
+
Low
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-3139
+
Low
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-3140
+
Low
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-0702
+
Low
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-3137
+
Low
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-3136
+
Low
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-3138
+
Low
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-3136
+
Low
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-3140
+
Low
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-3139
+
Low
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-2186
+
Low
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-2185
+
Low
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-6563
+
Low
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-2185
+
Low
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-2186
+
Low
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-3138
+
Low
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-3137
+
Low
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-2184
+
Low
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-6563
+
Low
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-8629
+
Low
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2013-2207
+
Low
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-2184
+
Low
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2014-9717
+
Low
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-8777
+
Low
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-3139
+
Low
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-3137
+
Low
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-3140
+
Low
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-5180
+
Low
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-3136
+
Low
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-6563
+
Low
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-8629
+
Low
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-3119
+
Low
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-5180
+
Low
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-0702
+
Low
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-3138
+
Low
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-3119
+
Low
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-5180
+
Low
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-6563
+
Low
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-8777
+
Low
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2013-2207
+
Low
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-0702
+
Low
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-2186
+
Low
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-2185
+
Low
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-8777
+
Low
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-3119
+
Low
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-8629
+
Low
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2013-2207
+
Low
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2014-9717
+
Low
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-2184
+
Low
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-3138
+
Low
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-6563
+
Low
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-8629
+
Low
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-2186
+
Low
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-3139
+
Low
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-3140
+
Low
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-3136
+
Low
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-2185
+
Low
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-5180
+
Low
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-3139
+
Low
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-3140
+
Low
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2014-9717
+
Low
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-3136
+
Low
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-3119
+
Low
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-6563
+
Low
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2014-9717
+
Low
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-3136
+
Low
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-3140
+
Low
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-3139
+
Low
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-3119
+
Low
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-2185
+
Low
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-2186
+
Low
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-3138
+
Low
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-3137
+
Low
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-8629
+
Low
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-0702
+
Low
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-2184
+
Low
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2014-9717
+
Low
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-8777
+
Low
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2013-2207
+
Low
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-3136
+
Low
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2014-9717
+
Low
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2013-2207
+
Low
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-8777
+
Low
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-5180
+
Low
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2013-2207
+
Low
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-8777
+
Low
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-5180
+
Low
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2016-3136
+
Low
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-3140
+
Low
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-6563
+
Low
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2013-2207
+
Low
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-3139
+
Low
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-6563
+
Low
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-2185
+
Low
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-2186
+
Low
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-3138
+
Low
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-3137
+
Low
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-8777
+
Low
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-2184
+
Low
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-2184
+
Low
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-3137
+
Low
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-3138
+
Low
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-6563
+
Low
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-0702
+
Low
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-2186
+
Low
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2013-2207
+
Low
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-2185
+
Low
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-8777
+
Low
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-0702
+
Low
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-8629
+
Low
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-5180
+
Low
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-0702
+
Low
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-3119
+
Low
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2016-3139
+
Low
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-3140
+
Low
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-3136
+
Low
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2014-9717
+
Low
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-3119
+
Low
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-2184
+
Low
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-3137
+
Low
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-3138
+
Low
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-5180
+
Low
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-8629
+
Low
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-2186
+
Low
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-5180
+
Low
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-2185
+
Low
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-3139
+
Low
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-3140
+
Low
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-3136
+
Low
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-2184
+
Low
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-5180
+
Low
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-8777
+
Low
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-3137
+
Low
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2013-2207
+
Low
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-8777
+
Low
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-0702
+
Low
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-0702
+
Low
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2013-2207
+
Low
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-3138
+
Low
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-8629
+
Low
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-2186
+
Low
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-2185
+
Low
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-3139
+
Low
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-5180
+
Low
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-3140
+
Low
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2014-9717
+
Low
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2014-9717
+
Low
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-3136
+
Low
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-3136
+
Low
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-3140
+
Low
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-3139
+
Low
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2014-9717
+
Low
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2013-2207
+
Low
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-2185
+
Low
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-2186
+
Low
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-3138
+
Low
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-3119
+
Low
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-3137
+
Low
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-2184
+
Low
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-3119
+
Low
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-8629
+
Low
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-0702
+
Low
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-5180
+
Low
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2014-9717
+
Low
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-0702
+
Low
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-6563
+
Low
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2013-2207
+
Low
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-8777
+
Low
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-6563
+
Low
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-3119
+
Low
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-8629
+
Low
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2013-2207
+
Low
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-3119
+
Low
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-6563
+
Low
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-8777
+
Low
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-3119
+
Low
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2013-2207
+
Low
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-6563
+
Low
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-3136
+
Low
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-3140
+
Low
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-8629
+
Low
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-3139
+
Low
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-8777
+
Low
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-5180
+
Low
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-2185
+
Low
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-2186
+
Low
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-3138
+
Low
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-3137
+
Low
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-2184
+
Low
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2014-9717
+
Low
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-5180
+
Low
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2016-0702
+
Low
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-0702
+
Low
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-6563
+
Low
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-0702
+
Low
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-8629
+
Low
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-6563
+
Low
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-6563
+
Low
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2014-9717
+
Low
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2013-2207
+
Low
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-2184
+
Low
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-2184
+
Low
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-3137
+
Low
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-3138
+
Low
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-3137
+
Low
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2013-2207
+
Low
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-2186
+
Low
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-8777
+
Low
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-2185
+
Low
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-3136
+
Low
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-3140
+
Low
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-3139
+
Low
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-8777
+
Low
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-5180
+
Low
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2013-2207
+
Low
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-2185
+
Low
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-2186
+
Low
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-3138
+
Low
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-3137
+
Low
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-2184
+
Low
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-0702
+
Low
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-3139
+
Low
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-3140
+
Low
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-2184
+
Low
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-3136
+
Low
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-3137
+
Low
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-5180
+
Low
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-3138
+
Low
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-3119
+
Low
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-0702
+
Low
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-5180
+
Low
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-8777
+
Low
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-8629
+
Low
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-8777
+
Low
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2013-2207
+
Low
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-5180
+
Low
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-8629
+
Low
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-3119
+
Low
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-2186
+
Low
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-3119
+
Low
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2014-9717
+
Low
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-3136
+
Low
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-3140
+
Low
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-2185
+
Low
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-3139
+
Low
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-3139
+
Low
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-2185
+
Low
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-3140
+
Low
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-0702
+
Low
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-3136
+
Low
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-8629
+
Low
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-2186
+
Low
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-5180
+
Low
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2016-3119
+
Low
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2014-9717
+
Low
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-3138
+
Low
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-8777
+
Low
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2013-2207
+
Low
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-3138
+
Low
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-2186
+
Low
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-8629
+
Low
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2014-9717
+
Low
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-8777
+
Low
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-3137
+
Low
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-2184
+
Low
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-3119
+
Low
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-5180
+
Low
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-6563
+
Low
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2013-2207
+
Low
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2016-2185
+
Low
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-3139
+
Low
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-3140
+
Low
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-0702
+
Low
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-8777
+
Low
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-8629
+
Low
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2008-4108
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-3276
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-2326
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2013-0340
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-5186
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2013-4392
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-8842
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-3210
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2010-0928
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-2325
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-4004
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2013-7040
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2007-6755
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2007-2243
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-5224
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-2779
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-5218
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2011-4116
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2012-3878
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-3276
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2004-0971
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2013-4235
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2007-5686
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-4001
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2012-4542
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2010-4563
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2013-0340
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-4002
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2004-0230
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2004-0971
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-4003
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-2085
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-7885
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2008-4609
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2005-3660
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2007-3719
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2010-0928
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2010-4052
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2010-4756
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2007-6755
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-2325
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-3210
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2010-4051
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-2326
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-8830
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2011-4917
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2011-4915
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-2877
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2007-5686
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-2053
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2013-4235
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-5186
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2013-7040
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2007-2768
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2010-4052
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2010-4756
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2008-3234
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2007-2243
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2010-2198
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2010-4051
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2010-2199
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-2090
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2005-2541
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-8842
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2005-2541
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2013-4235
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2007-5686
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2013-7040
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-2053
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2010-4051
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-2877
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2013-4392
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2011-4915
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2011-4917
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2006-6719
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2012-0954
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2012-3587
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2010-4756
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2010-4052
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2011-3374
+
Negligible
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2013-7040
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2012-3878
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2011-4116
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-5186
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-8830
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-8842
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2013-4392
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2010-4051
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2010-4756
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2010-4052
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2006-6719
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2005-2541
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2004-0971
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-5218
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-2779
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-5224
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2012-0954
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2012-3587
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2011-3374
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2012-3878
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2011-4116
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2005-2541
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-2053
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2007-2768
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2008-3234
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2007-2243
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-2877
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2007-3719
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2007-5686
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2005-3660
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2013-4235
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-2090
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2013-0340
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2008-4609
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2011-4915
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-7885
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-2085
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-4003
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2004-0230
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2011-4917
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-4002
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-2326
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-8830
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-3210
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2010-4563
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-2325
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2012-4542
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-4001
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-5186
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-8842
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-4004
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2011-4116
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2012-3878
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2013-4392
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2008-4108
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-2325
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-3210
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-4004
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-4001
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-2326
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2012-4542
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2010-4563
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-4002
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2004-0230
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-4003
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-2085
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-7885
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2008-4609
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2005-3660
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2007-3719
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2007-3719
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2005-3660
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-5186
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2008-4609
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-7885
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-2085
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-4003
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2004-0230
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-4002
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-8830
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2010-4563
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2011-3374
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2012-3587
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2012-0954
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-3276
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2013-4392
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-8842
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-2090
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2013-0340
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-4001
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-4004
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2011-4917
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2011-4915
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2011-3374
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-2877
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2004-0971
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2012-3587
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-2053
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2006-6719
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2010-2198
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2010-2199
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2007-6755
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2010-0928
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2012-0954
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-3276
+
Negligible
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2010-0928
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2013-0340
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-4004
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2008-4108
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2007-6755
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2008-4108
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-5224
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-2779
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-5218
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-2326
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-4001
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-3210
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2012-4542
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2010-4563
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-2090
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-4002
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2004-0230
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2007-2243
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2008-3234
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-4003
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2007-2768
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-2325
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-2085
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-7885
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2008-4609
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2005-3660
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2007-3719
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-5224
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-2779
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-5186
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-5218
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2007-2243
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2008-3234
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2006-6719
+
Negligible
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2007-2768
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-8830
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2006-6719
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-5224
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-2779
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2004-0971
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-5218
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2011-4917
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2011-4915
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-2877
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2010-0928
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-2053
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2008-3234
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2012-3878
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2007-6755
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2013-4392
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-8842
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-2325
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-3210
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2010-4051
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2011-4116
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-2326
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2007-2768
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2010-4051
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2010-4756
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2010-4052
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-2090
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-2325
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-3210
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2005-2541
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2008-4108
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2004-0971
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2013-7040
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2006-6719
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2012-0954
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2012-3587
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2011-3374
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2007-6755
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2010-0928
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-2326
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-5186
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-2326
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-3210
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-2325
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-5186
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-3276
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2013-4235
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2007-5686
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2007-2768
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2008-3234
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2007-2243
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2010-2198
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2010-2199
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-2090
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2013-7040
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-2053
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2010-4756
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-2877
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2010-4052
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2011-4915
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2011-4917
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-5218
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-2779
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2007-5686
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2013-4235
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-2090
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-5224
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-5218
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-2779
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-5224
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-8842
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-8830
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2013-4392
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2012-3878
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2011-4116
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2008-4108
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2006-6719
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2007-5686
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2007-2768
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2013-4235
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2008-3234
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-3276
+
Negligible
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-2090
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2006-6719
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2007-2243
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2013-0340
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2008-4108
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2010-2198
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2010-2199
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2013-7040
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-3276
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2007-2768
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2008-3234
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2007-2243
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2007-3719
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2007-6755
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2005-3660
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2010-0928
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-2326
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-3210
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2008-4609
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-2325
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-7885
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-2085
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-4003
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2004-0230
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-5186
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-4002
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2010-4051
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2010-4756
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2010-4052
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2010-4563
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2005-2541
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2012-4542
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-4001
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2004-0971
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2013-0340
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-4004
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2007-5686
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2013-4235
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-5218
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-2779
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-5224
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2004-0971
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2007-2243
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2008-3234
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-8842
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2007-2768
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2013-4392
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2012-0954
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-2090
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2012-3587
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2011-3374
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-5224
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-2779
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-5218
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2013-0340
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2005-2541
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2012-3878
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2011-4116
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2012-0954
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2012-3587
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2011-3374
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-3276
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2010-4052
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2010-4756
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2005-2541
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-4004
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2010-4052
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2010-4051
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2010-4756
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-4001
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2012-4542
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2010-4563
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2008-4108
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2011-3374
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2012-3587
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2012-0954
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2006-6719
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-4002
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2004-0230
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2011-4116
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2012-3878
+
Negligible
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-4003
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-2085
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-7885
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2008-4609
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2005-2541
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2005-3660
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2007-3719
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2010-4051
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-2053
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2013-7040
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-2877
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2011-4915
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2011-4917
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-8830
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-8830
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2007-2243
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2008-3234
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2007-3719
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2007-2768
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-4004
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2005-3660
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2011-3374
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2012-3587
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2012-0954
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2011-4917
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2011-4915
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-4001
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-2877
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2008-4108
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2012-4542
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-2325
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-3210
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2008-4609
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2010-4563
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-2326
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-2053
+
Negligible
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-5186
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-3276
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-2326
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-7885
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-3210
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-2325
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2010-2198
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2010-2199
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-2085
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2010-4051
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2010-4756
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2010-4052
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-4003
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2004-0230
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-4002
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2013-7040
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2007-5686
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2013-4235
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-8842
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2013-4392
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2006-6719
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2013-7040
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2011-4116
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2012-3878
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-4004
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2010-4563
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2013-4235
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2007-5686
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-5186
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2013-4392
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-8842
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-4001
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2012-4542
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2010-4563
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-4002
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-4002
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2004-0230
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2013-0340
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-5224
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-2779
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-5218
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-4003
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-2085
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-7885
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2008-4609
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2012-4542
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-3276
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-2090
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-2053
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2004-0230
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-2877
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-4003
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2011-4915
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2011-4917
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2005-3660
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-2085
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-7885
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-4001
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2008-4609
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2007-3719
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-4004
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2005-3660
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2007-3719
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2008-4108
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-8830
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2013-4392
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-8842
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2010-0928
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-8830
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2007-6755
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2011-4116
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2012-3878
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2011-4917
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-8830
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2011-4915
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-2877
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-3276
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-2053
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2011-4917
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2011-4915
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2013-4235
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2007-5686
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2011-3374
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2012-3587
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2013-0340
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-2877
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2012-0954
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2007-3719
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-2053
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2005-3660
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2012-3878
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2011-4116
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-5218
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2008-4609
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-2779
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-7885
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-2085
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-4003
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2004-0230
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-5224
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-4002
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2013-0340
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2006-6719
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2012-0954
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2010-4563
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2012-3587
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2012-4542
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-4001
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2011-3374
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2007-6755
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-4004
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2007-6755
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2010-0928
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2005-2541
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2008-4108
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2007-2768
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2010-0928
+
Negligible
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2008-3234
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2007-2243
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2010-4052
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2010-4756
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2013-7040
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-2090
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2004-0971
+
Negligible
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2010-4051
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-3276
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2008-4108
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-5186
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2013-0340
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2012-0954
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2012-3587
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2011-3374
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-8842
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2004-0971
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2013-4392
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-2326
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-3210
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-2325
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2004-0971
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2010-0928
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2007-2768
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2008-3234
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2007-2243
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2007-6755
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2005-2541
+
Negligible
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-3276
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2011-3374
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2012-3587
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2012-0954
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-5218
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-2779
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-5224
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2007-5686
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2013-4235
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-4004
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2007-2243
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2008-3234
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-5186
+
Negligible
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2007-2768
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-4001
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2012-4542
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2010-4563
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-2053
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2006-6719
+
Negligible
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-2877
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-4002
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2011-4915
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2011-4917
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2004-0230
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-4003
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2012-3878
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2011-4116
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2005-2541
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2013-7040
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-2085
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-7885
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2008-4609
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2010-4051
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-8830
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2005-3660
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2007-3719
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-2325
+
Negligible
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2010-4756
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2010-4052
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-3210
+
Negligible
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-2326
+
Negligible
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2007-2768
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-8830
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2011-4917
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2011-4915
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-2877
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2008-3234
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2007-2243
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-2053
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2013-7040
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2004-0971
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2010-4051
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2010-4756
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2010-4052
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2005-2541
+
Negligible
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2013-4392
+
Negligible
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2007-3719
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-8842
+
Negligible
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2005-3660
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-2090
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2010-2198
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2010-2199
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2008-4609
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-5186
+
Negligible
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-7885
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-2085
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-4003
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2004-0230
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-3276
+
Negligible
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-4002
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2011-3374
+
Negligible
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2012-3587
+
Negligible
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2006-6719
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2010-4563
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2012-0954
+
Negligible
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2012-4542
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-4001
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2012-3878
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2011-4116
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-4004
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2005-2541
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2007-6755
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2010-0928
+
Negligible
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-2326
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-8842
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-2090
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-3210
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-2325
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2013-4392
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-8842
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-5186
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2013-0340
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2008-4108
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-2090
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2013-0340
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2012-0954
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2012-3587
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2011-3374
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2010-2198
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2010-2199
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2004-0971
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2006-6719
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2011-4116
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2012-3878
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2008-4108
+
Negligible
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2013-4392
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2012-3878
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2006-6719
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2013-7040
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2011-4116
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2005-2541
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-8842
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2013-4392
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2013-4235
+
Negligible
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2010-4051
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2010-4756
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2010-4052
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2010-4756
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2010-4052
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2007-5686
+
Negligible
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2010-0928
+
Negligible
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2010-4051
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2007-2768
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2008-3234
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2007-2243
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-4004
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2007-6755
+
Negligible
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2013-0340
+
Negligible
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-4001
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2010-0928
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2012-4542
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2010-4563
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2011-4116
+
Negligible
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2007-6755
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2013-4235
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2007-5686
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-4002
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2004-0230
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-4003
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-2085
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-7885
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2005-2541
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-2325
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-3210
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2008-4609
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2012-3878
+
Negligible
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-2326
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2005-3660
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2007-3719
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2010-4052
+
Negligible
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2010-4756
+
Negligible
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2010-4051
+
Negligible
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-5224
+
Negligible
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2016-2779
+
Negligible
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-5218
+
Negligible
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-8830
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2013-7040
+
Negligible
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2007-2243
+
Negligible
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2008-3234
+
Negligible
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2011-4917
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2011-4915
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-2877
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2007-2768
+
Negligible
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2016-2053
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2013-7040
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-3276
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2008-4108
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2004-0971
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-5218
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-5224
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-2779
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-5218
+
Negligible
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-2779
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-5224
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-5186
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2008-4108
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2013-4392
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-8842
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-2090
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2007-6755
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2010-0928
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2007-5686
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2013-4235
+
Negligible
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2008-4108
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2004-0971
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-8842
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2013-4392
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-3276
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2013-0340
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2005-2541
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2013-0340
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2013-7040
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2013-4235
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2007-5686
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2013-7040
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-2325
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-3210
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-2090
+
Negligible
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2007-6755
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-2326
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2010-0928
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-2326
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-3210
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-2325
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2010-2198
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2010-2199
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2005-2541
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-5186
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2012-0954
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2012-3587
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2011-3374
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-2090
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-3276
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2006-6719
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2004-0971
+
Negligible
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-4004
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2011-4116
+
Negligible
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-4001
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2012-4542
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2010-4563
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2012-3878
+
Negligible
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-4002
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2004-0230
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-4003
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2010-0928
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-2085
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-7885
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2008-4609
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2007-6755
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2005-3660
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2007-3719
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2013-4235
+
Negligible
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2007-5686
+
Negligible
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-3276
+
Negligible
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2011-3374
+
Negligible
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2007-2243
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2008-3234
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2012-3587
+
Negligible
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2007-2768
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2012-0954
+
Negligible
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2010-4052
+
Negligible
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2011-3374
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2012-3587
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2012-0954
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2011-4116
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2012-3878
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2010-4756
+
Negligible
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-8830
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-2326
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2010-4051
+
Negligible
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-3210
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-2325
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-5186
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2007-5686
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2010-4052
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2010-4756
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-5186
+
Negligible
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-5224
+
Negligible
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2016-2779
+
Negligible
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2010-4051
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-5218
+
Negligible
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2011-4917
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2013-4235
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2011-4915
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2006-6719
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-2877
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-2053
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2010-4051
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2010-4756
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2010-4052
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-2053
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2013-0340
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-2877
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-2325
+
Negligible
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2011-4915
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2011-4917
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-3210
+
Negligible
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2012-3878
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2011-4116
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2008-4108
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-2090
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2007-6755
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2004-0971
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-2326
+
Negligible
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2007-2768
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2010-0928
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-8830
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2008-3234
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2007-2243
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2007-5686
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2013-4235
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2012-0954
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2012-3587
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2011-3374
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-3276
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-5218
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-2779
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-5224
+
Negligible
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-3276
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2005-2541
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2012-3878
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2011-4116
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2008-4108
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2006-6719
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2007-6755
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2010-0928
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2007-5686
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2013-4235
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-5218
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2007-3719
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-5218
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2005-3660
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-2779
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-5224
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-2779
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2008-4609
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-4004
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-7885
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-2085
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-4003
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2004-0230
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-4001
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-4002
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-5224
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2012-4542
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2010-4563
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2010-4563
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-4002
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2012-4542
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-4001
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-4004
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-4001
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-4004
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-5224
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-2779
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-5218
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2004-0230
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-4003
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-2085
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-7885
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-5186
+
Negligible
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2008-4609
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2012-4542
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2005-3660
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2013-4392
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-8842
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2008-4108
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2005-2541
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2007-3719
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8830
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2013-4392
+
Negligible
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-8842
+
Negligible
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2004-0971
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2006-6719
+
Negligible
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2016-2053
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2004-0971
+
Negligible
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-2877
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2010-4563
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2011-4915
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2011-4917
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2011-4917
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2011-4915
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-2877
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-4002
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-2053
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2004-0230
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-4003
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-2085
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-7885
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2010-2198
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8830
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2008-4609
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2010-2199
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2004-0971
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2005-3660
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2007-3719
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2010-0928
+
Negligible
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2013-0340
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2007-6755
+
Negligible
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2012-0954
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2012-3587
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2011-3374
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2013-7040
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8842
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2013-4392
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-2326
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2005-2541
+
Negligible
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-3210
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-2325
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2013-4392
+
Negligible
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2007-2768
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2008-3234
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2007-2243
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2007-3719
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-8842
+
Negligible
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2005-3660
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-2090
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-5186
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8830
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2008-4609
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2010-4051
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-7885
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-2085
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-4003
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2004-0230
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2010-4756
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-4002
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2010-4052
+
Negligible
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2010-4052
+
Negligible
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2010-4756
+
Negligible
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2010-4563
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2010-4051
+
Negligible
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2012-4542
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-4001
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2011-4917
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2011-4915
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-4004
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-2877
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2013-7040
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-2053
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2013-4235
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2007-5686
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2010-4051
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2011-3374
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2012-3587
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2012-0954
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2004-0971
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2010-4756
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2010-4052
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-5186
+
Negligible
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2011-4116
+
Negligible
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2008-4108
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2010-4052
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2010-4756
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-2326
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2012-3878
+
Negligible
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2015-3210
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2010-4051
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-2325
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2007-5686
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2006-6719
+
Negligible
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2013-4235
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-2325
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-3210
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-8842
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2013-4392
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-2326
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-4004
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2011-3374
+
Negligible
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2012-3587
+
Negligible
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2015-4001
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2012-4542
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2010-4563
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2012-0954
+
Negligible
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2015-4002
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2004-0230
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-4003
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-2085
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-7885
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2008-4609
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2013-4235
+
Negligible
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2005-3660
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2007-5686
+
Negligible
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2007-3719
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-5224
+
Negligible
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2016-2779
+
Negligible
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2015-5218
+
Negligible
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2005-2541
+
Negligible
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2015-2325
+
Negligible
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2015-3210
+
Negligible
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2015-2326
+
Negligible
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2015-3276
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-2090
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2006-6719
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-8830
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2011-4917
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2011-4915
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-2877
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-2053
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2007-2243
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2008-3234
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2012-0954
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2007-2768
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-4004
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2012-3587
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2011-4116
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2012-3878
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2011-3374
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-4001
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2006-6719
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2010-2198
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2010-2199
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-8842
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2010-0928
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2013-4392
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2013-0340
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2013-7040
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2007-6755
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2007-2768
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2008-3234
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2007-2243
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2006-6719
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-2090
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2004-0971
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-5186
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2012-3878
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2013-0340
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-5186
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-5224
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-2779
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-5218
+
Negligible
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2011-4116
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2005-2541
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2012-4542
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-5218
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2010-4563
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-2779
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-5224
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2011-3374
+
Negligible
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2007-6755
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2004-0971
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2010-0928
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2012-3587
+
Negligible
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2015-5186
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2012-0954
+
Negligible
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2013-4235
+
Negligible
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2015-3276
+
Negligible
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2007-5686
+
Negligible
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2010-4051
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2010-4756
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2010-4052
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2005-2541
+
Negligible
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2011-4116
+
Negligible
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2007-2243
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2008-3234
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2012-3878
+
Negligible
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2007-2768
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2008-4108
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2005-2541
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2013-0340
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-4002
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-2090
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2013-7040
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2007-6755
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2004-0230
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-4003
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-2085
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-7885
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2010-4052
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2010-4756
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2010-0928
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-8842
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2013-4392
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2010-4051
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2007-2768
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2008-3234
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2007-2243
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-2325
+
Negligible
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2015-5224
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-2779
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-5218
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2011-4116
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2012-3878
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-3276
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2008-4609
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-5218
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2013-7040
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-2779
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2013-4235
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2007-5686
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-5224
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2006-6719
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2011-3374
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2012-3587
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2012-0954
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-2326
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2005-2541
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-3210
+
Negligible
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2015-2326
+
Negligible
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2015-3210
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2010-0928
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-2325
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2012-0954
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2012-3587
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2007-6755
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2008-4108
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2011-3374
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-4004
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-4001
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-3276
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2005-3660
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2007-3719
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2012-4542
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-2325
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-3210
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2010-4563
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-4002
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-2326
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2004-0230
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-4003
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-2085
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-7885
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2008-4609
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2005-3660
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2007-3719
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-8830
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2013-4392
+
Negligible
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2015-8842
+
Negligible
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2015-5224
+
Negligible
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2016-2779
+
Negligible
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2015-5218
+
Negligible
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2015-5186
+
Negligible
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2011-4917
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2011-4915
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2010-4052
+
Negligible
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2015-2877
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2010-4756
+
Negligible
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2016-2053
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2010-2198
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2010-2199
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2013-0340
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2007-5686
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-2053
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2013-4235
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-2877
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-2090
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2011-4915
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2011-4917
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2004-0971
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2012-3878
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2011-4116
+
Negligible
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2010-4051
+
Negligible
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2015-8830
+
Negligible
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2012-4542
+
Negligible
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-7515
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-2143
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-2548
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-2546
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-2545
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-8816
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-2543
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-2853
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-2547
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-2384
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-2069
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-2544
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-8812
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-3134
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-2847
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-2854
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-2549
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-3157
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-2117
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-3156
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-2550
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-1350
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-8553
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-5073
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-3217
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-2188
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-3630
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-3069
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-3689
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-3068
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-2781
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-7511
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-3951
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-2381
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-3075
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-1234
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-8776
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-8778
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2014-9761
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-8779
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-0787
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-3672
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-8325
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-1908
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-3630
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-3069
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-3068
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-2381
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-8839
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2016-2782
+
Unknown
+ + +
sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841
+
+ + + +
+
+
CVE-2015-8325
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-1908
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-5073
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-3217
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-3075
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-1234
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-8776
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-8778
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2014-9761
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-8779
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-0787
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-2781
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-8553
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-7511
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-1350
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-2782
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-8839
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-3672
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-2550
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-2549
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-2854
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-2847
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-2545
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-7515
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-2143
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-2548
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-2546
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-3951
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-8816
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-2543
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-2853
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-2547
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-2384
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-2069
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-2544
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-8812
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-3134
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-3689
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-2188
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-3156
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-3157
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-2117
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-3156
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-2117
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-3157
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-3134
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-8812
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-2544
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-2188
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-2069
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-2384
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-3689
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-2547
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-2853
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-2543
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-3951
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-8816
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-2546
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-2548
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-2143
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-7515
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-2545
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-2847
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-2854
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-3672
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-2549
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2016-2550
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-1350
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-8553
+
Unknown
+ + +
sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b
+
+ + + +
+
+
CVE-2015-7511
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-2782
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-8839
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-2782
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-8839
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-3672
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-3951
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-3689
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-2188
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-3156
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-2117
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-3157
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-3134
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-8812
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-2544
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-2069
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-2384
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-2547
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-2853
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-2543
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-8816
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-2546
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-2548
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-2143
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-7515
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-2545
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-2847
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-2854
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-2549
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-2550
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-1350
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-0787
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-7511
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-8553
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-3075
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-1234
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-8776
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-8778
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2014-9761
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-3217
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-5073
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-8779
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-2381
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-8325
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-1908
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-5073
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2015-3217
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-2781
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-0787
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-3630
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-3069
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-3068
+
Unknown
+ + +
sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1
+
+ + + +
+
+
CVE-2016-0787
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-5073
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-3217
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-7511
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-3075
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-1234
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-8776
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-8778
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2014-9761
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-8779
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-2781
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-2381
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-3630
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-2781
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-3069
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-3068
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-2782
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-8839
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-1908
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-3672
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-3951
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-3689
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-2188
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-3156
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-2117
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-3157
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-3134
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-8812
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-8325
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-2544
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-8779
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-2069
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2014-9761
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-8778
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-8776
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-1234
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-2384
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-2547
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-2853
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-2543
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-8816
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-2546
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-2548
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-2143
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-3075
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-7515
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-2545
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-2847
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-2854
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-2549
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-2550
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-2381
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-3068
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-3069
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2016-3630
+
Unknown
+ + +
sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b
+
+ + + +
+
+
CVE-2015-1350
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-8553
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2015-8325
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-1908
+
Unknown
+ + +
sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba
+
+ + + +
+
+
CVE-2016-3075
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-1234
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-8776
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-8778
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2014-9761
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-8779
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-7511
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-2782
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-2781
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-7511
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-8839
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-3672
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-3951
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-3689
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-8553
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-2188
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-1350
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-3156
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-2117
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-3157
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-2550
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-2549
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-2854
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-2847
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-2545
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-7515
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-2143
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-2548
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-2546
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-3134
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-8816
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-2543
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-2853
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-2547
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-2384
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-2069
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-2544
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-8812
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-3134
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-8812
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-2544
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-2069
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-3157
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-2117
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-3156
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-2384
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-2547
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-2853
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-2543
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-8816
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-2188
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-2546
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-2548
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-3689
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-2143
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-7515
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-2545
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-3951
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-2847
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-2854
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-2549
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-2550
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-1350
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-8553
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-3630
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-3069
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-3672
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-3068
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-2381
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-5073
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-3217
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-2781
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-0787
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2015-8839
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-2782
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-8325
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-1908
+
Unknown
+ + +
sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015
+
+ + + +
+
+
CVE-2016-3630
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-0787
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-3069
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-3068
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-2381
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-2781
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-3075
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-1234
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-8776
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-8778
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2014-9761
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-8779
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-8325
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-1908
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-2782
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-8839
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-3672
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-1908
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-3951
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-3689
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-2188
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-3156
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-2117
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-3157
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-3134
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-8812
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-2544
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-8325
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-2069
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-3068
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-3069
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-3630
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-2384
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-2547
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-2853
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-2543
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-8816
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-2381
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-2546
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-2548
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-2143
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-7515
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-2545
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-2847
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-2854
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-2549
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-8779
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-2550
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2014-9761
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-8778
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-8776
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-1234
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-1350
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-8553
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-0787
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-7511
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-5073
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2015-3217
+
Unknown
+ + +
sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565
+
+ + + +
+
+
CVE-2016-3630
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-3069
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-3075
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2016-3068
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-8325
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-1908
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-3217
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-5073
+
Unknown
+ + +
sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc
+
+ + + +
+
+
CVE-2015-7511
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-2781
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-0787
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-5073
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-3217
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-2381
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-2782
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-8839
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-3672
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-3951
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-3689
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-2188
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-3156
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-2117
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-3157
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-3134
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-8812
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-2544
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-2069
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-2384
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-2547
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-2853
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-2543
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-8816
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-2546
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-2548
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-2143
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-7515
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-2381
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-8779
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-2545
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2014-9761
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-8778
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-8776
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-1234
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-2847
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-2854
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-2549
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-2550
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-1350
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-8553
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-3075
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-1234
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-3075
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-8776
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-8778
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2014-9761
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2015-8779
+
Unknown
+ + +
sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499
+
+ + + +
+
+
CVE-2016-3075
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-1234
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-8776
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-8778
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2014-9761
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-8779
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-0787
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-2781
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-2381
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-7511
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-5073
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-3217
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-2782
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-8839
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-7511
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-3672
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-2781
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-3951
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-3689
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-2188
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-3156
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-2117
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-3157
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-3134
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-8812
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-2544
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-2069
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-3217
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-5073
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-2384
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-2547
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-2853
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-2543
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-8816
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-2546
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-2548
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-2143
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-7515
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-2545
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-2847
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-2854
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-2549
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-2550
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-1350
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-8553
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2015-8325
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-1908
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-3630
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-3069
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-3068
+
Unknown
+ + +
sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35
+
+ + + +
+
+
CVE-2016-3075
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-1234
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-8776
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-8778
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2014-9761
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-8779
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-2381
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-8325
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-8553
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-1908
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-1350
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-7511
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-0787
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-5073
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-2550
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-2549
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-2854
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-2847
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-2545
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-7515
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-2143
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-2548
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-2546
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-3217
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-8816
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-2543
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-2853
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-2547
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-2384
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-2069
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-2544
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-8812
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-3134
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-3630
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-3069
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-3068
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-3157
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-2117
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-3156
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-2782
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-8839
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-3672
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-3951
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-3689
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-2188
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-2188
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-3156
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-3689
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-2117
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-3157
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-3134
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-3951
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-8812
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-2544
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-2069
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-2384
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-2547
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-2853
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-2543
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-8816
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-3672
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-2546
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-2548
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-2143
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-7515
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-2545
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-2847
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-8839
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-2782
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-2854
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-2549
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-0787
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-2550
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-1350
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2015-8553
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-2781
+
Unknown
+ + +
sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e
+
+ + + +
+
+
CVE-2016-2782
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-8839
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-3068
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-3069
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-3630
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-3672
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-3951
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-3689
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-2188
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-3156
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-2117
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-1908
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2016-3157
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-3134
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-8812
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-2544
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-2069
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-2384
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-2547
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-2853
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-2543
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-8325
+
Unknown
+ + +
sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5
+
+ + + +
+
+
CVE-2015-8816
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-2546
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-2548
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-2143
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-7515
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-1908
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-2545
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-2847
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-2854
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-2549
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-1350
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-8553
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-2381
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-7511
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-3075
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-8325
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-1234
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-8776
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-8778
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2014-9761
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-8779
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-3217
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-5073
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-3630
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-3069
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-3068
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-5073
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-3217
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2015-8325
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-1908
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-2781
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-0787
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + + +
+
+
CVE-2016-3630
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-3069
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-3068
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-2781
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-8325
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-1908
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-5073
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-3217
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-3075
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-1234
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-8776
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-8778
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2014-9761
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-2781
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-8779
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-7511
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-0787
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-8779
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-2381
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2014-9761
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-8778
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-8776
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-1234
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-2782
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-8839
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-3672
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-3951
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-3689
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-2188
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-3156
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-2117
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-3075
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-3157
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-3134
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-8553
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-8812
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-1350
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-2544
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-2069
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-2384
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-2550
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-2549
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-2854
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-2847
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-2545
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-7515
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-2143
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-2548
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-2546
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-2547
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-8816
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-2543
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-2853
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-2547
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-2384
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-2069
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-2544
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-8812
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-3134
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-2853
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-2543
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-8816
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-3157
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-2117
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-3156
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-2546
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-2548
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-2143
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-7515
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-2545
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-2188
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-2847
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-2854
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-3689
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-2549
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-2550
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-1350
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2016-3951
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-8553
+
Unknown
+ + +
sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6
+
+ + + +
+
+
CVE-2015-5073
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-3217
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-3075
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-1234
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-8776
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-8778
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2014-9761
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-3672
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2015-8779
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-2782
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-8839
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-3672
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-3951
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-3689
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-8839
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-2782
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-2188
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-7511
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-3156
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-2117
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-3157
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-3134
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-8812
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-2544
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-2069
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-2384
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-2547
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-2853
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-2543
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-8816
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-2546
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-2548
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-2143
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-7515
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-2545
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-2381
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-2847
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-2854
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-2549
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-2550
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-1350
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-8553
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-3630
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-3069
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-3068
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-7511
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-2381
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-3068
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-3069
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-3630
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-2781
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2015-8325
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-0787
+
Unknown
+ + +
sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d
+
+ + + +
+
+
CVE-2016-1908
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-0787
+
Unknown
+ + +
sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599
+
+ + + +
+
+
CVE-2016-2781
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-5073
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-3217
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-8325
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-1908
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-2782
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-8839
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-7511
+
Unknown
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2016-3672
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-3951
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-3689
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-2188
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-3156
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-2117
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-3217
+
Unknown
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-5073
+
Unknown
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2016-3157
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-3134
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-8812
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-2544
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-2069
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-2384
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-2547
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-2853
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-2543
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-8816
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-2546
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-2548
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-2143
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-7515
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-2545
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-2847
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-2854
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-2549
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-2550
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-1350
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-8553
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-3075
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-0787
+
Unknown
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2016-1234
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-8776
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-8778
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2014-9761
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-8779
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-3630
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-2781
+
Unknown
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2016-3068
+
Unknown
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2016-3069
+
Unknown
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2016-3630
+
Unknown
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2016-3069
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-3068
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-0787
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2016-2381
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-7511
+
Unknown
+ + +
sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57
+
+ + + +
+
+
CVE-2015-5073
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-3217
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-7511
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-3630
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-3069
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-3068
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-2381
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-3075
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-1234
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-8776
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-8778
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2014-9761
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-8779
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-8325
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-1908
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-0787
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-2782
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-8839
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-3672
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-3951
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-3689
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-2381
+
Unknown
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-8779
+
Unknown
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2016-2188
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2014-9761
+
Unknown
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-8778
+
Unknown
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2015-8776
+
Unknown
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2016-1234
+
Unknown
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2016-3156
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-2117
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-3157
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-3134
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-8812
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-2544
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-2069
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-2384
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-3075
+
Unknown
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2016-2547
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-2853
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-2543
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-8816
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-2546
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-2548
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-1908
+
Unknown
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2016-2143
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-7515
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-2545
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-2847
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-2854
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-2549
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-2550
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-1350
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-8553
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2015-8325
+
Unknown
+ + +
sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4
+
+ + + +
+
+
CVE-2016-2781
+
Unknown
+ + +
sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e
+
+ + + +
+
+
CVE-2016-3630
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-3069
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-3068
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-5073
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-3217
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-7511
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-2782
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-8839
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-3672
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-3951
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-2381
+
Unknown
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2016-3689
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-2188
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-3156
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-2117
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-2781
+
Unknown
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2016-3157
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-3134
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-8812
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-2544
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-2069
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-8779
+
Unknown
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2016-2384
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2014-9761
+
Unknown
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-8778
+
Unknown
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-8776
+
Unknown
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2016-1234
+
Unknown
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2016-2547
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-2853
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-2543
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-8816
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-2546
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-2548
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-2143
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-7515
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-3075
+
Unknown
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2016-2545
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-2847
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-2854
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-2549
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-2550
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-1350
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-8553
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-3075
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-1234
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-8776
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-8778
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2014-9761
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-0787
+
Unknown
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-8779
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-2381
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2015-3217
+
Unknown
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-5073
+
Unknown
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2015-8325
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-1908
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-2781
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-0787
+
Unknown
+ + +
sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31
+
+ + + +
+
+
CVE-2016-2381
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-2782
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8839
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-3672
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-3951
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-3689
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-2188
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-3156
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-2117
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-3157
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-3134
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8812
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-2544
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-2069
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-2384
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-2547
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-2853
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-2543
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8816
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-7511
+
Unknown
+ + +
sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62
+
+ + + +
+
+
CVE-2016-2546
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-2548
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-2143
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-7515
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-2545
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-2847
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-2854
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-2549
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-2550
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-1350
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8553
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-0787
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-2781
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-7511
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-3630
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-3069
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-3068
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-5073
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-3217
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8325
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-1908
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-2781
+
Unknown
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2015-8779
+
Unknown
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2016-3075
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2014-9761
+
Unknown
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2015-8778
+
Unknown
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2015-8776
+
Unknown
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2016-1234
+
Unknown
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2016-1234
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8776
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8778
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2014-9761
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2015-8779
+
Unknown
+ + +
sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d
+
+ + + +
+
+
CVE-2016-3075
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-1234
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-8776
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-3075
+
Unknown
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2015-8778
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2014-9761
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-8779
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-5073
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-3217
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-2381
+
Unknown
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2016-2782
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-8839
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-3672
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-3951
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-3689
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-2188
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-3156
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-2117
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-3157
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-3134
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-8812
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-3217
+
Unknown
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2015-5073
+
Unknown
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2016-2544
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-2069
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-2384
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-2547
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-2853
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-2543
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-8816
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-2546
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-2548
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-2143
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-7515
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-2545
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-2847
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-2854
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-2549
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-2550
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-1350
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-8553
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-2781
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-8325
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-1908
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-0787
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-7511
+
Unknown
+ + +
sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280
+
+ + + +
+
+
CVE-2016-2381
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2015-7511
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-3630
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-3069
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-3068
+
Unknown
+ + +
sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56
+
+ + + +
+
+
CVE-2016-3075
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-1234
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-8776
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-8778
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-7511
+
Unknown
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2014-9761
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-8779
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-8325
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-2381
+
Unknown
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2016-1908
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-5073
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-3217
+
Unknown
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2015-5073
+
Unknown
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2015-3217
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-2781
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-2782
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-8839
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-3672
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-3951
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-3689
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-2188
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-3156
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-2117
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-3157
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-3134
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-8812
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-2544
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-2069
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-2384
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-2547
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-2853
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-2543
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-8816
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-2546
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-2548
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-2143
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-7515
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-2781
+
Unknown
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2016-2545
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-2847
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-2854
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-2549
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-8779
+
Unknown
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2016-2550
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2014-9761
+
Unknown
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2015-8778
+
Unknown
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2015-8776
+
Unknown
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2016-1234
+
Unknown
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2015-1350
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-8553
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2015-7511
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-0787
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-2381
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-3630
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-3069
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-3068
+
Unknown
+ + +
sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190
+
+ + + +
+
+
CVE-2016-3075
+
Unknown
+ + +
sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e
+
+ + + +
+
+
CVE-2016-2550
+
Unknown
+ + +
sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1
+
+ + +
+
+ +
+
+
+
+ +
+

sha256:ef227da735c18376c5d640bdd969fe55a067cd4ae92956d193326355d9ae9190

+
+
+
    + +
  • +
    + pcre3 2:8.35-3.3 - +
    +
      + +
    • + + CVE-2015-8380 +
      The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8390 +
      PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8395 +
      PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392.
      + Link +
      • + +
    • + + CVE-2015-8387 +
      PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-2328 +
      PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8384 +
      PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-8389 +
      PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8388 +
      PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8391 +
      The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8394 +
      PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8386 +
      PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8392 +
      PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-2327 +
      PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8385 +
      PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-3191 +
      The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
      + Link +
      • + +
    • + + CVE-2015-8383 +
      PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8381 +
      The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-1283 +
      The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2014-9769 +
      pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset.
      + Link +
      • + +
    • + + CVE-2015-8382 +
      The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.
      + Link +
      • + +
    • + + CVE-2015-8393 +
      pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
      + Link +
      • + +
    • + + CVE-2015-2326 +
      + Link +
      • + +
    • + + CVE-2015-3210 +
      + Link +
      • + +
    • + + CVE-2015-2325 +
      + Link +
      • + +
    • + + CVE-2015-5073 +
      + Link +
      • + +
    • + + CVE-2015-3217 +
      + Link +
      • + +
    +
    • + +
  • +
    + linux 3.16.7-ckt20-1+deb8u2 - +
    +
      + +
    • + + CVE-2013-7445 +
      The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.
      + Link +
      • + +
    • + + CVE-2016-0728 +
      The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
      + Link +
      • + +
    • + + CVE-2015-8785 +
      The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.
      + Link +
      • + +
    • + + CVE-2015-8767 +
      net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
      + Link +
      • + +
    • + + CVE-2015-7566 +
      The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.
      + Link +
      • + +
    • + + CVE-2013-4312 +
      The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.
      + Link +
      • + +
    • + + CVE-2016-0821 +
      The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.
      + Link +
      • + +
    • + + CVE-2016-0723 +
      Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call.
      + Link +
      • + +
    • + + CVE-2016-3136 +
      + Link +
      • + +
    • + + CVE-2014-9717 +
      + Link +
      • + +
    • + + CVE-2016-3140 +
      + Link +
      • + +
    • + + CVE-2016-3139 +
      + Link +
      • + +
    • + + CVE-2016-2184 +
      + Link +
      • + +
    • + + CVE-2016-3137 +
      + Link +
      • + +
    • + + CVE-2016-2185 +
      + Link +
      • + +
    • + + CVE-2016-3138 +
      + Link +
      • + +
    • + + CVE-2016-2186 +
      + Link +
      • + +
    • + + CVE-2015-8830 +
      + Link +
      • + +
    • + + CVE-2015-7885 +
      The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.
      + Link +
      • + +
    • + + CVE-2015-4003 +
      The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2008-4609 +
      The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
      + Link +
      • + +
    • + + CVE-2004-0230 +
      TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.
      + Link +
      • + +
    • + + CVE-2015-4002 +
      drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions.
      + Link +
      • + +
    • + + CVE-2005-3660 +
      Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference.
      + Link +
      • + +
    • + + CVE-2010-4563 +
      The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping.
      + Link +
      • + +
    • + + CVE-2007-3719 +
      The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
      + Link +
      • + +
    • + + CVE-2016-2053 +
      + Link +
      • + +
    • + + CVE-2011-4917 +
      + Link +
      • + +
    • + + CVE-2011-4915 +
      + Link +
      • + +
    • + + CVE-2012-4542 +
      block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes.
      + Link +
      • + +
    • + + CVE-2015-2877 +
      + Link +
      • + +
    • + + CVE-2015-4004 +
      The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2015-4001 +
      Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet.
      + Link +
      • + +
    • + + CVE-2016-2085 +
      + Link +
      • + +
    • + + CVE-2015-8812 +
      + Link +
      • + +
    • + + CVE-2016-2117 +
      + Link +
      • + +
    • + + CVE-2016-3157 +
      + Link +
      • + +
    • + + CVE-2016-2188 +
      + Link +
      • + +
    • + + CVE-2016-3156 +
      + Link +
      • + +
    • + + CVE-2016-3134 +
      + Link +
      • + +
    • + + CVE-2016-3689 +
      + Link +
      • + +
    • + + CVE-2016-2544 +
      + Link +
      • + +
    • + + CVE-2016-2069 +
      + Link +
      • + +
    • + + CVE-2016-2384 +
      + Link +
      • + +
    • + + CVE-2016-3951 +
      + Link +
      • + +
    • + + CVE-2016-2547 +
      + Link +
      • + +
    • + + CVE-2016-2853 +
      + Link +
      • + +
    • + + CVE-2016-2543 +
      + Link +
      • + +
    • + + CVE-2015-8816 +
      + Link +
      • + +
    • + + CVE-2016-2546 +
      + Link +
      • + +
    • + + CVE-2016-2548 +
      + Link +
      • + +
    • + + CVE-2016-2143 +
      + Link +
      • + +
    • + + CVE-2015-7515 +
      + Link +
      • + +
    • + + CVE-2016-3672 +
      + Link +
      • + +
    • + + CVE-2016-2545 +
      + Link +
      • + +
    • + + CVE-2016-2847 +
      + Link +
      • + +
    • + + CVE-2016-2854 +
      + Link +
      • + +
    • + + CVE-2016-2549 +
      + Link +
      • + +
    • + + CVE-2015-1350 +
      + Link +
      • + +
    • + + CVE-2015-8553 +
      + Link +
      • + +
    • + + CVE-2015-8839 +
      + Link +
      • + +
    • + + CVE-2016-2782 +
      + Link +
      • + +
    • + + CVE-2016-2550 +
      + Link +
      • + +
    +
    • + +
  • +
    + nss 2:3.17.2-1.1+deb8u2 - +
    +
      + +
    • + + CVE-2015-7181 +
      The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue.
      + Link +
      • + +
    • + + CVE-2015-7182 +
      Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.
      + Link +
      • + +
    • + + CVE-2016-1978 +
      Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.
      + Link +
      • + +
    • + + CVE-2015-4000 +
      The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
      + Link +
      • + +
    • + + CVE-2016-1938 +
      The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.
      + Link +
      • + +
    • + + CVE-2016-1950 +
      Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.
      + Link +
      • + +
    • + + CVE-2016-1979 +
      Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding.
      + Link +
      • + +
    • + + CVE-2015-7575 +
      Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.
      + Link +
      • + +
    +
    • + +
  • +
    + openssh 1:6.7p1-5 - +
    +
      + +
    • + + CVE-2015-5600 +
      The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.
      + Link +
      • + +
    • + + CVE-2015-5352 +
      The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.
      + Link +
      • + +
    • + + CVE-2016-3115 +
      Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
      + Link +
      • + +
    • + + CVE-2015-6564 +
      Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
      + Link +
      • + +
    • + + CVE-2016-0778 +
      The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
      + Link +
      • + +
    • + + CVE-2016-0777 +
      The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
      + Link +
      • + +
    • + + CVE-2015-6563 +
      The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
      + Link +
      • + +
    • + + CVE-2007-2243 +
      OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.
      + Link +
      • + +
    • + + CVE-2008-3234 +
      sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.
      + Link +
      • + +
    • + + CVE-2007-2768 +
      OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.
      + Link +
      • + +
    • + + CVE-2016-1908 +
      + Link +
      • + +
    • + + CVE-2015-8325 +
      + Link +
      • + +
    +
    • + +
  • +
    + glibc 2.19-18+deb8u1 - +
    +
      + +
    • + + CVE-2015-5277 +
      The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.
      + Link +
      • + +
    • + + CVE-2016-2856 +
      pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option.
      + Link +
      • + +
    • + + CVE-2014-8121 +
      DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.
      + Link +
      • + +
    • + + CVE-2015-7547 +
      Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
      + Link +
      • + +
    • + + CVE-2015-5180 +
      + Link +
      • + +
    • + + CVE-2013-2207 +
      pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
      + Link +
      • + +
    • + + CVE-2015-8777 +
      The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
      + Link +
      • + +
    • + + CVE-2010-4756 +
      The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
      + Link +
      • + +
    • + + CVE-2010-4052 +
      Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
      + Link +
      • + +
    • + + CVE-2010-4051 +
      The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
      + Link +
      • + +
    • + + CVE-2016-1234 +
      + Link +
      • + +
    • + + CVE-2015-8776 +
      + Link +
      • + +
    • + + CVE-2015-8778 +
      + Link +
      • + +
    • + + CVE-2014-9761 +
      + Link +
      • + +
    • + + CVE-2016-3075 +
      + Link +
      • + +
    • + + CVE-2015-8779 +
      + Link +
      • + +
    +
    • + +
  • +
    + openssl 1.0.1k-3+deb8u2 - +
    +
      + +
    • + + CVE-2016-2842 +
      The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.
      + Link +
      • + +
    • + + CVE-2016-0705 +
      Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
      + Link +
      • + +
    • + + CVE-2016-0799 +
      The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.
      + Link +
      • + +
    • + + CVE-2016-0798 +
      Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.
      + Link +
      • + +
    • + + CVE-2016-0797 +
      Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.
      + Link +
      • + +
    • + + CVE-2016-0702 +
      The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.
      + Link +
      • + +
    • + + CVE-2010-0928 +
      OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."
      + Link +
      • + +
    • + + CVE-2007-6755 +
      The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + krb5 1.12.1+dfsg-19+deb8u1 - +
    +
      + +
    • + + CVE-2015-8631 +
      Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.
      + Link +
      • + +
    • + + CVE-2015-2694 +
      The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.
      + Link +
      • + +
    • + + CVE-2015-8630 +
      The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.
      + Link +
      • + +
    • + + CVE-2016-3119 +
      The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
      + Link +
      • + +
    • + + CVE-2015-8629 +
      The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
      + Link +
      • + +
    • + + CVE-2004-0971 +
      The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
      + Link +
      • + +
    +
    • + +
  • +
    + nettle 2.7.1-5 - +
    +
      + +
    • + + CVE-2015-8803 +
      The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
      + Link +
      • + +
    • + + CVE-2015-8805 +
      The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.
      + Link +
      • + +
    • + + CVE-2015-8804 +
      x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + icu 52.1-8+deb8u3 - +
    +
      + +
    • + + CVE-2015-4844 +
      Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2016-0494 +
      Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2015-2632 +
      Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
      + Link +
      • + +
    +
    • + +
  • +
    + git 1:2.1.4-2.1+deb8u1 - +
    +
      + +
    • + + CVE-2016-2315 +
      revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
      + Link +
      • + +
    • + + CVE-2016-2324 +
      Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
      + Link +
      • + +
    +
    • + +
  • +
    + perl 5.20.2-3+deb8u1 - +
    +
      + +
    • + + CVE-2015-8607 +
      The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
      + Link +
      • + +
    • + + CVE-2011-4116 +
      + Link +
      • + +
    • + + CVE-2012-3878 +
      + Link +
      • + +
    • + + CVE-2016-2381 +
      Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
      + Link +
      • + +
    +
    • + +
  • +
    + gcc-4.9 4.9.2-10 - +
    +
      + +
    • + + CVE-2015-5276 +
      The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + pam 1.1.8-3.1 - +
    +
      + +
    • + + CVE-2015-3238 +
      The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
      + Link +
      • + +
    +
    • + +
  • +
    + apt 1.0.9.8.1 - +
    +
      + +
    • + + CVE-2011-3374 +
      + Link +
      • + +
    • + + CVE-2012-3587 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack.
      + Link +
      • + +
    • + + CVE-2012-0954 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587.
      + Link +
      • + +
    +
    • + +
  • +
    + libidn 1.29-1 - +
    +
      + +
    • + + CVE-2015-2059 +
      The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.
      + Link +
      • + +
    +
    • + +
  • +
    + curl 7.38.0-4+deb8u2 - +
    +
      + +
    • + + CVE-2016-0755 +
      The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
      + Link +
      • + +
    +
    • + +
  • +
    + util-linux 2.25.2-6 - +
    +
      + +
    • + + CVE-2015-5224 +
      + Link +
      • + +
    • + + CVE-2016-2779 +
      + Link +
      • + +
    • + + CVE-2015-5218 +
      Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.
      + Link +
      • + +
    +
    • + +
  • +
    + gnutls28 3.3.8-6+deb8u3 - +
    +
      + +
    • + + CVE-2011-3389 +
      The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
      + Link +
      • + +
    +
    • + +
  • +
    + rpm 4.11.3-1.1 - +
    +
      + +
    • + + CVE-2010-2199 +
      lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059.
      + Link +
      • + +
    • + + CVE-2010-2198 +
      lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creating a hard link to a vulnerable file that has (1) POSIX file capabilities or (2) SELinux context information, a related issue to CVE-2010-2059.
      + Link +
      • + +
    +
    • + +
  • +
    + systemd 215-17+deb8u2 - +
    +
      + +
    • + + CVE-2013-4392 +
      systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.
      + Link +
      • + +
    • + + CVE-2015-8842 +
      + Link +
      • + +
    +
    • + +
  • +
    + shadow 1:4.2-3 - +
    +
      + +
    • + + CVE-2013-4235 +
      + Link +
      • + +
    • + + CVE-2007-5686 +
      initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.
      + Link +
      • + +
    +
    • + +
  • +
    + wget 1.16-1 - +
    +
      + +
    • + + CVE-2006-6719 +
      The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.
      + Link +
      • + +
    +
    • + +
  • +
    + openldap 2.4.40+dfsg-1+deb8u1 - +
    +
      + +
    • + + CVE-2015-3276 +
      The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + python2.7 2.7.9-2 - +
    +
      + +
    • + + CVE-2013-7040 +
      Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.
      + Link +
      • + +
    +
    • + +
  • +
    + tar 1.27.1-2 - +
    +
      + +
    • + + CVE-2005-2541 +
      Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
      + Link +
      • + +
    +
    • + +
  • +
    + libbsd 0.7.0-2 - +
    +
      + +
    • + + CVE-2016-2090 +
      + Link +
      • + +
    +
    • + +
  • +
    + python-defaults 2.7.9-1 - +
    +
      + +
    • + + CVE-2008-4108 +
      Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory.
      + Link +
      • + +
    +
    • + +
  • +
    + audit 1:2.4-1 - +
    +
      + +
    • + + CVE-2015-5186 +
      + Link +
      • + +
    +
    • + +
  • +
    + expat 2.1.0-6+deb8u1 - +
    +
      + +
    • + + CVE-2013-0340 +
      expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + libtext-iconv-perl 1.7-5 - +
    +
      + +
    +
    • + +
  • +
    + init-system-helpers 1.22 - +
    +
      + +
    +
    • + +
  • +
    + insserv 1.14.0-5 - +
    +
      + +
    +
    • + +
  • +
    + gmp 2:6.0.0+dfsg-6 - +
    +
      + +
    +
    • + +
  • +
    + libgpg-error 1.17-3 - +
    +
      + +
    +
    • + +
  • +
    + dpkg 1.17.26 - +
    +
      + +
    +
    • + +
  • +
    + keyutils 1.5.9-5 - +
    +
      + +
    +
    • + +
  • +
    + bzip2 1.0.6-7 - +
    +
      + +
    +
    • + +
  • +
    + serf 1.3.8-1 - +
    +
      + +
    +
    • + +
  • +
    + acl 2.2.52-2 - +
    +
      + +
    +
    • + +
  • +
    + dash 0.5.7-4 - +
    +
      + +
    +
    • + +
  • +
    + libgcrypt20 1.6.3-2 - +
    +
      + +
    • + + CVE-2015-7511 +
      + Link +
      • + +
    +
    • + +
  • +
    + findutils 4.4.2-9 - +
    +
      + +
    +
    • + +
  • +
    + rtmpdump 2.4+20150115.gita107cef-1 - +
    +
      + +
    +
    • + +
  • +
    + gdbm 1.8.3-13.1 - +
    +
      + +
    +
    • + +
  • +
    + lua5.2 5.2.3-1.1 - +
    +
      + +
    +
    • + +
  • +
    + gnupg 1.4.18-7 - +
    +
      + +
    +
    • + +
  • +
    + cloog 0.18.2-1 - +
    +
      + +
    +
    • + +
  • +
    + gzip 1.6-4 - +
    +
      + +
    +
    • + +
  • +
    + popt 1.16-10 - +
    +
      + +
    +
    • + +
  • +
    + apr 1.5.1-3 - +
    +
      + +
    +
    • + +
  • +
    + coreutils 8.23-4 - +
    +
      + +
    • + + CVE-2016-2781 +
      + Link +
      • + +
    +
    • + +
  • +
    + iproute2 3.16.0-2 - +
    +
      + +
    +
    • + +
  • +
    + diffutils 1:3.3-1 - +
    +
      + +
    +
    • + +
  • +
    + xz-utils 5.1.1alpha+20120614-2 - +
    +
      + +
    +
    • + +
  • +
    + libtasn1-6 4.2-3+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + mpclib3 1.0.2-1 - +
    +
      + +
    +
    • + +
  • +
    + bash 4.3-11 - +
    +
      + +
    +
    • + +
  • +
    + ca-certificates 20141019 - +
    +
      + +
    +
    • + +
  • +
    + gcc-4.8 4.8.4-1 - +
    +
      + +
    +
    • + +
  • +
    + bzr 2.6.0+bzr6595-6 - +
    +
      + +
    +
    • + +
  • +
    + debconf 1.5.56 - +
    +
      + +
    +
    • + +
  • +
    + cdebconf 0.192 - +
    +
      + +
    +
    • + +
  • +
    + sysvinit 2.88dsf-59 - +
    +
      + +
    +
    • + +
  • +
    + mawk 1.3.3-17 - +
    +
      + +
    +
    • + +
  • +
    + debian-archive-keyring 2014.3 - +
    +
      + +
    +
    • + +
  • +
    + netbase 5.3 - +
    +
      + +
    +
    • + +
  • +
    + cryptsetup 2:1.6.6-5 - +
    +
      + +
    +
    • + +
  • +
    + procps 2:3.3.9-9 - +
    +
      + +
    +
    • + +
  • +
    + ncurses 5.9+20140913-1 - +
    +
      + +
    +
    • + +
  • +
    + base-passwd 3.5.37 - +
    +
      + +
    +
    • + +
  • +
    + cyrus-sasl2 2.1.26.dfsg1-13+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + grep 2.20-4.1 - +
    +
      + +
    +
    • + +
  • +
    + adduser 3.113+nmu3 - +
    +
      + +
    +
    • + +
  • +
    + db5.3 5.3.28-9 - +
    +
      + +
    +
    • + +
  • +
    + ucf 3.0030 - +
    +
      + +
    +
    • + +
  • +
    + explorercanvas 0.r3-3 - +
    +
      + +
    +
    • + +
  • +
    + readline6 6.3-8 - +
    +
      + +
    +
    • + +
  • +
    + liblocale-gettext-perl 1.05-8 - +
    +
      + +
    +
    • + +
  • +
    + tzdata 2015g-0+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + mime-support 3.58 - +
    +
      + +
    +
    • + +
  • +
    + binutils 2.25-5 - +
    +
      + +
    +
    • + +
  • +
    + elfutils 0.159-4.2 - +
    +
      + +
    +
    • + +
  • +
    + libusb 2:0.1.12-25 - +
    +
      + +
    +
    • + +
  • +
    + libtext-charwidth-perl 0.04-7 - +
    +
      + +
    +
    • + +
  • +
    + p11-kit 0.20.7-1 - +
    +
      + +
    +
    • + +
  • +
    + configobj 5.0.6-1 - +
    +
      + +
    +
    • + +
  • +
    + libtext-wrapi18n-perl 0.06-7 - +
    +
      + +
    +
    • + +
  • +
    + libselinux 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + liberror-perl 0.17-1.1 - +
    +
      + +
    +
    • + +
  • +
    + libssh2 1.4.3-4.1 - +
    +
      + +
    • + + CVE-2016-0787 +
      + Link +
      • + +
    +
    • + +
  • +
    + ustr 1.0.4-3 - +
    +
      + +
    +
    • + +
  • +
    + gcc-defaults 1.136 - +
    +
      + +
    +
    • + +
  • +
    + apr-util 1.5.4-1 - +
    +
      + +
    +
    • + +
  • +
    + subversion 1.8.10-6+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + libsepol 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + debianutils 4.4 - +
    +
      + +
    +
    • + +
  • +
    + sensible-utils 0.0.9 - +
    +
      + +
    +
    • + +
  • +
    + mercurial 3.1.2-2+deb8u1 - +
    +
      + +
    • + + CVE-2016-3068 +
      + Link +
      • + +
    • + + CVE-2016-3069 +
      + Link +
      • + +
    • + + CVE-2016-3630 +
      + Link +
      • + +
    +
    • + +
  • +
    + kmod 18-3 - +
    +
      + +
    +
    • + +
  • +
    + slang2 2.3.0-2 - +
    +
      + +
    +
    • + +
  • +
    + libcap2 1:2.24-8 - +
    +
      + +
    +
    • + +
  • +
    + six 1.8.0-1 - +
    +
      + +
    +
    • + +
  • +
    + sed 4.2.2-4 - +
    +
      + +
    +
    • + +
  • +
    + e2fsprogs 1.42.12-1.1 - +
    +
      + +
    +
    • + +
  • +
    + inetutils 2:1.9.2.39.3a460-3 - +
    +
      + +
    +
    • + +
  • +
    + libpsl 0.5.1-1 - +
    +
      + +
    +
    • + +
  • +
    + zlib 1:1.2.8.dfsg-2 - +
    +
      + +
    +
    • + +
  • +
    + file 1:5.22+15-2 - +
    +
      + +
    +
    • + +
  • +
    + libsemanage 2.3-1 - +
    +
      + +
    +
    • + +
  • +
    + libffi 3.1-2 - +
    +
      + +
    +
    • + +
  • +
    + isl 0.12.2-2 - +
    +
      + +
    +
    • + +
  • +
    + nspr 2:4.10.7-1+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + attr 1:2.4.47-2 - +
    +
      + +
    +
    • + +
  • +
    + startpar 0.59-3 - +
    +
      + +
    +
    • + +
  • +
    + hostname 3.15 - +
    +
      + +
    +
    • + +
  • +
    + sqlite3 3.8.7.1-1+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + lvm2 2.02.111-2.2 - +
    +
      + +
    +
    • + +
  • +
    + lsb 4.1+Debian13+nmu1 - +
    +
      + +
    +
    • + +
  • +
    + base-files 8+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + mpfr4 3.1.2-2 - +
    +
      + +
    +
    • + +
  • +
    + make-dfsg 4.0-8.1 - +
    +
      + +
    +
    • + +
  • +
    + libedit 3.1-20140620-2 - +
    +
      + +
    +
    • + +
+
+
+ +
+

sha256:e898aede6d3be11018f7b5d263738aa662e6c3bf118cd3e20a69865b73c24d56

+
+
+
    + +
  • +
    + pcre3 2:8.35-3.3 - +
    +
      + +
    • + + CVE-2015-8380 +
      The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8390 +
      PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8395 +
      PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392.
      + Link +
      • + +
    • + + CVE-2015-8387 +
      PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-2328 +
      PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8384 +
      PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-8389 +
      PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8388 +
      PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8391 +
      The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8394 +
      PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8386 +
      PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8392 +
      PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-2327 +
      PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8385 +
      PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-3191 +
      The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
      + Link +
      • + +
    • + + CVE-2015-8383 +
      PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8381 +
      The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-1283 +
      The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2014-9769 +
      pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset.
      + Link +
      • + +
    • + + CVE-2015-8382 +
      The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.
      + Link +
      • + +
    • + + CVE-2015-8393 +
      pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
      + Link +
      • + +
    • + + CVE-2015-2326 +
      + Link +
      • + +
    • + + CVE-2015-3210 +
      + Link +
      • + +
    • + + CVE-2015-2325 +
      + Link +
      • + +
    • + + CVE-2015-5073 +
      + Link +
      • + +
    • + + CVE-2015-3217 +
      + Link +
      • + +
    +
    • + +
  • +
    + linux 3.16.7-ckt20-1+deb8u2 - +
    +
      + +
    • + + CVE-2013-7445 +
      The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.
      + Link +
      • + +
    • + + CVE-2016-0728 +
      The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
      + Link +
      • + +
    • + + CVE-2015-8785 +
      The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.
      + Link +
      • + +
    • + + CVE-2015-8767 +
      net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
      + Link +
      • + +
    • + + CVE-2015-7566 +
      The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.
      + Link +
      • + +
    • + + CVE-2013-4312 +
      The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.
      + Link +
      • + +
    • + + CVE-2016-0821 +
      The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.
      + Link +
      • + +
    • + + CVE-2016-0723 +
      Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call.
      + Link +
      • + +
    • + + CVE-2016-3136 +
      + Link +
      • + +
    • + + CVE-2014-9717 +
      + Link +
      • + +
    • + + CVE-2016-3140 +
      + Link +
      • + +
    • + + CVE-2016-3139 +
      + Link +
      • + +
    • + + CVE-2016-2184 +
      + Link +
      • + +
    • + + CVE-2016-3137 +
      + Link +
      • + +
    • + + CVE-2016-2185 +
      + Link +
      • + +
    • + + CVE-2016-3138 +
      + Link +
      • + +
    • + + CVE-2016-2186 +
      + Link +
      • + +
    • + + CVE-2015-8830 +
      + Link +
      • + +
    • + + CVE-2015-7885 +
      The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.
      + Link +
      • + +
    • + + CVE-2015-4003 +
      The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2008-4609 +
      The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
      + Link +
      • + +
    • + + CVE-2004-0230 +
      TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.
      + Link +
      • + +
    • + + CVE-2015-4002 +
      drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions.
      + Link +
      • + +
    • + + CVE-2005-3660 +
      Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference.
      + Link +
      • + +
    • + + CVE-2010-4563 +
      The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping.
      + Link +
      • + +
    • + + CVE-2007-3719 +
      The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
      + Link +
      • + +
    • + + CVE-2016-2053 +
      + Link +
      • + +
    • + + CVE-2011-4917 +
      + Link +
      • + +
    • + + CVE-2011-4915 +
      + Link +
      • + +
    • + + CVE-2012-4542 +
      block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes.
      + Link +
      • + +
    • + + CVE-2015-2877 +
      + Link +
      • + +
    • + + CVE-2015-4004 +
      The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2015-4001 +
      Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet.
      + Link +
      • + +
    • + + CVE-2016-2085 +
      + Link +
      • + +
    • + + CVE-2015-8812 +
      + Link +
      • + +
    • + + CVE-2016-2117 +
      + Link +
      • + +
    • + + CVE-2016-3157 +
      + Link +
      • + +
    • + + CVE-2016-2188 +
      + Link +
      • + +
    • + + CVE-2016-3156 +
      + Link +
      • + +
    • + + CVE-2016-3134 +
      + Link +
      • + +
    • + + CVE-2016-3689 +
      + Link +
      • + +
    • + + CVE-2016-2544 +
      + Link +
      • + +
    • + + CVE-2016-2069 +
      + Link +
      • + +
    • + + CVE-2016-2384 +
      + Link +
      • + +
    • + + CVE-2016-3951 +
      + Link +
      • + +
    • + + CVE-2016-2547 +
      + Link +
      • + +
    • + + CVE-2016-2853 +
      + Link +
      • + +
    • + + CVE-2016-2543 +
      + Link +
      • + +
    • + + CVE-2015-8816 +
      + Link +
      • + +
    • + + CVE-2016-2546 +
      + Link +
      • + +
    • + + CVE-2016-2548 +
      + Link +
      • + +
    • + + CVE-2016-2143 +
      + Link +
      • + +
    • + + CVE-2015-7515 +
      + Link +
      • + +
    • + + CVE-2016-3672 +
      + Link +
      • + +
    • + + CVE-2016-2545 +
      + Link +
      • + +
    • + + CVE-2016-2847 +
      + Link +
      • + +
    • + + CVE-2016-2854 +
      + Link +
      • + +
    • + + CVE-2016-2549 +
      + Link +
      • + +
    • + + CVE-2015-1350 +
      + Link +
      • + +
    • + + CVE-2015-8553 +
      + Link +
      • + +
    • + + CVE-2015-8839 +
      + Link +
      • + +
    • + + CVE-2016-2782 +
      + Link +
      • + +
    • + + CVE-2016-2550 +
      + Link +
      • + +
    +
    • + +
  • +
    + nss 2:3.17.2-1.1+deb8u2 - +
    +
      + +
    • + + CVE-2015-7181 +
      The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue.
      + Link +
      • + +
    • + + CVE-2015-7182 +
      Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.
      + Link +
      • + +
    • + + CVE-2016-1978 +
      Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.
      + Link +
      • + +
    • + + CVE-2015-4000 +
      The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
      + Link +
      • + +
    • + + CVE-2016-1938 +
      The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.
      + Link +
      • + +
    • + + CVE-2016-1950 +
      Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.
      + Link +
      • + +
    • + + CVE-2016-1979 +
      Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding.
      + Link +
      • + +
    • + + CVE-2015-7575 +
      Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.
      + Link +
      • + +
    +
    • + +
  • +
    + openssh 1:6.7p1-5 - +
    +
      + +
    • + + CVE-2015-5600 +
      The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.
      + Link +
      • + +
    • + + CVE-2015-5352 +
      The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.
      + Link +
      • + +
    • + + CVE-2016-3115 +
      Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
      + Link +
      • + +
    • + + CVE-2015-6564 +
      Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
      + Link +
      • + +
    • + + CVE-2016-0778 +
      The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
      + Link +
      • + +
    • + + CVE-2016-0777 +
      The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
      + Link +
      • + +
    • + + CVE-2015-6563 +
      The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
      + Link +
      • + +
    • + + CVE-2007-2243 +
      OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.
      + Link +
      • + +
    • + + CVE-2008-3234 +
      sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.
      + Link +
      • + +
    • + + CVE-2007-2768 +
      OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.
      + Link +
      • + +
    • + + CVE-2016-1908 +
      + Link +
      • + +
    • + + CVE-2015-8325 +
      + Link +
      • + +
    +
    • + +
  • +
    + glibc 2.19-18+deb8u1 - +
    +
      + +
    • + + CVE-2015-5277 +
      The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.
      + Link +
      • + +
    • + + CVE-2016-2856 +
      pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option.
      + Link +
      • + +
    • + + CVE-2014-8121 +
      DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.
      + Link +
      • + +
    • + + CVE-2015-7547 +
      Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
      + Link +
      • + +
    • + + CVE-2015-5180 +
      + Link +
      • + +
    • + + CVE-2013-2207 +
      pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
      + Link +
      • + +
    • + + CVE-2015-8777 +
      The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
      + Link +
      • + +
    • + + CVE-2010-4756 +
      The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
      + Link +
      • + +
    • + + CVE-2010-4052 +
      Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
      + Link +
      • + +
    • + + CVE-2010-4051 +
      The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
      + Link +
      • + +
    • + + CVE-2016-1234 +
      + Link +
      • + +
    • + + CVE-2015-8776 +
      + Link +
      • + +
    • + + CVE-2015-8778 +
      + Link +
      • + +
    • + + CVE-2014-9761 +
      + Link +
      • + +
    • + + CVE-2016-3075 +
      + Link +
      • + +
    • + + CVE-2015-8779 +
      + Link +
      • + +
    +
    • + +
  • +
    + openssl 1.0.1k-3+deb8u2 - +
    +
      + +
    • + + CVE-2016-2842 +
      The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.
      + Link +
      • + +
    • + + CVE-2016-0705 +
      Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
      + Link +
      • + +
    • + + CVE-2016-0799 +
      The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.
      + Link +
      • + +
    • + + CVE-2016-0798 +
      Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.
      + Link +
      • + +
    • + + CVE-2016-0797 +
      Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.
      + Link +
      • + +
    • + + CVE-2016-0702 +
      The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.
      + Link +
      • + +
    • + + CVE-2010-0928 +
      OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."
      + Link +
      • + +
    • + + CVE-2007-6755 +
      The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + krb5 1.12.1+dfsg-19+deb8u1 - +
    +
      + +
    • + + CVE-2015-8631 +
      Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.
      + Link +
      • + +
    • + + CVE-2015-2694 +
      The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.
      + Link +
      • + +
    • + + CVE-2015-8630 +
      The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.
      + Link +
      • + +
    • + + CVE-2016-3119 +
      The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
      + Link +
      • + +
    • + + CVE-2015-8629 +
      The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
      + Link +
      • + +
    • + + CVE-2004-0971 +
      The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
      + Link +
      • + +
    +
    • + +
  • +
    + nettle 2.7.1-5 - +
    +
      + +
    • + + CVE-2015-8803 +
      The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
      + Link +
      • + +
    • + + CVE-2015-8805 +
      The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.
      + Link +
      • + +
    • + + CVE-2015-8804 +
      x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + icu 52.1-8+deb8u3 - +
    +
      + +
    • + + CVE-2015-4844 +
      Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2016-0494 +
      Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2015-2632 +
      Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
      + Link +
      • + +
    +
    • + +
  • +
    + git 1:2.1.4-2.1+deb8u1 - +
    +
      + +
    • + + CVE-2016-2315 +
      revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
      + Link +
      • + +
    • + + CVE-2016-2324 +
      Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
      + Link +
      • + +
    +
    • + +
  • +
    + perl 5.20.2-3+deb8u1 - +
    +
      + +
    • + + CVE-2015-8607 +
      The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
      + Link +
      • + +
    • + + CVE-2011-4116 +
      + Link +
      • + +
    • + + CVE-2012-3878 +
      + Link +
      • + +
    • + + CVE-2016-2381 +
      Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
      + Link +
      • + +
    +
    • + +
  • +
    + curl 7.38.0-4+deb8u2 - +
    +
      + +
    • + + CVE-2016-0755 +
      The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
      + Link +
      • + +
    +
    • + +
  • +
    + libidn 1.29-1 - +
    +
      + +
    • + + CVE-2015-2059 +
      The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.
      + Link +
      • + +
    +
    • + +
  • +
    + apt 1.0.9.8.1 - +
    +
      + +
    • + + CVE-2011-3374 +
      + Link +
      • + +
    • + + CVE-2012-3587 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack.
      + Link +
      • + +
    • + + CVE-2012-0954 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587.
      + Link +
      • + +
    +
    • + +
  • +
    + util-linux 2.25.2-6 - +
    +
      + +
    • + + CVE-2015-5224 +
      + Link +
      • + +
    • + + CVE-2016-2779 +
      + Link +
      • + +
    • + + CVE-2015-5218 +
      Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.
      + Link +
      • + +
    +
    • + +
  • +
    + gcc-4.9 4.9.2-10 - +
    +
      + +
    • + + CVE-2015-5276 +
      The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + pam 1.1.8-3.1 - +
    +
      + +
    • + + CVE-2015-3238 +
      The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
      + Link +
      • + +
    +
    • + +
  • +
    + gnutls28 3.3.8-6+deb8u3 - +
    +
      + +
    • + + CVE-2011-3389 +
      The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
      + Link +
      • + +
    +
    • + +
  • +
    + rpm 4.11.3-1.1 - +
    +
      + +
    • + + CVE-2010-2199 +
      lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059.
      + Link +
      • + +
    • + + CVE-2010-2198 +
      lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creating a hard link to a vulnerable file that has (1) POSIX file capabilities or (2) SELinux context information, a related issue to CVE-2010-2059.
      + Link +
      • + +
    +
    • + +
  • +
    + shadow 1:4.2-3 - +
    +
      + +
    • + + CVE-2013-4235 +
      + Link +
      • + +
    • + + CVE-2007-5686 +
      initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.
      + Link +
      • + +
    +
    • + +
  • +
    + systemd 215-17+deb8u2 - +
    +
      + +
    • + + CVE-2013-4392 +
      systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.
      + Link +
      • + +
    • + + CVE-2015-8842 +
      + Link +
      • + +
    +
    • + +
  • +
    + audit 1:2.4-1 - +
    +
      + +
    • + + CVE-2015-5186 +
      + Link +
      • + +
    +
    • + +
  • +
    + python-defaults 2.7.9-1 - +
    +
      + +
    • + + CVE-2008-4108 +
      Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory.
      + Link +
      • + +
    +
    • + +
  • +
    + python2.7 2.7.9-2 - +
    +
      + +
    • + + CVE-2013-7040 +
      Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.
      + Link +
      • + +
    +
    • + +
  • +
    + openldap 2.4.40+dfsg-1+deb8u1 - +
    +
      + +
    • + + CVE-2015-3276 +
      The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + wget 1.16-1 - +
    +
      + +
    • + + CVE-2006-6719 +
      The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.
      + Link +
      • + +
    +
    • + +
  • +
    + libbsd 0.7.0-2 - +
    +
      + +
    • + + CVE-2016-2090 +
      + Link +
      • + +
    +
    • + +
  • +
    + tar 1.27.1-2 - +
    +
      + +
    • + + CVE-2005-2541 +
      Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
      + Link +
      • + +
    +
    • + +
  • +
    + expat 2.1.0-6+deb8u1 - +
    +
      + +
    • + + CVE-2013-0340 +
      expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + readline6 6.3-8 - +
    +
      + +
    +
    • + +
  • +
    + libtext-wrapi18n-perl 0.06-7 - +
    +
      + +
    +
    • + +
  • +
    + cdebconf 0.192 - +
    +
      + +
    +
    • + +
  • +
    + sysvinit 2.88dsf-59 - +
    +
      + +
    +
    • + +
  • +
    + diffutils 1:3.3-1 - +
    +
      + +
    +
    • + +
  • +
    + base-passwd 3.5.37 - +
    +
      + +
    +
    • + +
  • +
    + binutils 2.25-5 - +
    +
      + +
    +
    • + +
  • +
    + libusb 2:0.1.12-25 - +
    +
      + +
    +
    • + +
  • +
    + lsb 4.1+Debian13+nmu1 - +
    +
      + +
    +
    • + +
  • +
    + libsemanage 2.3-1 - +
    +
      + +
    +
    • + +
  • +
    + bzip2 1.0.6-7 - +
    +
      + +
    +
    • + +
  • +
    + gmp 2:6.0.0+dfsg-6 - +
    +
      + +
    +
    • + +
  • +
    + debianutils 4.4 - +
    +
      + +
    +
    • + +
  • +
    + iproute2 3.16.0-2 - +
    +
      + +
    +
    • + +
  • +
    + tzdata 2015g-0+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + apr 1.5.1-3 - +
    +
      + +
    +
    • + +
  • +
    + nspr 2:4.10.7-1+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + slang2 2.3.0-2 - +
    +
      + +
    +
    • + +
  • +
    + sed 4.2.2-4 - +
    +
      + +
    +
    • + +
  • +
    + libsepol 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + procps 2:3.3.9-9 - +
    +
      + +
    +
    • + +
  • +
    + db5.3 5.3.28-9 - +
    +
      + +
    +
    • + +
  • +
    + cryptsetup 2:1.6.6-5 - +
    +
      + +
    +
    • + +
  • +
    + gnupg 1.4.18-7 - +
    +
      + +
    +
    • + +
  • +
    + netbase 5.3 - +
    +
      + +
    +
    • + +
  • +
    + ncurses 5.9+20140913-1 - +
    +
      + +
    +
    • + +
  • +
    + elfutils 0.159-4.2 - +
    +
      + +
    +
    • + +
  • +
    + liblocale-gettext-perl 1.05-8 - +
    +
      + +
    +
    • + +
  • +
    + dash 0.5.7-4 - +
    +
      + +
    +
    • + +
  • +
    + libssh2 1.4.3-4.1 - +
    +
      + +
    • + + CVE-2016-0787 +
      + Link +
      • + +
    +
    • + +
  • +
    + e2fsprogs 1.42.12-1.1 - +
    +
      + +
    +
    • + +
  • +
    + sqlite3 3.8.7.1-1+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + gcc-4.8 4.8.4-1 - +
    +
      + +
    +
    • + +
  • +
    + ustr 1.0.4-3 - +
    +
      + +
    +
    • + +
  • +
    + zlib 1:1.2.8.dfsg-2 - +
    +
      + +
    +
    • + +
  • +
    + libedit 3.1-20140620-2 - +
    +
      + +
    +
    • + +
  • +
    + mime-support 3.58 - +
    +
      + +
    +
    • + +
  • +
    + popt 1.16-10 - +
    +
      + +
    +
    • + +
  • +
    + lvm2 2.02.111-2.2 - +
    +
      + +
    +
    • + +
  • +
    + coreutils 8.23-4 - +
    +
      + +
    • + + CVE-2016-2781 +
      + Link +
      • + +
    +
    • + +
  • +
    + base-files 8+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + libtext-iconv-perl 1.7-5 - +
    +
      + +
    +
    • + +
  • +
    + lua5.2 5.2.3-1.1 - +
    +
      + +
    +
    • + +
  • +
    + mpfr4 3.1.2-2 - +
    +
      + +
    +
    • + +
  • +
    + mawk 1.3.3-17 - +
    +
      + +
    +
    • + +
  • +
    + hostname 3.15 - +
    +
      + +
    +
    • + +
  • +
    + ca-certificates 20141019 - +
    +
      + +
    +
    • + +
  • +
    + apr-util 1.5.4-1 - +
    +
      + +
    +
    • + +
  • +
    + p11-kit 0.20.7-1 - +
    +
      + +
    +
    • + +
  • +
    + libffi 3.1-2 - +
    +
      + +
    +
    • + +
  • +
    + xz-utils 5.1.1alpha+20120614-2 - +
    +
      + +
    +
    • + +
  • +
    + libgcrypt20 1.6.3-2 - +
    +
      + +
    • + + CVE-2015-7511 +
      + Link +
      • + +
    +
    • + +
  • +
    + libgpg-error 1.17-3 - +
    +
      + +
    +
    • + +
  • +
    + init-system-helpers 1.22 - +
    +
      + +
    +
    • + +
  • +
    + grep 2.20-4.1 - +
    +
      + +
    +
    • + +
  • +
    + libtext-charwidth-perl 0.04-7 - +
    +
      + +
    +
    • + +
  • +
    + ucf 3.0030 - +
    +
      + +
    +
    • + +
  • +
    + bzr 2.6.0+bzr6595-6 - +
    +
      + +
    +
    • + +
  • +
    + file 1:5.22+15-2 - +
    +
      + +
    +
    • + +
  • +
    + gzip 1.6-4 - +
    +
      + +
    +
    • + +
  • +
    + startpar 0.59-3 - +
    +
      + +
    +
    • + +
  • +
    + keyutils 1.5.9-5 - +
    +
      + +
    +
    • + +
  • +
    + isl 0.12.2-2 - +
    +
      + +
    +
    • + +
  • +
    + libpsl 0.5.1-1 - +
    +
      + +
    +
    • + +
  • +
    + libcap2 1:2.24-8 - +
    +
      + +
    +
    • + +
  • +
    + cyrus-sasl2 2.1.26.dfsg1-13+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + subversion 1.8.10-6+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + acl 2.2.52-2 - +
    +
      + +
    +
    • + +
  • +
    + findutils 4.4.2-9 - +
    +
      + +
    +
    • + +
  • +
    + attr 1:2.4.47-2 - +
    +
      + +
    +
    • + +
  • +
    + kmod 18-3 - +
    +
      + +
    +
    • + +
  • +
    + mpclib3 1.0.2-1 - +
    +
      + +
    +
    • + +
  • +
    + liberror-perl 0.17-1.1 - +
    +
      + +
    +
    • + +
  • +
    + cloog 0.18.2-1 - +
    +
      + +
    +
    • + +
  • +
    + sensible-utils 0.0.9 - +
    +
      + +
    +
    • + +
  • +
    + bash 4.3-11 - +
    +
      + +
    +
    • + +
  • +
    + insserv 1.14.0-5 - +
    +
      + +
    +
    • + +
  • +
    + six 1.8.0-1 - +
    +
      + +
    +
    • + +
  • +
    + configobj 5.0.6-1 - +
    +
      + +
    +
    • + +
  • +
    + libselinux 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + debian-archive-keyring 2014.3 - +
    +
      + +
    +
    • + +
  • +
    + libtasn1-6 4.2-3+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + adduser 3.113+nmu3 - +
    +
      + +
    +
    • + +
  • +
    + rtmpdump 2.4+20150115.gita107cef-1 - +
    +
      + +
    +
    • + +
  • +
    + gdbm 1.8.3-13.1 - +
    +
      + +
    +
    • + +
  • +
    + explorercanvas 0.r3-3 - +
    +
      + +
    +
    • + +
  • +
    + inetutils 2:1.9.2.39.3a460-3 - +
    +
      + +
    +
    • + +
  • +
    + mercurial 3.1.2-2+deb8u1 - +
    +
      + +
    • + + CVE-2016-3068 +
      + Link +
      • + +
    • + + CVE-2016-3069 +
      + Link +
      • + +
    • + + CVE-2016-3630 +
      + Link +
      • + +
    +
    • + +
  • +
    + serf 1.3.8-1 - +
    +
      + +
    +
    • + +
  • +
    + gcc-defaults 1.136 - +
    +
      + +
    +
    • + +
  • +
    + debconf 1.5.56 - +
    +
      + +
    +
    • + +
  • +
    + dpkg 1.17.26 - +
    +
      + +
    +
    • + +
  • +
    + make-dfsg 4.0-8.1 - +
    +
      + +
    +
    • + +
+
+
+ +
+

sha256:e3255fa43233655173bbddb3250a5037060c469ed363328aedefd3e4e34eca8d

+
+
+
    + +
  • +
    + pcre3 2:8.35-3.3 - +
    +
      + +
    • + + CVE-2015-8380 +
      The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8390 +
      PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8395 +
      PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392.
      + Link +
      • + +
    • + + CVE-2015-8387 +
      PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-2328 +
      PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8384 +
      PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-8389 +
      PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8388 +
      PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8391 +
      The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8394 +
      PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8386 +
      PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8392 +
      PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-2327 +
      PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8385 +
      PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-3191 +
      The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
      + Link +
      • + +
    • + + CVE-2015-8383 +
      PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8381 +
      The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-1283 +
      The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2014-9769 +
      pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset.
      + Link +
      • + +
    • + + CVE-2015-8382 +
      The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.
      + Link +
      • + +
    • + + CVE-2015-8393 +
      pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
      + Link +
      • + +
    • + + CVE-2015-2326 +
      + Link +
      • + +
    • + + CVE-2015-3210 +
      + Link +
      • + +
    • + + CVE-2015-2325 +
      + Link +
      • + +
    • + + CVE-2015-5073 +
      + Link +
      • + +
    • + + CVE-2015-3217 +
      + Link +
      • + +
    +
    • + +
  • +
    + linux 3.16.7-ckt20-1+deb8u2 - +
    +
      + +
    • + + CVE-2013-7445 +
      The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.
      + Link +
      • + +
    • + + CVE-2016-0728 +
      The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
      + Link +
      • + +
    • + + CVE-2015-8785 +
      The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.
      + Link +
      • + +
    • + + CVE-2015-8767 +
      net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
      + Link +
      • + +
    • + + CVE-2015-7566 +
      The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.
      + Link +
      • + +
    • + + CVE-2013-4312 +
      The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.
      + Link +
      • + +
    • + + CVE-2016-0821 +
      The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.
      + Link +
      • + +
    • + + CVE-2016-0723 +
      Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call.
      + Link +
      • + +
    • + + CVE-2016-3136 +
      + Link +
      • + +
    • + + CVE-2014-9717 +
      + Link +
      • + +
    • + + CVE-2016-3140 +
      + Link +
      • + +
    • + + CVE-2016-3139 +
      + Link +
      • + +
    • + + CVE-2016-2184 +
      + Link +
      • + +
    • + + CVE-2016-3137 +
      + Link +
      • + +
    • + + CVE-2016-2185 +
      + Link +
      • + +
    • + + CVE-2016-3138 +
      + Link +
      • + +
    • + + CVE-2016-2186 +
      + Link +
      • + +
    • + + CVE-2015-8830 +
      + Link +
      • + +
    • + + CVE-2015-7885 +
      The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.
      + Link +
      • + +
    • + + CVE-2015-4003 +
      The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2008-4609 +
      The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
      + Link +
      • + +
    • + + CVE-2004-0230 +
      TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.
      + Link +
      • + +
    • + + CVE-2015-4002 +
      drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions.
      + Link +
      • + +
    • + + CVE-2005-3660 +
      Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference.
      + Link +
      • + +
    • + + CVE-2010-4563 +
      The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping.
      + Link +
      • + +
    • + + CVE-2007-3719 +
      The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
      + Link +
      • + +
    • + + CVE-2016-2053 +
      + Link +
      • + +
    • + + CVE-2011-4917 +
      + Link +
      • + +
    • + + CVE-2011-4915 +
      + Link +
      • + +
    • + + CVE-2012-4542 +
      block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes.
      + Link +
      • + +
    • + + CVE-2015-2877 +
      + Link +
      • + +
    • + + CVE-2015-4004 +
      The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2015-4001 +
      Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet.
      + Link +
      • + +
    • + + CVE-2016-2085 +
      + Link +
      • + +
    • + + CVE-2015-8812 +
      + Link +
      • + +
    • + + CVE-2016-2117 +
      + Link +
      • + +
    • + + CVE-2016-3157 +
      + Link +
      • + +
    • + + CVE-2016-2188 +
      + Link +
      • + +
    • + + CVE-2016-3156 +
      + Link +
      • + +
    • + + CVE-2016-3134 +
      + Link +
      • + +
    • + + CVE-2016-3689 +
      + Link +
      • + +
    • + + CVE-2016-2544 +
      + Link +
      • + +
    • + + CVE-2016-2069 +
      + Link +
      • + +
    • + + CVE-2016-2384 +
      + Link +
      • + +
    • + + CVE-2016-3951 +
      + Link +
      • + +
    • + + CVE-2016-2547 +
      + Link +
      • + +
    • + + CVE-2016-2853 +
      + Link +
      • + +
    • + + CVE-2016-2543 +
      + Link +
      • + +
    • + + CVE-2015-8816 +
      + Link +
      • + +
    • + + CVE-2016-2546 +
      + Link +
      • + +
    • + + CVE-2016-2548 +
      + Link +
      • + +
    • + + CVE-2016-2143 +
      + Link +
      • + +
    • + + CVE-2015-7515 +
      + Link +
      • + +
    • + + CVE-2016-3672 +
      + Link +
      • + +
    • + + CVE-2016-2545 +
      + Link +
      • + +
    • + + CVE-2016-2847 +
      + Link +
      • + +
    • + + CVE-2016-2854 +
      + Link +
      • + +
    • + + CVE-2016-2549 +
      + Link +
      • + +
    • + + CVE-2015-1350 +
      + Link +
      • + +
    • + + CVE-2015-8553 +
      + Link +
      • + +
    • + + CVE-2015-8839 +
      + Link +
      • + +
    • + + CVE-2016-2782 +
      + Link +
      • + +
    • + + CVE-2016-2550 +
      + Link +
      • + +
    +
    • + +
  • +
    + nss 2:3.17.2-1.1+deb8u2 - +
    +
      + +
    • + + CVE-2015-7181 +
      The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue.
      + Link +
      • + +
    • + + CVE-2015-7182 +
      Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.
      + Link +
      • + +
    • + + CVE-2016-1978 +
      Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.
      + Link +
      • + +
    • + + CVE-2015-4000 +
      The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
      + Link +
      • + +
    • + + CVE-2016-1938 +
      The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.
      + Link +
      • + +
    • + + CVE-2016-1950 +
      Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.
      + Link +
      • + +
    • + + CVE-2016-1979 +
      Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding.
      + Link +
      • + +
    • + + CVE-2015-7575 +
      Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.
      + Link +
      • + +
    +
    • + +
  • +
    + openssh 1:6.7p1-5 - +
    +
      + +
    • + + CVE-2015-5600 +
      The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.
      + Link +
      • + +
    • + + CVE-2015-5352 +
      The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.
      + Link +
      • + +
    • + + CVE-2016-3115 +
      Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
      + Link +
      • + +
    • + + CVE-2015-6564 +
      Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
      + Link +
      • + +
    • + + CVE-2016-0778 +
      The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
      + Link +
      • + +
    • + + CVE-2016-0777 +
      The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
      + Link +
      • + +
    • + + CVE-2015-6563 +
      The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
      + Link +
      • + +
    • + + CVE-2007-2243 +
      OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.
      + Link +
      • + +
    • + + CVE-2008-3234 +
      sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.
      + Link +
      • + +
    • + + CVE-2007-2768 +
      OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.
      + Link +
      • + +
    • + + CVE-2016-1908 +
      + Link +
      • + +
    • + + CVE-2015-8325 +
      + Link +
      • + +
    +
    • + +
  • +
    + openssl 1.0.1k-3+deb8u2 - +
    +
      + +
    • + + CVE-2016-2842 +
      The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.
      + Link +
      • + +
    • + + CVE-2016-0705 +
      Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
      + Link +
      • + +
    • + + CVE-2016-0799 +
      The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.
      + Link +
      • + +
    • + + CVE-2016-0798 +
      Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.
      + Link +
      • + +
    • + + CVE-2016-0797 +
      Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.
      + Link +
      • + +
    • + + CVE-2016-0702 +
      The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.
      + Link +
      • + +
    • + + CVE-2010-0928 +
      OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."
      + Link +
      • + +
    • + + CVE-2007-6755 +
      The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + glibc 2.19-18+deb8u1 - +
    +
      + +
    • + + CVE-2015-5277 +
      The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.
      + Link +
      • + +
    • + + CVE-2016-2856 +
      pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option.
      + Link +
      • + +
    • + + CVE-2014-8121 +
      DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.
      + Link +
      • + +
    • + + CVE-2015-7547 +
      Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
      + Link +
      • + +
    • + + CVE-2015-5180 +
      + Link +
      • + +
    • + + CVE-2013-2207 +
      pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
      + Link +
      • + +
    • + + CVE-2015-8777 +
      The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
      + Link +
      • + +
    • + + CVE-2010-4756 +
      The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
      + Link +
      • + +
    • + + CVE-2010-4052 +
      Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
      + Link +
      • + +
    • + + CVE-2010-4051 +
      The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
      + Link +
      • + +
    • + + CVE-2016-1234 +
      + Link +
      • + +
    • + + CVE-2015-8776 +
      + Link +
      • + +
    • + + CVE-2015-8778 +
      + Link +
      • + +
    • + + CVE-2014-9761 +
      + Link +
      • + +
    • + + CVE-2016-3075 +
      + Link +
      • + +
    • + + CVE-2015-8779 +
      + Link +
      • + +
    +
    • + +
  • +
    + krb5 1.12.1+dfsg-19+deb8u1 - +
    +
      + +
    • + + CVE-2015-8631 +
      Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.
      + Link +
      • + +
    • + + CVE-2015-2694 +
      The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.
      + Link +
      • + +
    • + + CVE-2015-8630 +
      The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.
      + Link +
      • + +
    • + + CVE-2016-3119 +
      The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
      + Link +
      • + +
    • + + CVE-2015-8629 +
      The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
      + Link +
      • + +
    • + + CVE-2004-0971 +
      The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
      + Link +
      • + +
    +
    • + +
  • +
    + nettle 2.7.1-5 - +
    +
      + +
    • + + CVE-2015-8803 +
      The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
      + Link +
      • + +
    • + + CVE-2015-8805 +
      The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.
      + Link +
      • + +
    • + + CVE-2015-8804 +
      x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + icu 52.1-8+deb8u3 - +
    +
      + +
    • + + CVE-2015-4844 +
      Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2016-0494 +
      Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2015-2632 +
      Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
      + Link +
      • + +
    +
    • + +
  • +
    + git 1:2.1.4-2.1+deb8u1 - +
    +
      + +
    • + + CVE-2016-2315 +
      revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
      + Link +
      • + +
    • + + CVE-2016-2324 +
      Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
      + Link +
      • + +
    +
    • + +
  • +
    + perl 5.20.2-3+deb8u1 - +
    +
      + +
    • + + CVE-2015-8607 +
      The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
      + Link +
      • + +
    • + + CVE-2011-4116 +
      + Link +
      • + +
    • + + CVE-2012-3878 +
      + Link +
      • + +
    • + + CVE-2016-2381 +
      Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
      + Link +
      • + +
    +
    • + +
  • +
    + gnutls28 3.3.8-6+deb8u3 - +
    +
      + +
    • + + CVE-2011-3389 +
      The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
      + Link +
      • + +
    +
    • + +
  • +
    + util-linux 2.25.2-6 - +
    +
      + +
    • + + CVE-2015-5224 +
      + Link +
      • + +
    • + + CVE-2016-2779 +
      + Link +
      • + +
    • + + CVE-2015-5218 +
      Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.
      + Link +
      • + +
    +
    • + +
  • +
    + gcc-4.9 4.9.2-10 - +
    +
      + +
    • + + CVE-2015-5276 +
      The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + curl 7.38.0-4+deb8u2 - +
    +
      + +
    • + + CVE-2016-0755 +
      The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
      + Link +
      • + +
    +
    • + +
  • +
    + pam 1.1.8-3.1 - +
    +
      + +
    • + + CVE-2015-3238 +
      The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
      + Link +
      • + +
    +
    • + +
  • +
    + libidn 1.29-1 - +
    +
      + +
    • + + CVE-2015-2059 +
      The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.
      + Link +
      • + +
    +
    • + +
  • +
    + apt 1.0.9.8.1 - +
    +
      + +
    • + + CVE-2011-3374 +
      + Link +
      • + +
    • + + CVE-2012-3587 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack.
      + Link +
      • + +
    • + + CVE-2012-0954 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587.
      + Link +
      • + +
    +
    • + +
  • +
    + systemd 215-17+deb8u2 - +
    +
      + +
    • + + CVE-2013-4392 +
      systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.
      + Link +
      • + +
    • + + CVE-2015-8842 +
      + Link +
      • + +
    +
    • + +
  • +
    + shadow 1:4.2-3 - +
    +
      + +
    • + + CVE-2013-4235 +
      + Link +
      • + +
    • + + CVE-2007-5686 +
      initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.
      + Link +
      • + +
    +
    • + +
  • +
    + rpm 4.11.3-1.1 - +
    +
      + +
    • + + CVE-2010-2199 +
      lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059.
      + Link +
      • + +
    • + + CVE-2010-2198 +
      lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creating a hard link to a vulnerable file that has (1) POSIX file capabilities or (2) SELinux context information, a related issue to CVE-2010-2059.
      + Link +
      • + +
    +
    • + +
  • +
    + python2.7 2.7.9-2 - +
    +
      + +
    • + + CVE-2013-7040 +
      Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.
      + Link +
      • + +
    +
    • + +
  • +
    + audit 1:2.4-1 - +
    +
      + +
    • + + CVE-2015-5186 +
      + Link +
      • + +
    +
    • + +
  • +
    + expat 2.1.0-6+deb8u1 - +
    +
      + +
    • + + CVE-2013-0340 +
      expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + openldap 2.4.40+dfsg-1+deb8u1 - +
    +
      + +
    • + + CVE-2015-3276 +
      The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + wget 1.16-1 - +
    +
      + +
    • + + CVE-2006-6719 +
      The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.
      + Link +
      • + +
    +
    • + +
  • +
    + python-defaults 2.7.9-1 - +
    +
      + +
    • + + CVE-2008-4108 +
      Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory.
      + Link +
      • + +
    +
    • + +
  • +
    + tar 1.27.1-2 - +
    +
      + +
    • + + CVE-2005-2541 +
      Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
      + Link +
      • + +
    +
    • + +
  • +
    + libbsd 0.7.0-2 - +
    +
      + +
    • + + CVE-2016-2090 +
      + Link +
      • + +
    +
    • + +
  • +
    + libtext-wrapi18n-perl 0.06-7 - +
    +
      + +
    +
    • + +
  • +
    + libffi 3.1-2 - +
    +
      + +
    +
    • + +
  • +
    + lsb 4.1+Debian13+nmu1 - +
    +
      + +
    +
    • + +
  • +
    + nspr 2:4.10.7-1+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + sysvinit 2.88dsf-59 - +
    +
      + +
    +
    • + +
  • +
    + tzdata 2015g-0+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + base-files 8+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + elfutils 0.159-4.2 - +
    +
      + +
    +
    • + +
  • +
    + sqlite3 3.8.7.1-1+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + binutils 2.25-5 - +
    +
      + +
    +
    • + +
  • +
    + ustr 1.0.4-3 - +
    +
      + +
    +
    • + +
  • +
    + libtext-iconv-perl 1.7-5 - +
    +
      + +
    +
    • + +
  • +
    + libusb 2:0.1.12-25 - +
    +
      + +
    +
    • + +
  • +
    + ncurses 5.9+20140913-1 - +
    +
      + +
    +
    • + +
  • +
    + gnupg 1.4.18-7 - +
    +
      + +
    +
    • + +
  • +
    + gcc-defaults 1.136 - +
    +
      + +
    +
    • + +
  • +
    + sensible-utils 0.0.9 - +
    +
      + +
    +
    • + +
  • +
    + rtmpdump 2.4+20150115.gita107cef-1 - +
    +
      + +
    +
    • + +
  • +
    + libsemanage 2.3-1 - +
    +
      + +
    +
    • + +
  • +
    + slang2 2.3.0-2 - +
    +
      + +
    +
    • + +
  • +
    + liberror-perl 0.17-1.1 - +
    +
      + +
    +
    • + +
  • +
    + insserv 1.14.0-5 - +
    +
      + +
    +
    • + +
  • +
    + mime-support 3.58 - +
    +
      + +
    +
    • + +
  • +
    + mercurial 3.1.2-2+deb8u1 - +
    +
      + +
    • + + CVE-2016-3068 +
      + Link +
      • + +
    • + + CVE-2016-3069 +
      + Link +
      • + +
    • + + CVE-2016-3630 +
      + Link +
      • + +
    +
    • + +
  • +
    + ucf 3.0030 - +
    +
      + +
    +
    • + +
  • +
    + procps 2:3.3.9-9 - +
    +
      + +
    +
    • + +
  • +
    + db5.3 5.3.28-9 - +
    +
      + +
    +
    • + +
  • +
    + diffutils 1:3.3-1 - +
    +
      + +
    +
    • + +
  • +
    + gmp 2:6.0.0+dfsg-6 - +
    +
      + +
    +
    • + +
  • +
    + libgcrypt20 1.6.3-2 - +
    +
      + +
    • + + CVE-2015-7511 +
      + Link +
      • + +
    +
    • + +
  • +
    + liblocale-gettext-perl 1.05-8 - +
    +
      + +
    +
    • + +
  • +
    + bzip2 1.0.6-7 - +
    +
      + +
    +
    • + +
  • +
    + readline6 6.3-8 - +
    +
      + +
    +
    • + +
  • +
    + mpclib3 1.0.2-1 - +
    +
      + +
    +
    • + +
  • +
    + attr 1:2.4.47-2 - +
    +
      + +
    +
    • + +
  • +
    + hostname 3.15 - +
    +
      + +
    +
    • + +
  • +
    + libtasn1-6 4.2-3+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + gdbm 1.8.3-13.1 - +
    +
      + +
    +
    • + +
  • +
    + coreutils 8.23-4 - +
    +
      + +
    • + + CVE-2016-2781 +
      + Link +
      • + +
    +
    • + +
  • +
    + make-dfsg 4.0-8.1 - +
    +
      + +
    +
    • + +
  • +
    + iproute2 3.16.0-2 - +
    +
      + +
    +
    • + +
  • +
    + kmod 18-3 - +
    +
      + +
    +
    • + +
  • +
    + cloog 0.18.2-1 - +
    +
      + +
    +
    • + +
  • +
    + apr-util 1.5.4-1 - +
    +
      + +
    +
    • + +
  • +
    + libgpg-error 1.17-3 - +
    +
      + +
    +
    • + +
  • +
    + gzip 1.6-4 - +
    +
      + +
    +
    • + +
  • +
    + xz-utils 5.1.1alpha+20120614-2 - +
    +
      + +
    +
    • + +
  • +
    + explorercanvas 0.r3-3 - +
    +
      + +
    +
    • + +
  • +
    + isl 0.12.2-2 - +
    +
      + +
    +
    • + +
  • +
    + subversion 1.8.10-6+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + libedit 3.1-20140620-2 - +
    +
      + +
    +
    • + +
  • +
    + serf 1.3.8-1 - +
    +
      + +
    +
    • + +
  • +
    + init-system-helpers 1.22 - +
    +
      + +
    +
    • + +
  • +
    + dash 0.5.7-4 - +
    +
      + +
    +
    • + +
  • +
    + sed 4.2.2-4 - +
    +
      + +
    +
    • + +
  • +
    + dpkg 1.17.26 - +
    +
      + +
    +
    • + +
  • +
    + netbase 5.3 - +
    +
      + +
    +
    • + +
  • +
    + libssh2 1.4.3-4.1 - +
    +
      + +
    • + + CVE-2016-0787 +
      + Link +
      • + +
    +
    • + +
  • +
    + configobj 5.0.6-1 - +
    +
      + +
    +
    • + +
  • +
    + debian-archive-keyring 2014.3 - +
    +
      + +
    +
    • + +
  • +
    + debianutils 4.4 - +
    +
      + +
    +
    • + +
  • +
    + gcc-4.8 4.8.4-1 - +
    +
      + +
    +
    • + +
  • +
    + p11-kit 0.20.7-1 - +
    +
      + +
    +
    • + +
  • +
    + base-passwd 3.5.37 - +
    +
      + +
    +
    • + +
  • +
    + libselinux 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + ca-certificates 20141019 - +
    +
      + +
    +
    • + +
  • +
    + six 1.8.0-1 - +
    +
      + +
    +
    • + +
  • +
    + libsepol 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + debconf 1.5.56 - +
    +
      + +
    +
    • + +
  • +
    + cryptsetup 2:1.6.6-5 - +
    +
      + +
    +
    • + +
  • +
    + libcap2 1:2.24-8 - +
    +
      + +
    +
    • + +
  • +
    + keyutils 1.5.9-5 - +
    +
      + +
    +
    • + +
  • +
    + inetutils 2:1.9.2.39.3a460-3 - +
    +
      + +
    +
    • + +
  • +
    + mpfr4 3.1.2-2 - +
    +
      + +
    +
    • + +
  • +
    + cdebconf 0.192 - +
    +
      + +
    +
    • + +
  • +
    + mawk 1.3.3-17 - +
    +
      + +
    +
    • + +
  • +
    + libtext-charwidth-perl 0.04-7 - +
    +
      + +
    +
    • + +
  • +
    + startpar 0.59-3 - +
    +
      + +
    +
    • + +
  • +
    + bzr 2.6.0+bzr6595-6 - +
    +
      + +
    +
    • + +
  • +
    + lvm2 2.02.111-2.2 - +
    +
      + +
    +
    • + +
  • +
    + adduser 3.113+nmu3 - +
    +
      + +
    +
    • + +
  • +
    + zlib 1:1.2.8.dfsg-2 - +
    +
      + +
    +
    • + +
  • +
    + apr 1.5.1-3 - +
    +
      + +
    +
    • + +
  • +
    + file 1:5.22+15-2 - +
    +
      + +
    +
    • + +
  • +
    + lua5.2 5.2.3-1.1 - +
    +
      + +
    +
    • + +
  • +
    + popt 1.16-10 - +
    +
      + +
    +
    • + +
  • +
    + acl 2.2.52-2 - +
    +
      + +
    +
    • + +
  • +
    + e2fsprogs 1.42.12-1.1 - +
    +
      + +
    +
    • + +
  • +
    + bash 4.3-11 - +
    +
      + +
    +
    • + +
  • +
    + cyrus-sasl2 2.1.26.dfsg1-13+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + grep 2.20-4.1 - +
    +
      + +
    +
    • + +
  • +
    + libpsl 0.5.1-1 - +
    +
      + +
    +
    • + +
  • +
    + findutils 4.4.2-9 - +
    +
      + +
    +
    • + +
+
+
+ +
+

sha256:a98b8d4ed7cd0b0efc531a2e6320fa916deb1e90d3a1b4463749fd0138e79f31

+
+
+
    + +
  • +
    + pcre3 2:8.35-3.3 - +
    +
      + +
    • + + CVE-2015-8380 +
      The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8390 +
      PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8395 +
      PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392.
      + Link +
      • + +
    • + + CVE-2015-8387 +
      PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-2328 +
      PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8384 +
      PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-8389 +
      PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8388 +
      PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8391 +
      The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8394 +
      PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8386 +
      PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8392 +
      PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-2327 +
      PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8385 +
      PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-3191 +
      The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
      + Link +
      • + +
    • + + CVE-2015-8383 +
      PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8381 +
      The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-1283 +
      The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2014-9769 +
      pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset.
      + Link +
      • + +
    • + + CVE-2015-8382 +
      The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.
      + Link +
      • + +
    • + + CVE-2015-8393 +
      pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
      + Link +
      • + +
    • + + CVE-2015-2326 +
      + Link +
      • + +
    • + + CVE-2015-3210 +
      + Link +
      • + +
    • + + CVE-2015-2325 +
      + Link +
      • + +
    • + + CVE-2015-5073 +
      + Link +
      • + +
    • + + CVE-2015-3217 +
      + Link +
      • + +
    +
    • + +
  • +
    + linux 3.16.7-ckt20-1+deb8u2 - +
    +
      + +
    • + + CVE-2013-7445 +
      The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.
      + Link +
      • + +
    • + + CVE-2016-0728 +
      The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
      + Link +
      • + +
    • + + CVE-2015-8785 +
      The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.
      + Link +
      • + +
    • + + CVE-2015-8767 +
      net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
      + Link +
      • + +
    • + + CVE-2015-7566 +
      The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.
      + Link +
      • + +
    • + + CVE-2013-4312 +
      The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.
      + Link +
      • + +
    • + + CVE-2016-0821 +
      The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.
      + Link +
      • + +
    • + + CVE-2016-0723 +
      Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call.
      + Link +
      • + +
    • + + CVE-2016-3136 +
      + Link +
      • + +
    • + + CVE-2014-9717 +
      + Link +
      • + +
    • + + CVE-2016-3140 +
      + Link +
      • + +
    • + + CVE-2016-3139 +
      + Link +
      • + +
    • + + CVE-2016-2184 +
      + Link +
      • + +
    • + + CVE-2016-3137 +
      + Link +
      • + +
    • + + CVE-2016-2185 +
      + Link +
      • + +
    • + + CVE-2016-3138 +
      + Link +
      • + +
    • + + CVE-2016-2186 +
      + Link +
      • + +
    • + + CVE-2015-8830 +
      + Link +
      • + +
    • + + CVE-2015-7885 +
      The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.
      + Link +
      • + +
    • + + CVE-2015-4003 +
      The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2008-4609 +
      The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
      + Link +
      • + +
    • + + CVE-2004-0230 +
      TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.
      + Link +
      • + +
    • + + CVE-2015-4002 +
      drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions.
      + Link +
      • + +
    • + + CVE-2005-3660 +
      Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference.
      + Link +
      • + +
    • + + CVE-2010-4563 +
      The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping.
      + Link +
      • + +
    • + + CVE-2007-3719 +
      The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
      + Link +
      • + +
    • + + CVE-2016-2053 +
      + Link +
      • + +
    • + + CVE-2011-4917 +
      + Link +
      • + +
    • + + CVE-2011-4915 +
      + Link +
      • + +
    • + + CVE-2012-4542 +
      block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes.
      + Link +
      • + +
    • + + CVE-2015-2877 +
      + Link +
      • + +
    • + + CVE-2015-4004 +
      The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2015-4001 +
      Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet.
      + Link +
      • + +
    • + + CVE-2016-2085 +
      + Link +
      • + +
    • + + CVE-2015-8812 +
      + Link +
      • + +
    • + + CVE-2016-2117 +
      + Link +
      • + +
    • + + CVE-2016-3157 +
      + Link +
      • + +
    • + + CVE-2016-2188 +
      + Link +
      • + +
    • + + CVE-2016-3156 +
      + Link +
      • + +
    • + + CVE-2016-3134 +
      + Link +
      • + +
    • + + CVE-2016-3689 +
      + Link +
      • + +
    • + + CVE-2016-2544 +
      + Link +
      • + +
    • + + CVE-2016-2069 +
      + Link +
      • + +
    • + + CVE-2016-2384 +
      + Link +
      • + +
    • + + CVE-2016-3951 +
      + Link +
      • + +
    • + + CVE-2016-2547 +
      + Link +
      • + +
    • + + CVE-2016-2853 +
      + Link +
      • + +
    • + + CVE-2016-2543 +
      + Link +
      • + +
    • + + CVE-2015-8816 +
      + Link +
      • + +
    • + + CVE-2016-2546 +
      + Link +
      • + +
    • + + CVE-2016-2548 +
      + Link +
      • + +
    • + + CVE-2016-2143 +
      + Link +
      • + +
    • + + CVE-2015-7515 +
      + Link +
      • + +
    • + + CVE-2016-3672 +
      + Link +
      • + +
    • + + CVE-2016-2545 +
      + Link +
      • + +
    • + + CVE-2016-2847 +
      + Link +
      • + +
    • + + CVE-2016-2854 +
      + Link +
      • + +
    • + + CVE-2016-2549 +
      + Link +
      • + +
    • + + CVE-2015-1350 +
      + Link +
      • + +
    • + + CVE-2015-8553 +
      + Link +
      • + +
    • + + CVE-2015-8839 +
      + Link +
      • + +
    • + + CVE-2016-2782 +
      + Link +
      • + +
    • + + CVE-2016-2550 +
      + Link +
      • + +
    +
    • + +
  • +
    + nss 2:3.17.2-1.1+deb8u2 - +
    +
      + +
    • + + CVE-2015-7181 +
      The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue.
      + Link +
      • + +
    • + + CVE-2015-7182 +
      Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.
      + Link +
      • + +
    • + + CVE-2016-1978 +
      Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.
      + Link +
      • + +
    • + + CVE-2015-4000 +
      The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
      + Link +
      • + +
    • + + CVE-2016-1938 +
      The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.
      + Link +
      • + +
    • + + CVE-2016-1950 +
      Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.
      + Link +
      • + +
    • + + CVE-2016-1979 +
      Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding.
      + Link +
      • + +
    • + + CVE-2015-7575 +
      Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.
      + Link +
      • + +
    +
    • + +
  • +
    + openssh 1:6.7p1-5 - +
    +
      + +
    • + + CVE-2015-5600 +
      The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.
      + Link +
      • + +
    • + + CVE-2015-5352 +
      The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.
      + Link +
      • + +
    • + + CVE-2016-3115 +
      Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
      + Link +
      • + +
    • + + CVE-2015-6564 +
      Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
      + Link +
      • + +
    • + + CVE-2016-0778 +
      The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
      + Link +
      • + +
    • + + CVE-2016-0777 +
      The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
      + Link +
      • + +
    • + + CVE-2015-6563 +
      The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
      + Link +
      • + +
    • + + CVE-2007-2243 +
      OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.
      + Link +
      • + +
    • + + CVE-2008-3234 +
      sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.
      + Link +
      • + +
    • + + CVE-2007-2768 +
      OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.
      + Link +
      • + +
    • + + CVE-2016-1908 +
      + Link +
      • + +
    • + + CVE-2015-8325 +
      + Link +
      • + +
    +
    • + +
  • +
    + openssl 1.0.1k-3+deb8u2 - +
    +
      + +
    • + + CVE-2016-2842 +
      The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.
      + Link +
      • + +
    • + + CVE-2016-0705 +
      Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
      + Link +
      • + +
    • + + CVE-2016-0799 +
      The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.
      + Link +
      • + +
    • + + CVE-2016-0798 +
      Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.
      + Link +
      • + +
    • + + CVE-2016-0797 +
      Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.
      + Link +
      • + +
    • + + CVE-2016-0702 +
      The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.
      + Link +
      • + +
    • + + CVE-2010-0928 +
      OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."
      + Link +
      • + +
    • + + CVE-2007-6755 +
      The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + glibc 2.19-18+deb8u1 - +
    +
      + +
    • + + CVE-2015-5277 +
      The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.
      + Link +
      • + +
    • + + CVE-2016-2856 +
      pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option.
      + Link +
      • + +
    • + + CVE-2014-8121 +
      DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.
      + Link +
      • + +
    • + + CVE-2015-7547 +
      Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
      + Link +
      • + +
    • + + CVE-2015-5180 +
      + Link +
      • + +
    • + + CVE-2013-2207 +
      pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
      + Link +
      • + +
    • + + CVE-2015-8777 +
      The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
      + Link +
      • + +
    • + + CVE-2010-4756 +
      The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
      + Link +
      • + +
    • + + CVE-2010-4052 +
      Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
      + Link +
      • + +
    • + + CVE-2010-4051 +
      The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
      + Link +
      • + +
    • + + CVE-2016-1234 +
      + Link +
      • + +
    • + + CVE-2015-8776 +
      + Link +
      • + +
    • + + CVE-2015-8778 +
      + Link +
      • + +
    • + + CVE-2014-9761 +
      + Link +
      • + +
    • + + CVE-2016-3075 +
      + Link +
      • + +
    • + + CVE-2015-8779 +
      + Link +
      • + +
    +
    • + +
  • +
    + krb5 1.12.1+dfsg-19+deb8u1 - +
    +
      + +
    • + + CVE-2015-8631 +
      Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.
      + Link +
      • + +
    • + + CVE-2015-2694 +
      The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.
      + Link +
      • + +
    • + + CVE-2015-8630 +
      The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.
      + Link +
      • + +
    • + + CVE-2016-3119 +
      The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
      + Link +
      • + +
    • + + CVE-2015-8629 +
      The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
      + Link +
      • + +
    • + + CVE-2004-0971 +
      The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
      + Link +
      • + +
    +
    • + +
  • +
    + nettle 2.7.1-5 - +
    +
      + +
    • + + CVE-2015-8803 +
      The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
      + Link +
      • + +
    • + + CVE-2015-8805 +
      The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.
      + Link +
      • + +
    • + + CVE-2015-8804 +
      x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + icu 52.1-8+deb8u3 - +
    +
      + +
    • + + CVE-2015-4844 +
      Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2016-0494 +
      Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2015-2632 +
      Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
      + Link +
      • + +
    +
    • + +
  • +
    + git 1:2.1.4-2.1+deb8u1 - +
    +
      + +
    • + + CVE-2016-2315 +
      revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
      + Link +
      • + +
    • + + CVE-2016-2324 +
      Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
      + Link +
      • + +
    +
    • + +
  • +
    + perl 5.20.2-3+deb8u1 - +
    +
      + +
    • + + CVE-2015-8607 +
      The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
      + Link +
      • + +
    • + + CVE-2011-4116 +
      + Link +
      • + +
    • + + CVE-2012-3878 +
      + Link +
      • + +
    • + + CVE-2016-2381 +
      Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
      + Link +
      • + +
    +
    • + +
  • +
    + pam 1.1.8-3.1 - +
    +
      + +
    • + + CVE-2015-3238 +
      The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
      + Link +
      • + +
    +
    • + +
  • +
    + libidn 1.29-1 - +
    +
      + +
    • + + CVE-2015-2059 +
      The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.
      + Link +
      • + +
    +
    • + +
  • +
    + gcc-4.9 4.9.2-10 - +
    +
      + +
    • + + CVE-2015-5276 +
      The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + curl 7.38.0-4+deb8u2 - +
    +
      + +
    • + + CVE-2016-0755 +
      The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
      + Link +
      • + +
    +
    • + +
  • +
    + gnutls28 3.3.8-6+deb8u3 - +
    +
      + +
    • + + CVE-2011-3389 +
      The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
      + Link +
      • + +
    +
    • + +
  • +
    + apt 1.0.9.8.1 - +
    +
      + +
    • + + CVE-2011-3374 +
      + Link +
      • + +
    • + + CVE-2012-3587 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack.
      + Link +
      • + +
    • + + CVE-2012-0954 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587.
      + Link +
      • + +
    +
    • + +
  • +
    + util-linux 2.25.2-6 - +
    +
      + +
    • + + CVE-2015-5224 +
      + Link +
      • + +
    • + + CVE-2016-2779 +
      + Link +
      • + +
    • + + CVE-2015-5218 +
      Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.
      + Link +
      • + +
    +
    • + +
  • +
    + systemd 215-17+deb8u2 - +
    +
      + +
    • + + CVE-2013-4392 +
      systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.
      + Link +
      • + +
    • + + CVE-2015-8842 +
      + Link +
      • + +
    +
    • + +
  • +
    + shadow 1:4.2-3 - +
    +
      + +
    • + + CVE-2013-4235 +
      + Link +
      • + +
    • + + CVE-2007-5686 +
      initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.
      + Link +
      • + +
    +
    • + +
  • +
    + rpm 4.11.3-1.1 - +
    +
      + +
    • + + CVE-2010-2199 +
      lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059.
      + Link +
      • + +
    • + + CVE-2010-2198 +
      lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creating a hard link to a vulnerable file that has (1) POSIX file capabilities or (2) SELinux context information, a related issue to CVE-2010-2059.
      + Link +
      • + +
    +
    • + +
  • +
    + openldap 2.4.40+dfsg-1+deb8u1 - +
    +
      + +
    • + + CVE-2015-3276 +
      The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + wget 1.16-1 - +
    +
      + +
    • + + CVE-2006-6719 +
      The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.
      + Link +
      • + +
    +
    • + +
  • +
    + audit 1:2.4-1 - +
    +
      + +
    • + + CVE-2015-5186 +
      + Link +
      • + +
    +
    • + +
  • +
    + python-defaults 2.7.9-1 - +
    +
      + +
    • + + CVE-2008-4108 +
      Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory.
      + Link +
      • + +
    +
    • + +
  • +
    + tar 1.27.1-2 - +
    +
      + +
    • + + CVE-2005-2541 +
      Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
      + Link +
      • + +
    +
    • + +
  • +
    + expat 2.1.0-6+deb8u1 - +
    +
      + +
    • + + CVE-2013-0340 +
      expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + python2.7 2.7.9-2 - +
    +
      + +
    • + + CVE-2013-7040 +
      Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.
      + Link +
      • + +
    +
    • + +
  • +
    + libbsd 0.7.0-2 - +
    +
      + +
    • + + CVE-2016-2090 +
      + Link +
      • + +
    +
    • + +
  • +
    + gzip 1.6-4 - +
    +
      + +
    +
    • + +
  • +
    + libcap2 1:2.24-8 - +
    +
      + +
    +
    • + +
  • +
    + p11-kit 0.20.7-1 - +
    +
      + +
    +
    • + +
  • +
    + hostname 3.15 - +
    +
      + +
    +
    • + +
  • +
    + explorercanvas 0.r3-3 - +
    +
      + +
    +
    • + +
  • +
    + liblocale-gettext-perl 1.05-8 - +
    +
      + +
    +
    • + +
  • +
    + sed 4.2.2-4 - +
    +
      + +
    +
    • + +
  • +
    + attr 1:2.4.47-2 - +
    +
      + +
    +
    • + +
  • +
    + debconf 1.5.56 - +
    +
      + +
    +
    • + +
  • +
    + dpkg 1.17.26 - +
    +
      + +
    +
    • + +
  • +
    + mpfr4 3.1.2-2 - +
    +
      + +
    +
    • + +
  • +
    + nspr 2:4.10.7-1+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + libtext-charwidth-perl 0.04-7 - +
    +
      + +
    +
    • + +
  • +
    + findutils 4.4.2-9 - +
    +
      + +
    +
    • + +
  • +
    + coreutils 8.23-4 - +
    +
      + +
    • + + CVE-2016-2781 +
      + Link +
      • + +
    +
    • + +
  • +
    + file 1:5.22+15-2 - +
    +
      + +
    +
    • + +
  • +
    + libgcrypt20 1.6.3-2 - +
    +
      + +
    • + + CVE-2015-7511 +
      + Link +
      • + +
    +
    • + +
  • +
    + sensible-utils 0.0.9 - +
    +
      + +
    +
    • + +
  • +
    + gnupg 1.4.18-7 - +
    +
      + +
    +
    • + +
  • +
    + lsb 4.1+Debian13+nmu1 - +
    +
      + +
    +
    • + +
  • +
    + libpsl 0.5.1-1 - +
    +
      + +
    +
    • + +
  • +
    + libselinux 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + ustr 1.0.4-3 - +
    +
      + +
    +
    • + +
  • +
    + procps 2:3.3.9-9 - +
    +
      + +
    +
    • + +
  • +
    + kmod 18-3 - +
    +
      + +
    +
    • + +
  • +
    + dash 0.5.7-4 - +
    +
      + +
    +
    • + +
  • +
    + elfutils 0.159-4.2 - +
    +
      + +
    +
    • + +
  • +
    + iproute2 3.16.0-2 - +
    +
      + +
    +
    • + +
  • +
    + tzdata 2015g-0+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + apr-util 1.5.4-1 - +
    +
      + +
    +
    • + +
  • +
    + grep 2.20-4.1 - +
    +
      + +
    +
    • + +
  • +
    + adduser 3.113+nmu3 - +
    +
      + +
    +
    • + +
  • +
    + init-system-helpers 1.22 - +
    +
      + +
    +
    • + +
  • +
    + isl 0.12.2-2 - +
    +
      + +
    +
    • + +
  • +
    + startpar 0.59-3 - +
    +
      + +
    +
    • + +
  • +
    + libsemanage 2.3-1 - +
    +
      + +
    +
    • + +
  • +
    + gcc-4.8 4.8.4-1 - +
    +
      + +
    +
    • + +
  • +
    + debian-archive-keyring 2014.3 - +
    +
      + +
    +
    • + +
  • +
    + gmp 2:6.0.0+dfsg-6 - +
    +
      + +
    +
    • + +
  • +
    + rtmpdump 2.4+20150115.gita107cef-1 - +
    +
      + +
    +
    • + +
  • +
    + gdbm 1.8.3-13.1 - +
    +
      + +
    +
    • + +
  • +
    + bzr 2.6.0+bzr6595-6 - +
    +
      + +
    +
    • + +
  • +
    + sqlite3 3.8.7.1-1+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + serf 1.3.8-1 - +
    +
      + +
    +
    • + +
  • +
    + mpclib3 1.0.2-1 - +
    +
      + +
    +
    • + +
  • +
    + popt 1.16-10 - +
    +
      + +
    +
    • + +
  • +
    + slang2 2.3.0-2 - +
    +
      + +
    +
    • + +
  • +
    + libffi 3.1-2 - +
    +
      + +
    +
    • + +
  • +
    + libtasn1-6 4.2-3+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + sysvinit 2.88dsf-59 - +
    +
      + +
    +
    • + +
  • +
    + subversion 1.8.10-6+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + six 1.8.0-1 - +
    +
      + +
    +
    • + +
  • +
    + bzip2 1.0.6-7 - +
    +
      + +
    +
    • + +
  • +
    + configobj 5.0.6-1 - +
    +
      + +
    +
    • + +
  • +
    + mime-support 3.58 - +
    +
      + +
    +
    • + +
  • +
    + gcc-defaults 1.136 - +
    +
      + +
    +
    • + +
  • +
    + diffutils 1:3.3-1 - +
    +
      + +
    +
    • + +
  • +
    + keyutils 1.5.9-5 - +
    +
      + +
    +
    • + +
  • +
    + base-passwd 3.5.37 - +
    +
      + +
    +
    • + +
  • +
    + mercurial 3.1.2-2+deb8u1 - +
    +
      + +
    • + + CVE-2016-3068 +
      + Link +
      • + +
    • + + CVE-2016-3069 +
      + Link +
      • + +
    • + + CVE-2016-3630 +
      + Link +
      • + +
    +
    • + +
  • +
    + libedit 3.1-20140620-2 - +
    +
      + +
    +
    • + +
  • +
    + lvm2 2.02.111-2.2 - +
    +
      + +
    +
    • + +
  • +
    + libtext-wrapi18n-perl 0.06-7 - +
    +
      + +
    +
    • + +
  • +
    + netbase 5.3 - +
    +
      + +
    +
    • + +
  • +
    + cyrus-sasl2 2.1.26.dfsg1-13+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + zlib 1:1.2.8.dfsg-2 - +
    +
      + +
    +
    • + +
  • +
    + cryptsetup 2:1.6.6-5 - +
    +
      + +
    +
    • + +
  • +
    + libsepol 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + apr 1.5.1-3 - +
    +
      + +
    +
    • + +
  • +
    + liberror-perl 0.17-1.1 - +
    +
      + +
    +
    • + +
  • +
    + inetutils 2:1.9.2.39.3a460-3 - +
    +
      + +
    +
    • + +
  • +
    + debianutils 4.4 - +
    +
      + +
    +
    • + +
  • +
    + e2fsprogs 1.42.12-1.1 - +
    +
      + +
    +
    • + +
  • +
    + insserv 1.14.0-5 - +
    +
      + +
    +
    • + +
  • +
    + readline6 6.3-8 - +
    +
      + +
    +
    • + +
  • +
    + base-files 8+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + make-dfsg 4.0-8.1 - +
    +
      + +
    +
    • + +
  • +
    + libusb 2:0.1.12-25 - +
    +
      + +
    +
    • + +
  • +
    + acl 2.2.52-2 - +
    +
      + +
    +
    • + +
  • +
    + libtext-iconv-perl 1.7-5 - +
    +
      + +
    +
    • + +
  • +
    + bash 4.3-11 - +
    +
      + +
    +
    • + +
  • +
    + cloog 0.18.2-1 - +
    +
      + +
    +
    • + +
  • +
    + binutils 2.25-5 - +
    +
      + +
    +
    • + +
  • +
    + xz-utils 5.1.1alpha+20120614-2 - +
    +
      + +
    +
    • + +
  • +
    + libssh2 1.4.3-4.1 - +
    +
      + +
    • + + CVE-2016-0787 +
      + Link +
      • + +
    +
    • + +
  • +
    + mawk 1.3.3-17 - +
    +
      + +
    +
    • + +
  • +
    + libgpg-error 1.17-3 - +
    +
      + +
    +
    • + +
  • +
    + db5.3 5.3.28-9 - +
    +
      + +
    +
    • + +
  • +
    + cdebconf 0.192 - +
    +
      + +
    +
    • + +
  • +
    + ncurses 5.9+20140913-1 - +
    +
      + +
    +
    • + +
  • +
    + ca-certificates 20141019 - +
    +
      + +
    +
    • + +
  • +
    + ucf 3.0030 - +
    +
      + +
    +
    • + +
  • +
    + lua5.2 5.2.3-1.1 - +
    +
      + +
    +
    • + +
+
+
+ +
+

sha256:982f7a61ed69ea684a9c326dceabd74fcc6e25aafd179b0b55861a048902dd2e

+
+
+
    + +
  • +
    + pcre3 2:8.35-3.3 - +
    +
      + +
    • + + CVE-2015-8380 +
      The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8390 +
      PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8395 +
      PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392.
      + Link +
      • + +
    • + + CVE-2015-8387 +
      PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-2328 +
      PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8384 +
      PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-8389 +
      PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8388 +
      PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8391 +
      The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8394 +
      PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8386 +
      PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8392 +
      PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-2327 +
      PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8385 +
      PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-3191 +
      The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
      + Link +
      • + +
    • + + CVE-2015-8383 +
      PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8381 +
      The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-1283 +
      The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2014-9769 +
      pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset.
      + Link +
      • + +
    • + + CVE-2015-8382 +
      The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.
      + Link +
      • + +
    • + + CVE-2015-8393 +
      pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
      + Link +
      • + +
    • + + CVE-2015-2326 +
      + Link +
      • + +
    • + + CVE-2015-3210 +
      + Link +
      • + +
    • + + CVE-2015-2325 +
      + Link +
      • + +
    • + + CVE-2015-5073 +
      + Link +
      • + +
    • + + CVE-2015-3217 +
      + Link +
      • + +
    +
    • + +
  • +
    + linux 3.16.7-ckt20-1+deb8u2 - +
    +
      + +
    • + + CVE-2013-7445 +
      The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.
      + Link +
      • + +
    • + + CVE-2016-0728 +
      The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
      + Link +
      • + +
    • + + CVE-2015-8785 +
      The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.
      + Link +
      • + +
    • + + CVE-2015-8767 +
      net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
      + Link +
      • + +
    • + + CVE-2015-7566 +
      The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.
      + Link +
      • + +
    • + + CVE-2013-4312 +
      The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.
      + Link +
      • + +
    • + + CVE-2016-0821 +
      The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.
      + Link +
      • + +
    • + + CVE-2016-0723 +
      Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call.
      + Link +
      • + +
    • + + CVE-2016-3136 +
      + Link +
      • + +
    • + + CVE-2014-9717 +
      + Link +
      • + +
    • + + CVE-2016-3140 +
      + Link +
      • + +
    • + + CVE-2016-3139 +
      + Link +
      • + +
    • + + CVE-2016-2184 +
      + Link +
      • + +
    • + + CVE-2016-3137 +
      + Link +
      • + +
    • + + CVE-2016-2185 +
      + Link +
      • + +
    • + + CVE-2016-3138 +
      + Link +
      • + +
    • + + CVE-2016-2186 +
      + Link +
      • + +
    • + + CVE-2015-8830 +
      + Link +
      • + +
    • + + CVE-2015-7885 +
      The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.
      + Link +
      • + +
    • + + CVE-2015-4003 +
      The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2008-4609 +
      The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
      + Link +
      • + +
    • + + CVE-2004-0230 +
      TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.
      + Link +
      • + +
    • + + CVE-2015-4002 +
      drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions.
      + Link +
      • + +
    • + + CVE-2005-3660 +
      Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference.
      + Link +
      • + +
    • + + CVE-2010-4563 +
      The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping.
      + Link +
      • + +
    • + + CVE-2007-3719 +
      The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
      + Link +
      • + +
    • + + CVE-2016-2053 +
      + Link +
      • + +
    • + + CVE-2011-4917 +
      + Link +
      • + +
    • + + CVE-2011-4915 +
      + Link +
      • + +
    • + + CVE-2012-4542 +
      block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes.
      + Link +
      • + +
    • + + CVE-2015-2877 +
      + Link +
      • + +
    • + + CVE-2015-4004 +
      The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2015-4001 +
      Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet.
      + Link +
      • + +
    • + + CVE-2016-2085 +
      + Link +
      • + +
    • + + CVE-2015-8812 +
      + Link +
      • + +
    • + + CVE-2016-2117 +
      + Link +
      • + +
    • + + CVE-2016-3157 +
      + Link +
      • + +
    • + + CVE-2016-2188 +
      + Link +
      • + +
    • + + CVE-2016-3156 +
      + Link +
      • + +
    • + + CVE-2016-3134 +
      + Link +
      • + +
    • + + CVE-2016-3689 +
      + Link +
      • + +
    • + + CVE-2016-2544 +
      + Link +
      • + +
    • + + CVE-2016-2069 +
      + Link +
      • + +
    • + + CVE-2016-2384 +
      + Link +
      • + +
    • + + CVE-2016-3951 +
      + Link +
      • + +
    • + + CVE-2016-2547 +
      + Link +
      • + +
    • + + CVE-2016-2853 +
      + Link +
      • + +
    • + + CVE-2016-2543 +
      + Link +
      • + +
    • + + CVE-2015-8816 +
      + Link +
      • + +
    • + + CVE-2016-2546 +
      + Link +
      • + +
    • + + CVE-2016-2548 +
      + Link +
      • + +
    • + + CVE-2016-2143 +
      + Link +
      • + +
    • + + CVE-2015-7515 +
      + Link +
      • + +
    • + + CVE-2016-3672 +
      + Link +
      • + +
    • + + CVE-2016-2545 +
      + Link +
      • + +
    • + + CVE-2016-2847 +
      + Link +
      • + +
    • + + CVE-2016-2854 +
      + Link +
      • + +
    • + + CVE-2016-2549 +
      + Link +
      • + +
    • + + CVE-2015-1350 +
      + Link +
      • + +
    • + + CVE-2015-8553 +
      + Link +
      • + +
    • + + CVE-2015-8839 +
      + Link +
      • + +
    • + + CVE-2016-2782 +
      + Link +
      • + +
    • + + CVE-2016-2550 +
      + Link +
      • + +
    +
    • + +
  • +
    + nss 2:3.17.2-1.1+deb8u2 - +
    +
      + +
    • + + CVE-2015-7181 +
      The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue.
      + Link +
      • + +
    • + + CVE-2015-7182 +
      Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.
      + Link +
      • + +
    • + + CVE-2016-1978 +
      Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.
      + Link +
      • + +
    • + + CVE-2015-4000 +
      The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
      + Link +
      • + +
    • + + CVE-2016-1938 +
      The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.
      + Link +
      • + +
    • + + CVE-2016-1950 +
      Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.
      + Link +
      • + +
    • + + CVE-2016-1979 +
      Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding.
      + Link +
      • + +
    • + + CVE-2015-7575 +
      Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.
      + Link +
      • + +
    +
    • + +
  • +
    + openssh 1:6.7p1-5 - +
    +
      + +
    • + + CVE-2015-5600 +
      The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.
      + Link +
      • + +
    • + + CVE-2015-5352 +
      The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.
      + Link +
      • + +
    • + + CVE-2016-3115 +
      Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
      + Link +
      • + +
    • + + CVE-2015-6564 +
      Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
      + Link +
      • + +
    • + + CVE-2016-0778 +
      The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
      + Link +
      • + +
    • + + CVE-2016-0777 +
      The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
      + Link +
      • + +
    • + + CVE-2015-6563 +
      The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
      + Link +
      • + +
    • + + CVE-2007-2243 +
      OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.
      + Link +
      • + +
    • + + CVE-2008-3234 +
      sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.
      + Link +
      • + +
    • + + CVE-2007-2768 +
      OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.
      + Link +
      • + +
    • + + CVE-2016-1908 +
      + Link +
      • + +
    • + + CVE-2015-8325 +
      + Link +
      • + +
    +
    • + +
  • +
    + openssl 1.0.1k-3+deb8u2 - +
    +
      + +
    • + + CVE-2016-2842 +
      The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.
      + Link +
      • + +
    • + + CVE-2016-0705 +
      Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
      + Link +
      • + +
    • + + CVE-2016-0799 +
      The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.
      + Link +
      • + +
    • + + CVE-2016-0798 +
      Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.
      + Link +
      • + +
    • + + CVE-2016-0797 +
      Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.
      + Link +
      • + +
    • + + CVE-2016-0702 +
      The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.
      + Link +
      • + +
    • + + CVE-2010-0928 +
      OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."
      + Link +
      • + +
    • + + CVE-2007-6755 +
      The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + glibc 2.19-18+deb8u1 - +
    +
      + +
    • + + CVE-2015-5277 +
      The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.
      + Link +
      • + +
    • + + CVE-2016-2856 +
      pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option.
      + Link +
      • + +
    • + + CVE-2014-8121 +
      DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.
      + Link +
      • + +
    • + + CVE-2015-7547 +
      Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
      + Link +
      • + +
    • + + CVE-2015-5180 +
      + Link +
      • + +
    • + + CVE-2013-2207 +
      pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
      + Link +
      • + +
    • + + CVE-2015-8777 +
      The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
      + Link +
      • + +
    • + + CVE-2010-4756 +
      The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
      + Link +
      • + +
    • + + CVE-2010-4052 +
      Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
      + Link +
      • + +
    • + + CVE-2010-4051 +
      The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
      + Link +
      • + +
    • + + CVE-2016-1234 +
      + Link +
      • + +
    • + + CVE-2015-8776 +
      + Link +
      • + +
    • + + CVE-2015-8778 +
      + Link +
      • + +
    • + + CVE-2014-9761 +
      + Link +
      • + +
    • + + CVE-2016-3075 +
      + Link +
      • + +
    • + + CVE-2015-8779 +
      + Link +
      • + +
    +
    • + +
  • +
    + krb5 1.12.1+dfsg-19+deb8u1 - +
    +
      + +
    • + + CVE-2015-8631 +
      Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.
      + Link +
      • + +
    • + + CVE-2015-2694 +
      The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.
      + Link +
      • + +
    • + + CVE-2015-8630 +
      The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.
      + Link +
      • + +
    • + + CVE-2016-3119 +
      The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
      + Link +
      • + +
    • + + CVE-2015-8629 +
      The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
      + Link +
      • + +
    • + + CVE-2004-0971 +
      The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
      + Link +
      • + +
    +
    • + +
  • +
    + nettle 2.7.1-5 - +
    +
      + +
    • + + CVE-2015-8803 +
      The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
      + Link +
      • + +
    • + + CVE-2015-8805 +
      The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.
      + Link +
      • + +
    • + + CVE-2015-8804 +
      x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + icu 52.1-8+deb8u3 - +
    +
      + +
    • + + CVE-2015-4844 +
      Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2016-0494 +
      Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2015-2632 +
      Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
      + Link +
      • + +
    +
    • + +
  • +
    + git 1:2.1.4-2.1+deb8u1 - +
    +
      + +
    • + + CVE-2016-2315 +
      revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
      + Link +
      • + +
    • + + CVE-2016-2324 +
      Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
      + Link +
      • + +
    +
    • + +
  • +
    + perl 5.20.2-3+deb8u1 - +
    +
      + +
    • + + CVE-2015-8607 +
      The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
      + Link +
      • + +
    • + + CVE-2011-4116 +
      + Link +
      • + +
    • + + CVE-2012-3878 +
      + Link +
      • + +
    • + + CVE-2016-2381 +
      Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
      + Link +
      • + +
    +
    • + +
  • +
    + gcc-4.9 4.9.2-10 - +
    +
      + +
    • + + CVE-2015-5276 +
      The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + apt 1.0.9.8.1 - +
    +
      + +
    • + + CVE-2011-3374 +
      + Link +
      • + +
    • + + CVE-2012-3587 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack.
      + Link +
      • + +
    • + + CVE-2012-0954 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587.
      + Link +
      • + +
    +
    • + +
  • +
    + libidn 1.29-1 - +
    +
      + +
    • + + CVE-2015-2059 +
      The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.
      + Link +
      • + +
    +
    • + +
  • +
    + gnutls28 3.3.8-6+deb8u3 - +
    +
      + +
    • + + CVE-2011-3389 +
      The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
      + Link +
      • + +
    +
    • + +
  • +
    + pam 1.1.8-3.1 - +
    +
      + +
    • + + CVE-2015-3238 +
      The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
      + Link +
      • + +
    +
    • + +
  • +
    + util-linux 2.25.2-6 - +
    +
      + +
    • + + CVE-2015-5224 +
      + Link +
      • + +
    • + + CVE-2016-2779 +
      + Link +
      • + +
    • + + CVE-2015-5218 +
      Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.
      + Link +
      • + +
    +
    • + +
  • +
    + curl 7.38.0-4+deb8u2 - +
    +
      + +
    • + + CVE-2016-0755 +
      The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
      + Link +
      • + +
    +
    • + +
  • +
    + rpm 4.11.3-1.1 - +
    +
      + +
    • + + CVE-2010-2199 +
      lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059.
      + Link +
      • + +
    • + + CVE-2010-2198 +
      lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creating a hard link to a vulnerable file that has (1) POSIX file capabilities or (2) SELinux context information, a related issue to CVE-2010-2059.
      + Link +
      • + +
    +
    • + +
  • +
    + systemd 215-17+deb8u2 - +
    +
      + +
    • + + CVE-2013-4392 +
      systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.
      + Link +
      • + +
    • + + CVE-2015-8842 +
      + Link +
      • + +
    +
    • + +
  • +
    + shadow 1:4.2-3 - +
    +
      + +
    • + + CVE-2013-4235 +
      + Link +
      • + +
    • + + CVE-2007-5686 +
      initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.
      + Link +
      • + +
    +
    • + +
  • +
    + wget 1.16-1 - +
    +
      + +
    • + + CVE-2006-6719 +
      The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.
      + Link +
      • + +
    +
    • + +
  • +
    + python-defaults 2.7.9-1 - +
    +
      + +
    • + + CVE-2008-4108 +
      Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory.
      + Link +
      • + +
    +
    • + +
  • +
    + tar 1.27.1-2 - +
    +
      + +
    • + + CVE-2005-2541 +
      Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
      + Link +
      • + +
    +
    • + +
  • +
    + audit 1:2.4-1 - +
    +
      + +
    • + + CVE-2015-5186 +
      + Link +
      • + +
    +
    • + +
  • +
    + expat 2.1.0-6+deb8u1 - +
    +
      + +
    • + + CVE-2013-0340 +
      expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + python2.7 2.7.9-2 - +
    +
      + +
    • + + CVE-2013-7040 +
      Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.
      + Link +
      • + +
    +
    • + +
  • +
    + libbsd 0.7.0-2 - +
    +
      + +
    • + + CVE-2016-2090 +
      + Link +
      • + +
    +
    • + +
  • +
    + openldap 2.4.40+dfsg-1+deb8u1 - +
    +
      + +
    • + + CVE-2015-3276 +
      The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + gcc-defaults 1.136 - +
    +
      + +
    +
    • + +
  • +
    + mawk 1.3.3-17 - +
    +
      + +
    +
    • + +
  • +
    + apr-util 1.5.4-1 - +
    +
      + +
    +
    • + +
  • +
    + sed 4.2.2-4 - +
    +
      + +
    +
    • + +
  • +
    + diffutils 1:3.3-1 - +
    +
      + +
    +
    • + +
  • +
    + liblocale-gettext-perl 1.05-8 - +
    +
      + +
    +
    • + +
  • +
    + procps 2:3.3.9-9 - +
    +
      + +
    +
    • + +
  • +
    + libgpg-error 1.17-3 - +
    +
      + +
    +
    • + +
  • +
    + libtext-charwidth-perl 0.04-7 - +
    +
      + +
    +
    • + +
  • +
    + gcc-4.8 4.8.4-1 - +
    +
      + +
    +
    • + +
  • +
    + libsepol 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + bzip2 1.0.6-7 - +
    +
      + +
    +
    • + +
  • +
    + libssh2 1.4.3-4.1 - +
    +
      + +
    • + + CVE-2016-0787 +
      + Link +
      • + +
    +
    • + +
  • +
    + tzdata 2015g-0+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + e2fsprogs 1.42.12-1.1 - +
    +
      + +
    +
    • + +
  • +
    + liberror-perl 0.17-1.1 - +
    +
      + +
    +
    • + +
  • +
    + apr 1.5.1-3 - +
    +
      + +
    +
    • + +
  • +
    + libtext-iconv-perl 1.7-5 - +
    +
      + +
    +
    • + +
  • +
    + p11-kit 0.20.7-1 - +
    +
      + +
    +
    • + +
  • +
    + ucf 3.0030 - +
    +
      + +
    +
    • + +
  • +
    + libpsl 0.5.1-1 - +
    +
      + +
    +
    • + +
  • +
    + startpar 0.59-3 - +
    +
      + +
    +
    • + +
  • +
    + hostname 3.15 - +
    +
      + +
    +
    • + +
  • +
    + libtasn1-6 4.2-3+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + make-dfsg 4.0-8.1 - +
    +
      + +
    +
    • + +
  • +
    + lvm2 2.02.111-2.2 - +
    +
      + +
    +
    • + +
  • +
    + libtext-wrapi18n-perl 0.06-7 - +
    +
      + +
    +
    • + +
  • +
    + grep 2.20-4.1 - +
    +
      + +
    +
    • + +
  • +
    + ca-certificates 20141019 - +
    +
      + +
    +
    • + +
  • +
    + file 1:5.22+15-2 - +
    +
      + +
    +
    • + +
  • +
    + ustr 1.0.4-3 - +
    +
      + +
    +
    • + +
  • +
    + base-files 8+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + xz-utils 5.1.1alpha+20120614-2 - +
    +
      + +
    +
    • + +
  • +
    + gzip 1.6-4 - +
    +
      + +
    +
    • + +
  • +
    + bzr 2.6.0+bzr6595-6 - +
    +
      + +
    +
    • + +
  • +
    + mpclib3 1.0.2-1 - +
    +
      + +
    +
    • + +
  • +
    + adduser 3.113+nmu3 - +
    +
      + +
    +
    • + +
  • +
    + dpkg 1.17.26 - +
    +
      + +
    +
    • + +
  • +
    + readline6 6.3-8 - +
    +
      + +
    +
    • + +
  • +
    + findutils 4.4.2-9 - +
    +
      + +
    +
    • + +
  • +
    + insserv 1.14.0-5 - +
    +
      + +
    +
    • + +
  • +
    + libcap2 1:2.24-8 - +
    +
      + +
    +
    • + +
  • +
    + dash 0.5.7-4 - +
    +
      + +
    +
    • + +
  • +
    + base-passwd 3.5.37 - +
    +
      + +
    +
    • + +
  • +
    + gdbm 1.8.3-13.1 - +
    +
      + +
    +
    • + +
  • +
    + mercurial 3.1.2-2+deb8u1 - +
    +
      + +
    • + + CVE-2016-3068 +
      + Link +
      • + +
    • + + CVE-2016-3069 +
      + Link +
      • + +
    • + + CVE-2016-3630 +
      + Link +
      • + +
    +
    • + +
  • +
    + isl 0.12.2-2 - +
    +
      + +
    +
    • + +
  • +
    + libusb 2:0.1.12-25 - +
    +
      + +
    +
    • + +
  • +
    + inetutils 2:1.9.2.39.3a460-3 - +
    +
      + +
    +
    • + +
  • +
    + bash 4.3-11 - +
    +
      + +
    +
    • + +
  • +
    + sysvinit 2.88dsf-59 - +
    +
      + +
    +
    • + +
  • +
    + configobj 5.0.6-1 - +
    +
      + +
    +
    • + +
  • +
    + cloog 0.18.2-1 - +
    +
      + +
    +
    • + +
  • +
    + subversion 1.8.10-6+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + libgcrypt20 1.6.3-2 - +
    +
      + +
    • + + CVE-2015-7511 +
      + Link +
      • + +
    +
    • + +
  • +
    + debconf 1.5.56 - +
    +
      + +
    +
    • + +
  • +
    + gmp 2:6.0.0+dfsg-6 - +
    +
      + +
    +
    • + +
  • +
    + netbase 5.3 - +
    +
      + +
    +
    • + +
  • +
    + libffi 3.1-2 - +
    +
      + +
    +
    • + +
  • +
    + sqlite3 3.8.7.1-1+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + libedit 3.1-20140620-2 - +
    +
      + +
    +
    • + +
  • +
    + six 1.8.0-1 - +
    +
      + +
    +
    • + +
  • +
    + serf 1.3.8-1 - +
    +
      + +
    +
    • + +
  • +
    + mpfr4 3.1.2-2 - +
    +
      + +
    +
    • + +
  • +
    + popt 1.16-10 - +
    +
      + +
    +
    • + +
  • +
    + attr 1:2.4.47-2 - +
    +
      + +
    +
    • + +
  • +
    + debianutils 4.4 - +
    +
      + +
    +
    • + +
  • +
    + cdebconf 0.192 - +
    +
      + +
    +
    • + +
  • +
    + libsemanage 2.3-1 - +
    +
      + +
    +
    • + +
  • +
    + coreutils 8.23-4 - +
    +
      + +
    • + + CVE-2016-2781 +
      + Link +
      • + +
    +
    • + +
  • +
    + libselinux 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + elfutils 0.159-4.2 - +
    +
      + +
    +
    • + +
  • +
    + db5.3 5.3.28-9 - +
    +
      + +
    +
    • + +
  • +
    + zlib 1:1.2.8.dfsg-2 - +
    +
      + +
    +
    • + +
  • +
    + gnupg 1.4.18-7 - +
    +
      + +
    +
    • + +
  • +
    + sensible-utils 0.0.9 - +
    +
      + +
    +
    • + +
  • +
    + ncurses 5.9+20140913-1 - +
    +
      + +
    +
    • + +
  • +
    + iproute2 3.16.0-2 - +
    +
      + +
    +
    • + +
  • +
    + mime-support 3.58 - +
    +
      + +
    +
    • + +
  • +
    + lua5.2 5.2.3-1.1 - +
    +
      + +
    +
    • + +
  • +
    + cryptsetup 2:1.6.6-5 - +
    +
      + +
    +
    • + +
  • +
    + keyutils 1.5.9-5 - +
    +
      + +
    +
    • + +
  • +
    + cyrus-sasl2 2.1.26.dfsg1-13+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + init-system-helpers 1.22 - +
    +
      + +
    +
    • + +
  • +
    + slang2 2.3.0-2 - +
    +
      + +
    +
    • + +
  • +
    + rtmpdump 2.4+20150115.gita107cef-1 - +
    +
      + +
    +
    • + +
  • +
    + lsb 4.1+Debian13+nmu1 - +
    +
      + +
    +
    • + +
  • +
    + debian-archive-keyring 2014.3 - +
    +
      + +
    +
    • + +
  • +
    + explorercanvas 0.r3-3 - +
    +
      + +
    +
    • + +
  • +
    + kmod 18-3 - +
    +
      + +
    +
    • + +
  • +
    + binutils 2.25-5 - +
    +
      + +
    +
    • + +
  • +
    + acl 2.2.52-2 - +
    +
      + +
    +
    • + +
  • +
    + nspr 2:4.10.7-1+deb8u1 - +
    +
      + +
    +
    • + +
+
+
+ +
+

sha256:d7e1456bd365c6216808365c91244122ac2a9186ede65176b6e4949a3b6b7c57

+
+
+
    + +
  • +
    + pcre3 2:8.35-3.3 - +
    +
      + +
    • + + CVE-2015-8380 +
      The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8390 +
      PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8395 +
      PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392.
      + Link +
      • + +
    • + + CVE-2015-8387 +
      PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-2328 +
      PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8384 +
      PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-8389 +
      PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8388 +
      PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8391 +
      The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8394 +
      PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8386 +
      PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8392 +
      PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-2327 +
      PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8385 +
      PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-3191 +
      The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
      + Link +
      • + +
    • + + CVE-2015-8383 +
      PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8381 +
      The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-1283 +
      The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2014-9769 +
      pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset.
      + Link +
      • + +
    • + + CVE-2015-8382 +
      The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.
      + Link +
      • + +
    • + + CVE-2015-8393 +
      pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
      + Link +
      • + +
    • + + CVE-2015-2326 +
      + Link +
      • + +
    • + + CVE-2015-3210 +
      + Link +
      • + +
    • + + CVE-2015-2325 +
      + Link +
      • + +
    • + + CVE-2015-5073 +
      + Link +
      • + +
    • + + CVE-2015-3217 +
      + Link +
      • + +
    +
    • + +
  • +
    + linux 3.16.7-ckt20-1+deb8u2 - +
    +
      + +
    • + + CVE-2013-7445 +
      The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.
      + Link +
      • + +
    • + + CVE-2016-0728 +
      The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
      + Link +
      • + +
    • + + CVE-2015-8785 +
      The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.
      + Link +
      • + +
    • + + CVE-2015-8767 +
      net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
      + Link +
      • + +
    • + + CVE-2015-7566 +
      The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.
      + Link +
      • + +
    • + + CVE-2013-4312 +
      The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.
      + Link +
      • + +
    • + + CVE-2016-0821 +
      The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.
      + Link +
      • + +
    • + + CVE-2016-0723 +
      Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call.
      + Link +
      • + +
    • + + CVE-2016-3136 +
      + Link +
      • + +
    • + + CVE-2014-9717 +
      + Link +
      • + +
    • + + CVE-2016-3140 +
      + Link +
      • + +
    • + + CVE-2016-3139 +
      + Link +
      • + +
    • + + CVE-2016-2184 +
      + Link +
      • + +
    • + + CVE-2016-3137 +
      + Link +
      • + +
    • + + CVE-2016-2185 +
      + Link +
      • + +
    • + + CVE-2016-3138 +
      + Link +
      • + +
    • + + CVE-2016-2186 +
      + Link +
      • + +
    • + + CVE-2015-8830 +
      + Link +
      • + +
    • + + CVE-2015-7885 +
      The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.
      + Link +
      • + +
    • + + CVE-2015-4003 +
      The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2008-4609 +
      The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
      + Link +
      • + +
    • + + CVE-2004-0230 +
      TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.
      + Link +
      • + +
    • + + CVE-2015-4002 +
      drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions.
      + Link +
      • + +
    • + + CVE-2005-3660 +
      Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference.
      + Link +
      • + +
    • + + CVE-2010-4563 +
      The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping.
      + Link +
      • + +
    • + + CVE-2007-3719 +
      The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
      + Link +
      • + +
    • + + CVE-2016-2053 +
      + Link +
      • + +
    • + + CVE-2011-4917 +
      + Link +
      • + +
    • + + CVE-2011-4915 +
      + Link +
      • + +
    • + + CVE-2012-4542 +
      block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes.
      + Link +
      • + +
    • + + CVE-2015-2877 +
      + Link +
      • + +
    • + + CVE-2015-4004 +
      The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2015-4001 +
      Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet.
      + Link +
      • + +
    • + + CVE-2016-2085 +
      + Link +
      • + +
    • + + CVE-2015-8812 +
      + Link +
      • + +
    • + + CVE-2016-2117 +
      + Link +
      • + +
    • + + CVE-2016-3157 +
      + Link +
      • + +
    • + + CVE-2016-2188 +
      + Link +
      • + +
    • + + CVE-2016-3156 +
      + Link +
      • + +
    • + + CVE-2016-3134 +
      + Link +
      • + +
    • + + CVE-2016-3689 +
      + Link +
      • + +
    • + + CVE-2016-2544 +
      + Link +
      • + +
    • + + CVE-2016-2069 +
      + Link +
      • + +
    • + + CVE-2016-2384 +
      + Link +
      • + +
    • + + CVE-2016-3951 +
      + Link +
      • + +
    • + + CVE-2016-2547 +
      + Link +
      • + +
    • + + CVE-2016-2853 +
      + Link +
      • + +
    • + + CVE-2016-2543 +
      + Link +
      • + +
    • + + CVE-2015-8816 +
      + Link +
      • + +
    • + + CVE-2016-2546 +
      + Link +
      • + +
    • + + CVE-2016-2548 +
      + Link +
      • + +
    • + + CVE-2016-2143 +
      + Link +
      • + +
    • + + CVE-2015-7515 +
      + Link +
      • + +
    • + + CVE-2016-3672 +
      + Link +
      • + +
    • + + CVE-2016-2545 +
      + Link +
      • + +
    • + + CVE-2016-2847 +
      + Link +
      • + +
    • + + CVE-2016-2854 +
      + Link +
      • + +
    • + + CVE-2016-2549 +
      + Link +
      • + +
    • + + CVE-2015-1350 +
      + Link +
      • + +
    • + + CVE-2015-8553 +
      + Link +
      • + +
    • + + CVE-2015-8839 +
      + Link +
      • + +
    • + + CVE-2016-2782 +
      + Link +
      • + +
    • + + CVE-2016-2550 +
      + Link +
      • + +
    +
    • + +
  • +
    + nss 2:3.17.2-1.1+deb8u2 - +
    +
      + +
    • + + CVE-2015-7181 +
      The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue.
      + Link +
      • + +
    • + + CVE-2015-7182 +
      Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.
      + Link +
      • + +
    • + + CVE-2016-1978 +
      Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.
      + Link +
      • + +
    • + + CVE-2015-4000 +
      The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
      + Link +
      • + +
    • + + CVE-2016-1938 +
      The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.
      + Link +
      • + +
    • + + CVE-2016-1950 +
      Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.
      + Link +
      • + +
    • + + CVE-2016-1979 +
      Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding.
      + Link +
      • + +
    • + + CVE-2015-7575 +
      Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.
      + Link +
      • + +
    +
    • + +
  • +
    + openssh 1:6.7p1-5 - +
    +
      + +
    • + + CVE-2015-5600 +
      The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.
      + Link +
      • + +
    • + + CVE-2015-5352 +
      The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.
      + Link +
      • + +
    • + + CVE-2016-3115 +
      Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
      + Link +
      • + +
    • + + CVE-2015-6564 +
      Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
      + Link +
      • + +
    • + + CVE-2016-0778 +
      The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
      + Link +
      • + +
    • + + CVE-2016-0777 +
      The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
      + Link +
      • + +
    • + + CVE-2015-6563 +
      The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
      + Link +
      • + +
    • + + CVE-2007-2243 +
      OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.
      + Link +
      • + +
    • + + CVE-2008-3234 +
      sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.
      + Link +
      • + +
    • + + CVE-2007-2768 +
      OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.
      + Link +
      • + +
    • + + CVE-2016-1908 +
      + Link +
      • + +
    • + + CVE-2015-8325 +
      + Link +
      • + +
    +
    • + +
  • +
    + openssl 1.0.1k-3+deb8u2 - +
    +
      + +
    • + + CVE-2016-2842 +
      The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.
      + Link +
      • + +
    • + + CVE-2016-0705 +
      Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
      + Link +
      • + +
    • + + CVE-2016-0799 +
      The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.
      + Link +
      • + +
    • + + CVE-2016-0798 +
      Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.
      + Link +
      • + +
    • + + CVE-2016-0797 +
      Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.
      + Link +
      • + +
    • + + CVE-2016-0702 +
      The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.
      + Link +
      • + +
    • + + CVE-2010-0928 +
      OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."
      + Link +
      • + +
    • + + CVE-2007-6755 +
      The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + glibc 2.19-18+deb8u1 - +
    +
      + +
    • + + CVE-2015-5277 +
      The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.
      + Link +
      • + +
    • + + CVE-2016-2856 +
      pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option.
      + Link +
      • + +
    • + + CVE-2014-8121 +
      DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.
      + Link +
      • + +
    • + + CVE-2015-7547 +
      Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
      + Link +
      • + +
    • + + CVE-2015-5180 +
      + Link +
      • + +
    • + + CVE-2013-2207 +
      pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
      + Link +
      • + +
    • + + CVE-2015-8777 +
      The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
      + Link +
      • + +
    • + + CVE-2010-4756 +
      The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
      + Link +
      • + +
    • + + CVE-2010-4052 +
      Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
      + Link +
      • + +
    • + + CVE-2010-4051 +
      The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
      + Link +
      • + +
    • + + CVE-2016-1234 +
      + Link +
      • + +
    • + + CVE-2015-8776 +
      + Link +
      • + +
    • + + CVE-2015-8778 +
      + Link +
      • + +
    • + + CVE-2014-9761 +
      + Link +
      • + +
    • + + CVE-2016-3075 +
      + Link +
      • + +
    • + + CVE-2015-8779 +
      + Link +
      • + +
    +
    • + +
  • +
    + krb5 1.12.1+dfsg-19+deb8u1 - +
    +
      + +
    • + + CVE-2015-8631 +
      Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.
      + Link +
      • + +
    • + + CVE-2015-2694 +
      The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.
      + Link +
      • + +
    • + + CVE-2015-8630 +
      The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.
      + Link +
      • + +
    • + + CVE-2016-3119 +
      The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
      + Link +
      • + +
    • + + CVE-2015-8629 +
      The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
      + Link +
      • + +
    • + + CVE-2004-0971 +
      The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
      + Link +
      • + +
    +
    • + +
  • +
    + nettle 2.7.1-5 - +
    +
      + +
    • + + CVE-2015-8803 +
      The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
      + Link +
      • + +
    • + + CVE-2015-8805 +
      The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.
      + Link +
      • + +
    • + + CVE-2015-8804 +
      x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + icu 52.1-8+deb8u3 - +
    +
      + +
    • + + CVE-2015-4844 +
      Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2016-0494 +
      Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2015-2632 +
      Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
      + Link +
      • + +
    +
    • + +
  • +
    + git 1:2.1.4-2.1+deb8u1 - +
    +
      + +
    • + + CVE-2016-2315 +
      revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
      + Link +
      • + +
    • + + CVE-2016-2324 +
      Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
      + Link +
      • + +
    +
    • + +
  • +
    + perl 5.20.2-3+deb8u1 - +
    +
      + +
    • + + CVE-2015-8607 +
      The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
      + Link +
      • + +
    • + + CVE-2011-4116 +
      + Link +
      • + +
    • + + CVE-2012-3878 +
      + Link +
      • + +
    • + + CVE-2016-2381 +
      Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
      + Link +
      • + +
    +
    • + +
  • +
    + gnutls28 3.3.8-6+deb8u3 - +
    +
      + +
    • + + CVE-2011-3389 +
      The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
      + Link +
      • + +
    +
    • + +
  • +
    + apt 1.0.9.8.1 - +
    +
      + +
    • + + CVE-2011-3374 +
      + Link +
      • + +
    • + + CVE-2012-3587 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack.
      + Link +
      • + +
    • + + CVE-2012-0954 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587.
      + Link +
      • + +
    +
    • + +
  • +
    + gcc-4.9 4.9.2-10 - +
    +
      + +
    • + + CVE-2015-5276 +
      The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + util-linux 2.25.2-6 - +
    +
      + +
    • + + CVE-2015-5224 +
      + Link +
      • + +
    • + + CVE-2016-2779 +
      + Link +
      • + +
    • + + CVE-2015-5218 +
      Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.
      + Link +
      • + +
    +
    • + +
  • +
    + pam 1.1.8-3.1 - +
    +
      + +
    • + + CVE-2015-3238 +
      The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
      + Link +
      • + +
    +
    • + +
  • +
    + libidn 1.29-1 - +
    +
      + +
    • + + CVE-2015-2059 +
      The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.
      + Link +
      • + +
    +
    • + +
  • +
    + curl 7.38.0-4+deb8u2 - +
    +
      + +
    • + + CVE-2016-0755 +
      The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
      + Link +
      • + +
    +
    • + +
  • +
    + systemd 215-17+deb8u2 - +
    +
      + +
    • + + CVE-2013-4392 +
      systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.
      + Link +
      • + +
    • + + CVE-2015-8842 +
      + Link +
      • + +
    +
    • + +
  • +
    + rpm 4.11.3-1.1 - +
    +
      + +
    • + + CVE-2010-2199 +
      lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059.
      + Link +
      • + +
    • + + CVE-2010-2198 +
      lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creating a hard link to a vulnerable file that has (1) POSIX file capabilities or (2) SELinux context information, a related issue to CVE-2010-2059.
      + Link +
      • + +
    +
    • + +
  • +
    + shadow 1:4.2-3 - +
    +
      + +
    • + + CVE-2013-4235 +
      + Link +
      • + +
    • + + CVE-2007-5686 +
      initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.
      + Link +
      • + +
    +
    • + +
  • +
    + openldap 2.4.40+dfsg-1+deb8u1 - +
    +
      + +
    • + + CVE-2015-3276 +
      The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + libbsd 0.7.0-2 - +
    +
      + +
    • + + CVE-2016-2090 +
      + Link +
      • + +
    +
    • + +
  • +
    + python2.7 2.7.9-2 - +
    +
      + +
    • + + CVE-2013-7040 +
      Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.
      + Link +
      • + +
    +
    • + +
  • +
    + python-defaults 2.7.9-1 - +
    +
      + +
    • + + CVE-2008-4108 +
      Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory.
      + Link +
      • + +
    +
    • + +
  • +
    + wget 1.16-1 - +
    +
      + +
    • + + CVE-2006-6719 +
      The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.
      + Link +
      • + +
    +
    • + +
  • +
    + expat 2.1.0-6+deb8u1 - +
    +
      + +
    • + + CVE-2013-0340 +
      expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + audit 1:2.4-1 - +
    +
      + +
    • + + CVE-2015-5186 +
      + Link +
      • + +
    +
    • + +
  • +
    + tar 1.27.1-2 - +
    +
      + +
    • + + CVE-2005-2541 +
      Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
      + Link +
      • + +
    +
    • + +
  • +
    + file 1:5.22+15-2 - +
    +
      + +
    +
    • + +
  • +
    + findutils 4.4.2-9 - +
    +
      + +
    +
    • + +
  • +
    + apr-util 1.5.4-1 - +
    +
      + +
    +
    • + +
  • +
    + libsepol 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + bzip2 1.0.6-7 - +
    +
      + +
    +
    • + +
  • +
    + subversion 1.8.10-6+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + grep 2.20-4.1 - +
    +
      + +
    +
    • + +
  • +
    + cyrus-sasl2 2.1.26.dfsg1-13+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + gcc-defaults 1.136 - +
    +
      + +
    +
    • + +
  • +
    + sed 4.2.2-4 - +
    +
      + +
    +
    • + +
  • +
    + kmod 18-3 - +
    +
      + +
    +
    • + +
  • +
    + gcc-4.8 4.8.4-1 - +
    +
      + +
    +
    • + +
  • +
    + diffutils 1:3.3-1 - +
    +
      + +
    +
    • + +
  • +
    + db5.3 5.3.28-9 - +
    +
      + +
    +
    • + +
  • +
    + elfutils 0.159-4.2 - +
    +
      + +
    +
    • + +
  • +
    + startpar 0.59-3 - +
    +
      + +
    +
    • + +
  • +
    + bzr 2.6.0+bzr6595-6 - +
    +
      + +
    +
    • + +
  • +
    + attr 1:2.4.47-2 - +
    +
      + +
    +
    • + +
  • +
    + acl 2.2.52-2 - +
    +
      + +
    +
    • + +
  • +
    + libtext-charwidth-perl 0.04-7 - +
    +
      + +
    +
    • + +
  • +
    + e2fsprogs 1.42.12-1.1 - +
    +
      + +
    +
    • + +
  • +
    + rtmpdump 2.4+20150115.gita107cef-1 - +
    +
      + +
    +
    • + +
  • +
    + ucf 3.0030 - +
    +
      + +
    +
    • + +
  • +
    + configobj 5.0.6-1 - +
    +
      + +
    +
    • + +
  • +
    + lua5.2 5.2.3-1.1 - +
    +
      + +
    +
    • + +
  • +
    + cloog 0.18.2-1 - +
    +
      + +
    +
    • + +
  • +
    + inetutils 2:1.9.2.39.3a460-3 - +
    +
      + +
    +
    • + +
  • +
    + adduser 3.113+nmu3 - +
    +
      + +
    +
    • + +
  • +
    + gnupg 1.4.18-7 - +
    +
      + +
    +
    • + +
  • +
    + mercurial 3.1.2-2+deb8u1 - +
    +
      + +
    • + + CVE-2016-3068 +
      + Link +
      • + +
    • + + CVE-2016-3069 +
      + Link +
      • + +
    • + + CVE-2016-3630 +
      + Link +
      • + +
    +
    • + +
  • +
    + dash 0.5.7-4 - +
    +
      + +
    +
    • + +
  • +
    + keyutils 1.5.9-5 - +
    +
      + +
    +
    • + +
  • +
    + tzdata 2015g-0+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + explorercanvas 0.r3-3 - +
    +
      + +
    +
    • + +
  • +
    + mpclib3 1.0.2-1 - +
    +
      + +
    +
    • + +
  • +
    + libgpg-error 1.17-3 - +
    +
      + +
    +
    • + +
  • +
    + gzip 1.6-4 - +
    +
      + +
    +
    • + +
  • +
    + nspr 2:4.10.7-1+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + libselinux 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + libssh2 1.4.3-4.1 - +
    +
      + +
    • + + CVE-2016-0787 +
      + Link +
      • + +
    +
    • + +
  • +
    + ustr 1.0.4-3 - +
    +
      + +
    +
    • + +
  • +
    + sensible-utils 0.0.9 - +
    +
      + +
    +
    • + +
  • +
    + init-system-helpers 1.22 - +
    +
      + +
    +
    • + +
  • +
    + debconf 1.5.56 - +
    +
      + +
    +
    • + +
  • +
    + binutils 2.25-5 - +
    +
      + +
    +
    • + +
  • +
    + readline6 6.3-8 - +
    +
      + +
    +
    • + +
  • +
    + cryptsetup 2:1.6.6-5 - +
    +
      + +
    +
    • + +
  • +
    + libtasn1-6 4.2-3+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + gmp 2:6.0.0+dfsg-6 - +
    +
      + +
    +
    • + +
  • +
    + libpsl 0.5.1-1 - +
    +
      + +
    +
    • + +
  • +
    + isl 0.12.2-2 - +
    +
      + +
    +
    • + +
  • +
    + lvm2 2.02.111-2.2 - +
    +
      + +
    +
    • + +
  • +
    + libusb 2:0.1.12-25 - +
    +
      + +
    +
    • + +
  • +
    + libffi 3.1-2 - +
    +
      + +
    +
    • + +
  • +
    + mpfr4 3.1.2-2 - +
    +
      + +
    +
    • + +
  • +
    + libtext-wrapi18n-perl 0.06-7 - +
    +
      + +
    +
    • + +
  • +
    + sqlite3 3.8.7.1-1+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + procps 2:3.3.9-9 - +
    +
      + +
    +
    • + +
  • +
    + lsb 4.1+Debian13+nmu1 - +
    +
      + +
    +
    • + +
  • +
    + debianutils 4.4 - +
    +
      + +
    +
    • + +
  • +
    + slang2 2.3.0-2 - +
    +
      + +
    +
    • + +
  • +
    + libedit 3.1-20140620-2 - +
    +
      + +
    +
    • + +
  • +
    + apr 1.5.1-3 - +
    +
      + +
    +
    • + +
  • +
    + mawk 1.3.3-17 - +
    +
      + +
    +
    • + +
  • +
    + dpkg 1.17.26 - +
    +
      + +
    +
    • + +
  • +
    + iproute2 3.16.0-2 - +
    +
      + +
    +
    • + +
  • +
    + p11-kit 0.20.7-1 - +
    +
      + +
    +
    • + +
  • +
    + bash 4.3-11 - +
    +
      + +
    +
    • + +
  • +
    + popt 1.16-10 - +
    +
      + +
    +
    • + +
  • +
    + base-passwd 3.5.37 - +
    +
      + +
    +
    • + +
  • +
    + libcap2 1:2.24-8 - +
    +
      + +
    +
    • + +
  • +
    + liberror-perl 0.17-1.1 - +
    +
      + +
    +
    • + +
  • +
    + ncurses 5.9+20140913-1 - +
    +
      + +
    +
    • + +
  • +
    + ca-certificates 20141019 - +
    +
      + +
    +
    • + +
  • +
    + mime-support 3.58 - +
    +
      + +
    +
    • + +
  • +
    + base-files 8+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + zlib 1:1.2.8.dfsg-2 - +
    +
      + +
    +
    • + +
  • +
    + liblocale-gettext-perl 1.05-8 - +
    +
      + +
    +
    • + +
  • +
    + xz-utils 5.1.1alpha+20120614-2 - +
    +
      + +
    +
    • + +
  • +
    + insserv 1.14.0-5 - +
    +
      + +
    +
    • + +
  • +
    + libgcrypt20 1.6.3-2 - +
    +
      + +
    • + + CVE-2015-7511 +
      + Link +
      • + +
    +
    • + +
  • +
    + six 1.8.0-1 - +
    +
      + +
    +
    • + +
  • +
    + make-dfsg 4.0-8.1 - +
    +
      + +
    +
    • + +
  • +
    + sysvinit 2.88dsf-59 - +
    +
      + +
    +
    • + +
  • +
    + gdbm 1.8.3-13.1 - +
    +
      + +
    +
    • + +
  • +
    + serf 1.3.8-1 - +
    +
      + +
    +
    • + +
  • +
    + libsemanage 2.3-1 - +
    +
      + +
    +
    • + +
  • +
    + libtext-iconv-perl 1.7-5 - +
    +
      + +
    +
    • + +
  • +
    + debian-archive-keyring 2014.3 - +
    +
      + +
    +
    • + +
  • +
    + coreutils 8.23-4 - +
    +
      + +
    • + + CVE-2016-2781 +
      + Link +
      • + +
    +
    • + +
  • +
    + cdebconf 0.192 - +
    +
      + +
    +
    • + +
  • +
    + hostname 3.15 - +
    +
      + +
    +
    • + +
  • +
    + netbase 5.3 - +
    +
      + +
    +
    • + +
+
+
+ +
+

sha256:243f57a9cb9df05873855de5061e338c5e0573878754e3a4a2fb5dd34d298599

+
+
+
    + +
  • +
    + pcre3 2:8.35-3.3 - +
    +
      + +
    • + + CVE-2015-8380 +
      The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8390 +
      PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8395 +
      PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392.
      + Link +
      • + +
    • + + CVE-2015-8387 +
      PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-2328 +
      PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8384 +
      PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-8389 +
      PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8388 +
      PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8391 +
      The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8394 +
      PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8386 +
      PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8392 +
      PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-2327 +
      PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8385 +
      PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-3191 +
      The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
      + Link +
      • + +
    • + + CVE-2015-8383 +
      PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8381 +
      The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-1283 +
      The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2014-9769 +
      pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset.
      + Link +
      • + +
    • + + CVE-2015-8382 +
      The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.
      + Link +
      • + +
    • + + CVE-2015-8393 +
      pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
      + Link +
      • + +
    • + + CVE-2015-2326 +
      + Link +
      • + +
    • + + CVE-2015-3210 +
      + Link +
      • + +
    • + + CVE-2015-2325 +
      + Link +
      • + +
    • + + CVE-2015-5073 +
      + Link +
      • + +
    • + + CVE-2015-3217 +
      + Link +
      • + +
    +
    • + +
  • +
    + linux 3.16.7-ckt20-1+deb8u2 - +
    +
      + +
    • + + CVE-2013-7445 +
      The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.
      + Link +
      • + +
    • + + CVE-2016-0728 +
      The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
      + Link +
      • + +
    • + + CVE-2015-8785 +
      The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.
      + Link +
      • + +
    • + + CVE-2015-8767 +
      net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
      + Link +
      • + +
    • + + CVE-2015-7566 +
      The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.
      + Link +
      • + +
    • + + CVE-2013-4312 +
      The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.
      + Link +
      • + +
    • + + CVE-2016-0821 +
      The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.
      + Link +
      • + +
    • + + CVE-2016-0723 +
      Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call.
      + Link +
      • + +
    • + + CVE-2016-3136 +
      + Link +
      • + +
    • + + CVE-2014-9717 +
      + Link +
      • + +
    • + + CVE-2016-3140 +
      + Link +
      • + +
    • + + CVE-2016-3139 +
      + Link +
      • + +
    • + + CVE-2016-2184 +
      + Link +
      • + +
    • + + CVE-2016-3137 +
      + Link +
      • + +
    • + + CVE-2016-2185 +
      + Link +
      • + +
    • + + CVE-2016-3138 +
      + Link +
      • + +
    • + + CVE-2016-2186 +
      + Link +
      • + +
    • + + CVE-2015-8830 +
      + Link +
      • + +
    • + + CVE-2015-7885 +
      The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.
      + Link +
      • + +
    • + + CVE-2015-4003 +
      The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2008-4609 +
      The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
      + Link +
      • + +
    • + + CVE-2004-0230 +
      TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.
      + Link +
      • + +
    • + + CVE-2015-4002 +
      drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions.
      + Link +
      • + +
    • + + CVE-2005-3660 +
      Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference.
      + Link +
      • + +
    • + + CVE-2010-4563 +
      The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping.
      + Link +
      • + +
    • + + CVE-2007-3719 +
      The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
      + Link +
      • + +
    • + + CVE-2016-2053 +
      + Link +
      • + +
    • + + CVE-2011-4917 +
      + Link +
      • + +
    • + + CVE-2011-4915 +
      + Link +
      • + +
    • + + CVE-2012-4542 +
      block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes.
      + Link +
      • + +
    • + + CVE-2015-2877 +
      + Link +
      • + +
    • + + CVE-2015-4004 +
      The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2015-4001 +
      Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet.
      + Link +
      • + +
    • + + CVE-2016-2085 +
      + Link +
      • + +
    • + + CVE-2015-8812 +
      + Link +
      • + +
    • + + CVE-2016-2117 +
      + Link +
      • + +
    • + + CVE-2016-3157 +
      + Link +
      • + +
    • + + CVE-2016-2188 +
      + Link +
      • + +
    • + + CVE-2016-3156 +
      + Link +
      • + +
    • + + CVE-2016-3134 +
      + Link +
      • + +
    • + + CVE-2016-3689 +
      + Link +
      • + +
    • + + CVE-2016-2544 +
      + Link +
      • + +
    • + + CVE-2016-2069 +
      + Link +
      • + +
    • + + CVE-2016-2384 +
      + Link +
      • + +
    • + + CVE-2016-3951 +
      + Link +
      • + +
    • + + CVE-2016-2547 +
      + Link +
      • + +
    • + + CVE-2016-2853 +
      + Link +
      • + +
    • + + CVE-2016-2543 +
      + Link +
      • + +
    • + + CVE-2015-8816 +
      + Link +
      • + +
    • + + CVE-2016-2546 +
      + Link +
      • + +
    • + + CVE-2016-2548 +
      + Link +
      • + +
    • + + CVE-2016-2143 +
      + Link +
      • + +
    • + + CVE-2015-7515 +
      + Link +
      • + +
    • + + CVE-2016-3672 +
      + Link +
      • + +
    • + + CVE-2016-2545 +
      + Link +
      • + +
    • + + CVE-2016-2847 +
      + Link +
      • + +
    • + + CVE-2016-2854 +
      + Link +
      • + +
    • + + CVE-2016-2549 +
      + Link +
      • + +
    • + + CVE-2015-1350 +
      + Link +
      • + +
    • + + CVE-2015-8553 +
      + Link +
      • + +
    • + + CVE-2015-8839 +
      + Link +
      • + +
    • + + CVE-2016-2782 +
      + Link +
      • + +
    • + + CVE-2016-2550 +
      + Link +
      • + +
    +
    • + +
  • +
    + nss 2:3.17.2-1.1+deb8u2 - +
    +
      + +
    • + + CVE-2015-7181 +
      The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue.
      + Link +
      • + +
    • + + CVE-2015-7182 +
      Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.
      + Link +
      • + +
    • + + CVE-2016-1978 +
      Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.
      + Link +
      • + +
    • + + CVE-2015-4000 +
      The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
      + Link +
      • + +
    • + + CVE-2016-1938 +
      The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.
      + Link +
      • + +
    • + + CVE-2016-1950 +
      Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.
      + Link +
      • + +
    • + + CVE-2016-1979 +
      Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding.
      + Link +
      • + +
    • + + CVE-2015-7575 +
      Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.
      + Link +
      • + +
    +
    • + +
  • +
    + openssh 1:6.7p1-5 - +
    +
      + +
    • + + CVE-2015-5600 +
      The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.
      + Link +
      • + +
    • + + CVE-2015-5352 +
      The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.
      + Link +
      • + +
    • + + CVE-2016-3115 +
      Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
      + Link +
      • + +
    • + + CVE-2015-6564 +
      Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
      + Link +
      • + +
    • + + CVE-2016-0778 +
      The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
      + Link +
      • + +
    • + + CVE-2016-0777 +
      The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
      + Link +
      • + +
    • + + CVE-2015-6563 +
      The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
      + Link +
      • + +
    • + + CVE-2007-2243 +
      OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.
      + Link +
      • + +
    • + + CVE-2008-3234 +
      sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.
      + Link +
      • + +
    • + + CVE-2007-2768 +
      OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.
      + Link +
      • + +
    • + + CVE-2016-1908 +
      + Link +
      • + +
    • + + CVE-2015-8325 +
      + Link +
      • + +
    +
    • + +
  • +
    + glibc 2.19-18+deb8u1 - +
    +
      + +
    • + + CVE-2015-5277 +
      The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.
      + Link +
      • + +
    • + + CVE-2016-2856 +
      pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option.
      + Link +
      • + +
    • + + CVE-2014-8121 +
      DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.
      + Link +
      • + +
    • + + CVE-2015-7547 +
      Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
      + Link +
      • + +
    • + + CVE-2015-5180 +
      + Link +
      • + +
    • + + CVE-2013-2207 +
      pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
      + Link +
      • + +
    • + + CVE-2015-8777 +
      The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
      + Link +
      • + +
    • + + CVE-2010-4756 +
      The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
      + Link +
      • + +
    • + + CVE-2010-4052 +
      Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
      + Link +
      • + +
    • + + CVE-2010-4051 +
      The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
      + Link +
      • + +
    • + + CVE-2016-1234 +
      + Link +
      • + +
    • + + CVE-2015-8776 +
      + Link +
      • + +
    • + + CVE-2015-8778 +
      + Link +
      • + +
    • + + CVE-2014-9761 +
      + Link +
      • + +
    • + + CVE-2016-3075 +
      + Link +
      • + +
    • + + CVE-2015-8779 +
      + Link +
      • + +
    +
    • + +
  • +
    + openssl 1.0.1k-3+deb8u2 - +
    +
      + +
    • + + CVE-2016-2842 +
      The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.
      + Link +
      • + +
    • + + CVE-2016-0705 +
      Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
      + Link +
      • + +
    • + + CVE-2016-0799 +
      The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.
      + Link +
      • + +
    • + + CVE-2016-0798 +
      Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.
      + Link +
      • + +
    • + + CVE-2016-0797 +
      Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.
      + Link +
      • + +
    • + + CVE-2016-0702 +
      The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.
      + Link +
      • + +
    • + + CVE-2010-0928 +
      OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."
      + Link +
      • + +
    • + + CVE-2007-6755 +
      The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + krb5 1.12.1+dfsg-19+deb8u1 - +
    +
      + +
    • + + CVE-2015-8631 +
      Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.
      + Link +
      • + +
    • + + CVE-2015-2694 +
      The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.
      + Link +
      • + +
    • + + CVE-2015-8630 +
      The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.
      + Link +
      • + +
    • + + CVE-2016-3119 +
      The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
      + Link +
      • + +
    • + + CVE-2015-8629 +
      The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
      + Link +
      • + +
    • + + CVE-2004-0971 +
      The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
      + Link +
      • + +
    +
    • + +
  • +
    + nettle 2.7.1-5 - +
    +
      + +
    • + + CVE-2015-8803 +
      The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
      + Link +
      • + +
    • + + CVE-2015-8805 +
      The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.
      + Link +
      • + +
    • + + CVE-2015-8804 +
      x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + icu 52.1-8+deb8u3 - +
    +
      + +
    • + + CVE-2015-4844 +
      Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2016-0494 +
      Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2015-2632 +
      Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
      + Link +
      • + +
    +
    • + +
  • +
    + git 1:2.1.4-2.1+deb8u1 - +
    +
      + +
    • + + CVE-2016-2315 +
      revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
      + Link +
      • + +
    • + + CVE-2016-2324 +
      Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
      + Link +
      • + +
    +
    • + +
  • +
    + perl 5.20.2-3+deb8u1 - +
    +
      + +
    • + + CVE-2015-8607 +
      The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
      + Link +
      • + +
    • + + CVE-2011-4116 +
      + Link +
      • + +
    • + + CVE-2012-3878 +
      + Link +
      • + +
    • + + CVE-2016-2381 +
      Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
      + Link +
      • + +
    +
    • + +
  • +
    + pam 1.1.8-3.1 - +
    +
      + +
    • + + CVE-2015-3238 +
      The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
      + Link +
      • + +
    +
    • + +
  • +
    + gnutls28 3.3.8-6+deb8u3 - +
    +
      + +
    • + + CVE-2011-3389 +
      The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
      + Link +
      • + +
    +
    • + +
  • +
    + gcc-4.9 4.9.2-10 - +
    +
      + +
    • + + CVE-2015-5276 +
      The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + curl 7.38.0-4+deb8u2 - +
    +
      + +
    • + + CVE-2016-0755 +
      The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
      + Link +
      • + +
    +
    • + +
  • +
    + apt 1.0.9.8.1 - +
    +
      + +
    • + + CVE-2011-3374 +
      + Link +
      • + +
    • + + CVE-2012-3587 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack.
      + Link +
      • + +
    • + + CVE-2012-0954 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587.
      + Link +
      • + +
    +
    • + +
  • +
    + libidn 1.29-1 - +
    +
      + +
    • + + CVE-2015-2059 +
      The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.
      + Link +
      • + +
    +
    • + +
  • +
    + util-linux 2.25.2-6 - +
    +
      + +
    • + + CVE-2015-5224 +
      + Link +
      • + +
    • + + CVE-2016-2779 +
      + Link +
      • + +
    • + + CVE-2015-5218 +
      Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.
      + Link +
      • + +
    +
    • + +
  • +
    + rpm 4.11.3-1.1 - +
    +
      + +
    • + + CVE-2010-2199 +
      lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059.
      + Link +
      • + +
    • + + CVE-2010-2198 +
      lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creating a hard link to a vulnerable file that has (1) POSIX file capabilities or (2) SELinux context information, a related issue to CVE-2010-2059.
      + Link +
      • + +
    +
    • + +
  • +
    + shadow 1:4.2-3 - +
    +
      + +
    • + + CVE-2013-4235 +
      + Link +
      • + +
    • + + CVE-2007-5686 +
      initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.
      + Link +
      • + +
    +
    • + +
  • +
    + systemd 215-17+deb8u2 - +
    +
      + +
    • + + CVE-2013-4392 +
      systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.
      + Link +
      • + +
    • + + CVE-2015-8842 +
      + Link +
      • + +
    +
    • + +
  • +
    + python2.7 2.7.9-2 - +
    +
      + +
    • + + CVE-2013-7040 +
      Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.
      + Link +
      • + +
    +
    • + +
  • +
    + openldap 2.4.40+dfsg-1+deb8u1 - +
    +
      + +
    • + + CVE-2015-3276 +
      The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + wget 1.16-1 - +
    +
      + +
    • + + CVE-2006-6719 +
      The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.
      + Link +
      • + +
    +
    • + +
  • +
    + tar 1.27.1-2 - +
    +
      + +
    • + + CVE-2005-2541 +
      Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
      + Link +
      • + +
    +
    • + +
  • +
    + expat 2.1.0-6+deb8u1 - +
    +
      + +
    • + + CVE-2013-0340 +
      expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + audit 1:2.4-1 - +
    +
      + +
    • + + CVE-2015-5186 +
      + Link +
      • + +
    +
    • + +
  • +
    + python-defaults 2.7.9-1 - +
    +
      + +
    • + + CVE-2008-4108 +
      Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory.
      + Link +
      • + +
    +
    • + +
  • +
    + libbsd 0.7.0-2 - +
    +
      + +
    • + + CVE-2016-2090 +
      + Link +
      • + +
    +
    • + +
  • +
    + gcc-4.8 4.8.4-1 - +
    +
      + +
    +
    • + +
  • +
    + db5.3 5.3.28-9 - +
    +
      + +
    +
    • + +
  • +
    + explorercanvas 0.r3-3 - +
    +
      + +
    +
    • + +
  • +
    + libsepol 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + coreutils 8.23-4 - +
    +
      + +
    • + + CVE-2016-2781 +
      + Link +
      • + +
    +
    • + +
  • +
    + ustr 1.0.4-3 - +
    +
      + +
    +
    • + +
  • +
    + subversion 1.8.10-6+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + make-dfsg 4.0-8.1 - +
    +
      + +
    +
    • + +
  • +
    + readline6 6.3-8 - +
    +
      + +
    +
    • + +
  • +
    + kmod 18-3 - +
    +
      + +
    +
    • + +
  • +
    + slang2 2.3.0-2 - +
    +
      + +
    +
    • + +
  • +
    + bzip2 1.0.6-7 - +
    +
      + +
    +
    • + +
  • +
    + lvm2 2.02.111-2.2 - +
    +
      + +
    +
    • + +
  • +
    + libtext-wrapi18n-perl 0.06-7 - +
    +
      + +
    +
    • + +
  • +
    + netbase 5.3 - +
    +
      + +
    +
    • + +
  • +
    + liberror-perl 0.17-1.1 - +
    +
      + +
    +
    • + +
  • +
    + cloog 0.18.2-1 - +
    +
      + +
    +
    • + +
  • +
    + libssh2 1.4.3-4.1 - +
    +
      + +
    • + + CVE-2016-0787 +
      + Link +
      • + +
    +
    • + +
  • +
    + dash 0.5.7-4 - +
    +
      + +
    +
    • + +
  • +
    + zlib 1:1.2.8.dfsg-2 - +
    +
      + +
    +
    • + +
  • +
    + libcap2 1:2.24-8 - +
    +
      + +
    +
    • + +
  • +
    + serf 1.3.8-1 - +
    +
      + +
    +
    • + +
  • +
    + lsb 4.1+Debian13+nmu1 - +
    +
      + +
    +
    • + +
  • +
    + attr 1:2.4.47-2 - +
    +
      + +
    +
    • + +
  • +
    + bash 4.3-11 - +
    +
      + +
    +
    • + +
  • +
    + debian-archive-keyring 2014.3 - +
    +
      + +
    +
    • + +
  • +
    + gmp 2:6.0.0+dfsg-6 - +
    +
      + +
    +
    • + +
  • +
    + rtmpdump 2.4+20150115.gita107cef-1 - +
    +
      + +
    +
    • + +
  • +
    + apr 1.5.1-3 - +
    +
      + +
    +
    • + +
  • +
    + six 1.8.0-1 - +
    +
      + +
    +
    • + +
  • +
    + libgcrypt20 1.6.3-2 - +
    +
      + +
    • + + CVE-2015-7511 +
      + Link +
      • + +
    +
    • + +
  • +
    + adduser 3.113+nmu3 - +
    +
      + +
    +
    • + +
  • +
    + e2fsprogs 1.42.12-1.1 - +
    +
      + +
    +
    • + +
  • +
    + libpsl 0.5.1-1 - +
    +
      + +
    +
    • + +
  • +
    + isl 0.12.2-2 - +
    +
      + +
    +
    • + +
  • +
    + libusb 2:0.1.12-25 - +
    +
      + +
    +
    • + +
  • +
    + cryptsetup 2:1.6.6-5 - +
    +
      + +
    +
    • + +
  • +
    + base-passwd 3.5.37 - +
    +
      + +
    +
    • + +
  • +
    + mercurial 3.1.2-2+deb8u1 - +
    +
      + +
    • + + CVE-2016-3068 +
      + Link +
      • + +
    • + + CVE-2016-3069 +
      + Link +
      • + +
    • + + CVE-2016-3630 +
      + Link +
      • + +
    +
    • + +
  • +
    + binutils 2.25-5 - +
    +
      + +
    +
    • + +
  • +
    + acl 2.2.52-2 - +
    +
      + +
    +
    • + +
  • +
    + libgpg-error 1.17-3 - +
    +
      + +
    +
    • + +
  • +
    + mpfr4 3.1.2-2 - +
    +
      + +
    +
    • + +
  • +
    + keyutils 1.5.9-5 - +
    +
      + +
    +
    • + +
  • +
    + sqlite3 3.8.7.1-1+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + xz-utils 5.1.1alpha+20120614-2 - +
    +
      + +
    +
    • + +
  • +
    + libtasn1-6 4.2-3+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + gnupg 1.4.18-7 - +
    +
      + +
    +
    • + +
  • +
    + inetutils 2:1.9.2.39.3a460-3 - +
    +
      + +
    +
    • + +
  • +
    + init-system-helpers 1.22 - +
    +
      + +
    +
    • + +
  • +
    + cdebconf 0.192 - +
    +
      + +
    +
    • + +
  • +
    + mawk 1.3.3-17 - +
    +
      + +
    +
    • + +
  • +
    + sensible-utils 0.0.9 - +
    +
      + +
    +
    • + +
  • +
    + elfutils 0.159-4.2 - +
    +
      + +
    +
    • + +
  • +
    + libtext-charwidth-perl 0.04-7 - +
    +
      + +
    +
    • + +
  • +
    + libselinux 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + dpkg 1.17.26 - +
    +
      + +
    +
    • + +
  • +
    + tzdata 2015g-0+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + mpclib3 1.0.2-1 - +
    +
      + +
    +
    • + +
  • +
    + ncurses 5.9+20140913-1 - +
    +
      + +
    +
    • + +
  • +
    + libedit 3.1-20140620-2 - +
    +
      + +
    +
    • + +
  • +
    + ca-certificates 20141019 - +
    +
      + +
    +
    • + +
  • +
    + apr-util 1.5.4-1 - +
    +
      + +
    +
    • + +
  • +
    + libtext-iconv-perl 1.7-5 - +
    +
      + +
    +
    • + +
  • +
    + bzr 2.6.0+bzr6595-6 - +
    +
      + +
    +
    • + +
  • +
    + popt 1.16-10 - +
    +
      + +
    +
    • + +
  • +
    + insserv 1.14.0-5 - +
    +
      + +
    +
    • + +
  • +
    + libffi 3.1-2 - +
    +
      + +
    +
    • + +
  • +
    + diffutils 1:3.3-1 - +
    +
      + +
    +
    • + +
  • +
    + nspr 2:4.10.7-1+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + startpar 0.59-3 - +
    +
      + +
    +
    • + +
  • +
    + grep 2.20-4.1 - +
    +
      + +
    +
    • + +
  • +
    + debconf 1.5.56 - +
    +
      + +
    +
    • + +
  • +
    + liblocale-gettext-perl 1.05-8 - +
    +
      + +
    +
    • + +
  • +
    + file 1:5.22+15-2 - +
    +
      + +
    +
    • + +
  • +
    + debianutils 4.4 - +
    +
      + +
    +
    • + +
  • +
    + cyrus-sasl2 2.1.26.dfsg1-13+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + gcc-defaults 1.136 - +
    +
      + +
    +
    • + +
  • +
    + findutils 4.4.2-9 - +
    +
      + +
    +
    • + +
  • +
    + iproute2 3.16.0-2 - +
    +
      + +
    +
    • + +
  • +
    + hostname 3.15 - +
    +
      + +
    +
    • + +
  • +
    + procps 2:3.3.9-9 - +
    +
      + +
    +
    • + +
  • +
    + base-files 8+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + sed 4.2.2-4 - +
    +
      + +
    +
    • + +
  • +
    + p11-kit 0.20.7-1 - +
    +
      + +
    +
    • + +
  • +
    + mime-support 3.58 - +
    +
      + +
    +
    • + +
  • +
    + libsemanage 2.3-1 - +
    +
      + +
    +
    • + +
  • +
    + configobj 5.0.6-1 - +
    +
      + +
    +
    • + +
  • +
    + sysvinit 2.88dsf-59 - +
    +
      + +
    +
    • + +
  • +
    + lua5.2 5.2.3-1.1 - +
    +
      + +
    +
    • + +
  • +
    + ucf 3.0030 - +
    +
      + +
    +
    • + +
  • +
    + gzip 1.6-4 - +
    +
      + +
    +
    • + +
  • +
    + gdbm 1.8.3-13.1 - +
    +
      + +
    +
    • + +
+
+
+ +
+

sha256:410efbf0f33e16aaa59a4bf7e110795d204bb2349a6c4e181de43210e90586b6

+
+
+
    + +
  • +
    + pcre3 2:8.35-3.3 - +
    +
      + +
    • + + CVE-2015-8380 +
      The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8390 +
      PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8395 +
      PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392.
      + Link +
      • + +
    • + + CVE-2015-8387 +
      PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-2328 +
      PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8384 +
      PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-8389 +
      PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8388 +
      PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8391 +
      The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8394 +
      PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8386 +
      PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8392 +
      PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-2327 +
      PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8385 +
      PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-3191 +
      The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
      + Link +
      • + +
    • + + CVE-2015-8383 +
      PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8381 +
      The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-1283 +
      The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2014-9769 +
      pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset.
      + Link +
      • + +
    • + + CVE-2015-8382 +
      The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.
      + Link +
      • + +
    • + + CVE-2015-8393 +
      pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
      + Link +
      • + +
    • + + CVE-2015-2326 +
      + Link +
      • + +
    • + + CVE-2015-3210 +
      + Link +
      • + +
    • + + CVE-2015-2325 +
      + Link +
      • + +
    • + + CVE-2015-5073 +
      + Link +
      • + +
    • + + CVE-2015-3217 +
      + Link +
      • + +
    +
    • + +
  • +
    + linux 3.16.7-ckt20-1+deb8u2 - +
    +
      + +
    • + + CVE-2013-7445 +
      The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.
      + Link +
      • + +
    • + + CVE-2016-0728 +
      The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
      + Link +
      • + +
    • + + CVE-2015-8785 +
      The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.
      + Link +
      • + +
    • + + CVE-2015-8767 +
      net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
      + Link +
      • + +
    • + + CVE-2015-7566 +
      The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.
      + Link +
      • + +
    • + + CVE-2013-4312 +
      The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.
      + Link +
      • + +
    • + + CVE-2016-0821 +
      The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.
      + Link +
      • + +
    • + + CVE-2016-0723 +
      Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call.
      + Link +
      • + +
    • + + CVE-2016-3136 +
      + Link +
      • + +
    • + + CVE-2014-9717 +
      + Link +
      • + +
    • + + CVE-2016-3140 +
      + Link +
      • + +
    • + + CVE-2016-3139 +
      + Link +
      • + +
    • + + CVE-2016-2184 +
      + Link +
      • + +
    • + + CVE-2016-3137 +
      + Link +
      • + +
    • + + CVE-2016-2185 +
      + Link +
      • + +
    • + + CVE-2016-3138 +
      + Link +
      • + +
    • + + CVE-2016-2186 +
      + Link +
      • + +
    • + + CVE-2015-8830 +
      + Link +
      • + +
    • + + CVE-2015-7885 +
      The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.
      + Link +
      • + +
    • + + CVE-2015-4003 +
      The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2008-4609 +
      The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
      + Link +
      • + +
    • + + CVE-2004-0230 +
      TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.
      + Link +
      • + +
    • + + CVE-2015-4002 +
      drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions.
      + Link +
      • + +
    • + + CVE-2005-3660 +
      Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference.
      + Link +
      • + +
    • + + CVE-2010-4563 +
      The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping.
      + Link +
      • + +
    • + + CVE-2007-3719 +
      The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
      + Link +
      • + +
    • + + CVE-2016-2053 +
      + Link +
      • + +
    • + + CVE-2011-4917 +
      + Link +
      • + +
    • + + CVE-2011-4915 +
      + Link +
      • + +
    • + + CVE-2012-4542 +
      block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes.
      + Link +
      • + +
    • + + CVE-2015-2877 +
      + Link +
      • + +
    • + + CVE-2015-4004 +
      The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2015-4001 +
      Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet.
      + Link +
      • + +
    • + + CVE-2016-2085 +
      + Link +
      • + +
    • + + CVE-2015-8812 +
      + Link +
      • + +
    • + + CVE-2016-2117 +
      + Link +
      • + +
    • + + CVE-2016-3157 +
      + Link +
      • + +
    • + + CVE-2016-2188 +
      + Link +
      • + +
    • + + CVE-2016-3156 +
      + Link +
      • + +
    • + + CVE-2016-3134 +
      + Link +
      • + +
    • + + CVE-2016-3689 +
      + Link +
      • + +
    • + + CVE-2016-2544 +
      + Link +
      • + +
    • + + CVE-2016-2069 +
      + Link +
      • + +
    • + + CVE-2016-2384 +
      + Link +
      • + +
    • + + CVE-2016-3951 +
      + Link +
      • + +
    • + + CVE-2016-2547 +
      + Link +
      • + +
    • + + CVE-2016-2853 +
      + Link +
      • + +
    • + + CVE-2016-2543 +
      + Link +
      • + +
    • + + CVE-2015-8816 +
      + Link +
      • + +
    • + + CVE-2016-2546 +
      + Link +
      • + +
    • + + CVE-2016-2548 +
      + Link +
      • + +
    • + + CVE-2016-2143 +
      + Link +
      • + +
    • + + CVE-2015-7515 +
      + Link +
      • + +
    • + + CVE-2016-3672 +
      + Link +
      • + +
    • + + CVE-2016-2545 +
      + Link +
      • + +
    • + + CVE-2016-2847 +
      + Link +
      • + +
    • + + CVE-2016-2854 +
      + Link +
      • + +
    • + + CVE-2016-2549 +
      + Link +
      • + +
    • + + CVE-2015-1350 +
      + Link +
      • + +
    • + + CVE-2015-8553 +
      + Link +
      • + +
    • + + CVE-2015-8839 +
      + Link +
      • + +
    • + + CVE-2016-2782 +
      + Link +
      • + +
    • + + CVE-2016-2550 +
      + Link +
      • + +
    +
    • + +
  • +
    + nss 2:3.17.2-1.1+deb8u2 - +
    +
      + +
    • + + CVE-2015-7181 +
      The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue.
      + Link +
      • + +
    • + + CVE-2015-7182 +
      Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.
      + Link +
      • + +
    • + + CVE-2016-1978 +
      Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.
      + Link +
      • + +
    • + + CVE-2015-4000 +
      The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
      + Link +
      • + +
    • + + CVE-2016-1938 +
      The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.
      + Link +
      • + +
    • + + CVE-2016-1950 +
      Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.
      + Link +
      • + +
    • + + CVE-2016-1979 +
      Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding.
      + Link +
      • + +
    • + + CVE-2015-7575 +
      Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.
      + Link +
      • + +
    +
    • + +
  • +
    + openssh 1:6.7p1-5 - +
    +
      + +
    • + + CVE-2015-5600 +
      The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.
      + Link +
      • + +
    • + + CVE-2015-5352 +
      The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.
      + Link +
      • + +
    • + + CVE-2016-3115 +
      Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
      + Link +
      • + +
    • + + CVE-2015-6564 +
      Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
      + Link +
      • + +
    • + + CVE-2016-0778 +
      The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
      + Link +
      • + +
    • + + CVE-2016-0777 +
      The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
      + Link +
      • + +
    • + + CVE-2015-6563 +
      The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
      + Link +
      • + +
    • + + CVE-2007-2243 +
      OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.
      + Link +
      • + +
    • + + CVE-2008-3234 +
      sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.
      + Link +
      • + +
    • + + CVE-2007-2768 +
      OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.
      + Link +
      • + +
    • + + CVE-2016-1908 +
      + Link +
      • + +
    • + + CVE-2015-8325 +
      + Link +
      • + +
    +
    • + +
  • +
    + glibc 2.19-18+deb8u1 - +
    +
      + +
    • + + CVE-2015-5277 +
      The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.
      + Link +
      • + +
    • + + CVE-2016-2856 +
      pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option.
      + Link +
      • + +
    • + + CVE-2014-8121 +
      DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.
      + Link +
      • + +
    • + + CVE-2015-7547 +
      Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
      + Link +
      • + +
    • + + CVE-2015-5180 +
      + Link +
      • + +
    • + + CVE-2013-2207 +
      pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
      + Link +
      • + +
    • + + CVE-2015-8777 +
      The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
      + Link +
      • + +
    • + + CVE-2010-4756 +
      The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
      + Link +
      • + +
    • + + CVE-2010-4052 +
      Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
      + Link +
      • + +
    • + + CVE-2010-4051 +
      The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
      + Link +
      • + +
    • + + CVE-2016-1234 +
      + Link +
      • + +
    • + + CVE-2015-8776 +
      + Link +
      • + +
    • + + CVE-2015-8778 +
      + Link +
      • + +
    • + + CVE-2014-9761 +
      + Link +
      • + +
    • + + CVE-2016-3075 +
      + Link +
      • + +
    • + + CVE-2015-8779 +
      + Link +
      • + +
    +
    • + +
  • +
    + openssl 1.0.1k-3+deb8u2 - +
    +
      + +
    • + + CVE-2016-2842 +
      The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.
      + Link +
      • + +
    • + + CVE-2016-0705 +
      Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
      + Link +
      • + +
    • + + CVE-2016-0799 +
      The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.
      + Link +
      • + +
    • + + CVE-2016-0798 +
      Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.
      + Link +
      • + +
    • + + CVE-2016-0797 +
      Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.
      + Link +
      • + +
    • + + CVE-2016-0702 +
      The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.
      + Link +
      • + +
    • + + CVE-2010-0928 +
      OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."
      + Link +
      • + +
    • + + CVE-2007-6755 +
      The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + krb5 1.12.1+dfsg-19+deb8u1 - +
    +
      + +
    • + + CVE-2015-8631 +
      Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.
      + Link +
      • + +
    • + + CVE-2015-2694 +
      The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.
      + Link +
      • + +
    • + + CVE-2015-8630 +
      The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.
      + Link +
      • + +
    • + + CVE-2016-3119 +
      The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
      + Link +
      • + +
    • + + CVE-2015-8629 +
      The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
      + Link +
      • + +
    • + + CVE-2004-0971 +
      The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
      + Link +
      • + +
    +
    • + +
  • +
    + nettle 2.7.1-5 - +
    +
      + +
    • + + CVE-2015-8803 +
      The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
      + Link +
      • + +
    • + + CVE-2015-8805 +
      The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.
      + Link +
      • + +
    • + + CVE-2015-8804 +
      x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + icu 52.1-8+deb8u3 - +
    +
      + +
    • + + CVE-2015-4844 +
      Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2016-0494 +
      Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2015-2632 +
      Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
      + Link +
      • + +
    +
    • + +
  • +
    + git 1:2.1.4-2.1+deb8u1 - +
    +
      + +
    • + + CVE-2016-2315 +
      revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
      + Link +
      • + +
    • + + CVE-2016-2324 +
      Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
      + Link +
      • + +
    +
    • + +
  • +
    + perl 5.20.2-3+deb8u1 - +
    +
      + +
    • + + CVE-2015-8607 +
      The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
      + Link +
      • + +
    • + + CVE-2011-4116 +
      + Link +
      • + +
    • + + CVE-2012-3878 +
      + Link +
      • + +
    • + + CVE-2016-2381 +
      Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
      + Link +
      • + +
    +
    • + +
  • +
    + gcc-4.9 4.9.2-10 - +
    +
      + +
    • + + CVE-2015-5276 +
      The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + apt 1.0.9.8.1 - +
    +
      + +
    • + + CVE-2011-3374 +
      + Link +
      • + +
    • + + CVE-2012-3587 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack.
      + Link +
      • + +
    • + + CVE-2012-0954 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587.
      + Link +
      • + +
    +
    • + +
  • +
    + libidn 1.29-1 - +
    +
      + +
    • + + CVE-2015-2059 +
      The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.
      + Link +
      • + +
    +
    • + +
  • +
    + pam 1.1.8-3.1 - +
    +
      + +
    • + + CVE-2015-3238 +
      The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
      + Link +
      • + +
    +
    • + +
  • +
    + curl 7.38.0-4+deb8u2 - +
    +
      + +
    • + + CVE-2016-0755 +
      The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
      + Link +
      • + +
    +
    • + +
  • +
    + gnutls28 3.3.8-6+deb8u3 - +
    +
      + +
    • + + CVE-2011-3389 +
      The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
      + Link +
      • + +
    +
    • + +
  • +
    + util-linux 2.25.2-6 - +
    +
      + +
    • + + CVE-2015-5224 +
      + Link +
      • + +
    • + + CVE-2016-2779 +
      + Link +
      • + +
    • + + CVE-2015-5218 +
      Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.
      + Link +
      • + +
    +
    • + +
  • +
    + systemd 215-17+deb8u2 - +
    +
      + +
    • + + CVE-2013-4392 +
      systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.
      + Link +
      • + +
    • + + CVE-2015-8842 +
      + Link +
      • + +
    +
    • + +
  • +
    + rpm 4.11.3-1.1 - +
    +
      + +
    • + + CVE-2010-2199 +
      lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059.
      + Link +
      • + +
    • + + CVE-2010-2198 +
      lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creating a hard link to a vulnerable file that has (1) POSIX file capabilities or (2) SELinux context information, a related issue to CVE-2010-2059.
      + Link +
      • + +
    +
    • + +
  • +
    + shadow 1:4.2-3 - +
    +
      + +
    • + + CVE-2013-4235 +
      + Link +
      • + +
    • + + CVE-2007-5686 +
      initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.
      + Link +
      • + +
    +
    • + +
  • +
    + audit 1:2.4-1 - +
    +
      + +
    • + + CVE-2015-5186 +
      + Link +
      • + +
    +
    • + +
  • +
    + libbsd 0.7.0-2 - +
    +
      + +
    • + + CVE-2016-2090 +
      + Link +
      • + +
    +
    • + +
  • +
    + wget 1.16-1 - +
    +
      + +
    • + + CVE-2006-6719 +
      The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.
      + Link +
      • + +
    +
    • + +
  • +
    + expat 2.1.0-6+deb8u1 - +
    +
      + +
    • + + CVE-2013-0340 +
      expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + python-defaults 2.7.9-1 - +
    +
      + +
    • + + CVE-2008-4108 +
      Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory.
      + Link +
      • + +
    +
    • + +
  • +
    + openldap 2.4.40+dfsg-1+deb8u1 - +
    +
      + +
    • + + CVE-2015-3276 +
      The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + python2.7 2.7.9-2 - +
    +
      + +
    • + + CVE-2013-7040 +
      Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.
      + Link +
      • + +
    +
    • + +
  • +
    + tar 1.27.1-2 - +
    +
      + +
    • + + CVE-2005-2541 +
      Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
      + Link +
      • + +
    +
    • + +
  • +
    + gdbm 1.8.3-13.1 - +
    +
      + +
    +
    • + +
  • +
    + gnupg 1.4.18-7 - +
    +
      + +
    +
    • + +
  • +
    + libffi 3.1-2 - +
    +
      + +
    +
    • + +
  • +
    + file 1:5.22+15-2 - +
    +
      + +
    +
    • + +
  • +
    + libtext-charwidth-perl 0.04-7 - +
    +
      + +
    +
    • + +
  • +
    + base-passwd 3.5.37 - +
    +
      + +
    +
    • + +
  • +
    + mawk 1.3.3-17 - +
    +
      + +
    +
    • + +
  • +
    + startpar 0.59-3 - +
    +
      + +
    +
    • + +
  • +
    + lsb 4.1+Debian13+nmu1 - +
    +
      + +
    +
    • + +
  • +
    + adduser 3.113+nmu3 - +
    +
      + +
    +
    • + +
  • +
    + procps 2:3.3.9-9 - +
    +
      + +
    +
    • + +
  • +
    + mime-support 3.58 - +
    +
      + +
    +
    • + +
  • +
    + slang2 2.3.0-2 - +
    +
      + +
    +
    • + +
  • +
    + explorercanvas 0.r3-3 - +
    +
      + +
    +
    • + +
  • +
    + libssh2 1.4.3-4.1 - +
    +
      + +
    • + + CVE-2016-0787 +
      + Link +
      • + +
    +
    • + +
  • +
    + libgcrypt20 1.6.3-2 - +
    +
      + +
    • + + CVE-2015-7511 +
      + Link +
      • + +
    +
    • + +
  • +
    + zlib 1:1.2.8.dfsg-2 - +
    +
      + +
    +
    • + +
  • +
    + liblocale-gettext-perl 1.05-8 - +
    +
      + +
    +
    • + +
  • +
    + init-system-helpers 1.22 - +
    +
      + +
    +
    • + +
  • +
    + libtext-wrapi18n-perl 0.06-7 - +
    +
      + +
    +
    • + +
  • +
    + db5.3 5.3.28-9 - +
    +
      + +
    +
    • + +
  • +
    + sysvinit 2.88dsf-59 - +
    +
      + +
    +
    • + +
  • +
    + ca-certificates 20141019 - +
    +
      + +
    +
    • + +
  • +
    + mpclib3 1.0.2-1 - +
    +
      + +
    +
    • + +
  • +
    + elfutils 0.159-4.2 - +
    +
      + +
    +
    • + +
  • +
    + gzip 1.6-4 - +
    +
      + +
    +
    • + +
  • +
    + hostname 3.15 - +
    +
      + +
    +
    • + +
  • +
    + insserv 1.14.0-5 - +
    +
      + +
    +
    • + +
  • +
    + mpfr4 3.1.2-2 - +
    +
      + +
    +
    • + +
  • +
    + cryptsetup 2:1.6.6-5 - +
    +
      + +
    +
    • + +
  • +
    + readline6 6.3-8 - +
    +
      + +
    +
    • + +
  • +
    + cloog 0.18.2-1 - +
    +
      + +
    +
    • + +
  • +
    + debian-archive-keyring 2014.3 - +
    +
      + +
    +
    • + +
  • +
    + findutils 4.4.2-9 - +
    +
      + +
    +
    • + +
  • +
    + gcc-4.8 4.8.4-1 - +
    +
      + +
    +
    • + +
  • +
    + ncurses 5.9+20140913-1 - +
    +
      + +
    +
    • + +
  • +
    + cyrus-sasl2 2.1.26.dfsg1-13+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + p11-kit 0.20.7-1 - +
    +
      + +
    +
    • + +
  • +
    + keyutils 1.5.9-5 - +
    +
      + +
    +
    • + +
  • +
    + cdebconf 0.192 - +
    +
      + +
    +
    • + +
  • +
    + debianutils 4.4 - +
    +
      + +
    +
    • + +
  • +
    + iproute2 3.16.0-2 - +
    +
      + +
    +
    • + +
  • +
    + xz-utils 5.1.1alpha+20120614-2 - +
    +
      + +
    +
    • + +
  • +
    + libtext-iconv-perl 1.7-5 - +
    +
      + +
    +
    • + +
  • +
    + apr 1.5.1-3 - +
    +
      + +
    +
    • + +
  • +
    + lua5.2 5.2.3-1.1 - +
    +
      + +
    +
    • + +
  • +
    + kmod 18-3 - +
    +
      + +
    +
    • + +
  • +
    + gmp 2:6.0.0+dfsg-6 - +
    +
      + +
    +
    • + +
  • +
    + nspr 2:4.10.7-1+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + ustr 1.0.4-3 - +
    +
      + +
    +
    • + +
  • +
    + libgpg-error 1.17-3 - +
    +
      + +
    +
    • + +
  • +
    + debconf 1.5.56 - +
    +
      + +
    +
    • + +
  • +
    + rtmpdump 2.4+20150115.gita107cef-1 - +
    +
      + +
    +
    • + +
  • +
    + sqlite3 3.8.7.1-1+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + configobj 5.0.6-1 - +
    +
      + +
    +
    • + +
  • +
    + six 1.8.0-1 - +
    +
      + +
    +
    • + +
  • +
    + apr-util 1.5.4-1 - +
    +
      + +
    +
    • + +
  • +
    + diffutils 1:3.3-1 - +
    +
      + +
    +
    • + +
  • +
    + libcap2 1:2.24-8 - +
    +
      + +
    +
    • + +
  • +
    + liberror-perl 0.17-1.1 - +
    +
      + +
    +
    • + +
  • +
    + serf 1.3.8-1 - +
    +
      + +
    +
    • + +
  • +
    + gcc-defaults 1.136 - +
    +
      + +
    +
    • + +
  • +
    + sed 4.2.2-4 - +
    +
      + +
    +
    • + +
  • +
    + inetutils 2:1.9.2.39.3a460-3 - +
    +
      + +
    +
    • + +
  • +
    + subversion 1.8.10-6+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + coreutils 8.23-4 - +
    +
      + +
    • + + CVE-2016-2781 +
      + Link +
      • + +
    +
    • + +
  • +
    + tzdata 2015g-0+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + libtasn1-6 4.2-3+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + make-dfsg 4.0-8.1 - +
    +
      + +
    +
    • + +
  • +
    + libsepol 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + libsemanage 2.3-1 - +
    +
      + +
    +
    • + +
  • +
    + dpkg 1.17.26 - +
    +
      + +
    +
    • + +
  • +
    + libselinux 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + isl 0.12.2-2 - +
    +
      + +
    +
    • + +
  • +
    + libusb 2:0.1.12-25 - +
    +
      + +
    +
    • + +
  • +
    + binutils 2.25-5 - +
    +
      + +
    +
    • + +
  • +
    + netbase 5.3 - +
    +
      + +
    +
    • + +
  • +
    + popt 1.16-10 - +
    +
      + +
    +
    • + +
  • +
    + libedit 3.1-20140620-2 - +
    +
      + +
    +
    • + +
  • +
    + bzr 2.6.0+bzr6595-6 - +
    +
      + +
    +
    • + +
  • +
    + base-files 8+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + lvm2 2.02.111-2.2 - +
    +
      + +
    +
    • + +
  • +
    + ucf 3.0030 - +
    +
      + +
    +
    • + +
  • +
    + dash 0.5.7-4 - +
    +
      + +
    +
    • + +
  • +
    + attr 1:2.4.47-2 - +
    +
      + +
    +
    • + +
  • +
    + sensible-utils 0.0.9 - +
    +
      + +
    +
    • + +
  • +
    + libpsl 0.5.1-1 - +
    +
      + +
    +
    • + +
  • +
    + acl 2.2.52-2 - +
    +
      + +
    +
    • + +
  • +
    + e2fsprogs 1.42.12-1.1 - +
    +
      + +
    +
    • + +
  • +
    + bzip2 1.0.6-7 - +
    +
      + +
    +
    • + +
  • +
    + grep 2.20-4.1 - +
    +
      + +
    +
    • + +
  • +
    + bash 4.3-11 - +
    +
      + +
    +
    • + +
  • +
    + mercurial 3.1.2-2+deb8u1 - +
    +
      + +
    • + + CVE-2016-3068 +
      + Link +
      • + +
    • + + CVE-2016-3069 +
      + Link +
      • + +
    • + + CVE-2016-3630 +
      + Link +
      • + +
    +
    • + +
+
+
+ +
+

sha256:6239c10e33a84c9edebfc15d99fcb9521f6e062b2b393266d07fb0e36f5980e1

+
+
+
    + +
  • +
    + pcre3 2:8.35-3.3 - +
    +
      + +
    • + + CVE-2015-8380 +
      The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8390 +
      PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8395 +
      PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392.
      + Link +
      • + +
    • + + CVE-2015-8387 +
      PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-2328 +
      PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8384 +
      PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-8389 +
      PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8388 +
      PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8391 +
      The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8394 +
      PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8386 +
      PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8392 +
      PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-2327 +
      PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8385 +
      PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-3191 +
      The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
      + Link +
      • + +
    • + + CVE-2015-8383 +
      PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8381 +
      The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-1283 +
      The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2014-9769 +
      pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset.
      + Link +
      • + +
    • + + CVE-2015-8382 +
      The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.
      + Link +
      • + +
    • + + CVE-2015-8393 +
      pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
      + Link +
      • + +
    • + + CVE-2015-2326 +
      + Link +
      • + +
    • + + CVE-2015-3210 +
      + Link +
      • + +
    • + + CVE-2015-2325 +
      + Link +
      • + +
    • + + CVE-2015-5073 +
      + Link +
      • + +
    • + + CVE-2015-3217 +
      + Link +
      • + +
    +
    • + +
  • +
    + linux 3.16.7-ckt20-1+deb8u2 - +
    +
      + +
    • + + CVE-2013-7445 +
      The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.
      + Link +
      • + +
    • + + CVE-2016-0728 +
      The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
      + Link +
      • + +
    • + + CVE-2015-8785 +
      The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.
      + Link +
      • + +
    • + + CVE-2015-8767 +
      net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
      + Link +
      • + +
    • + + CVE-2015-7566 +
      The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.
      + Link +
      • + +
    • + + CVE-2013-4312 +
      The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.
      + Link +
      • + +
    • + + CVE-2016-0821 +
      The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.
      + Link +
      • + +
    • + + CVE-2016-0723 +
      Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call.
      + Link +
      • + +
    • + + CVE-2016-3136 +
      + Link +
      • + +
    • + + CVE-2014-9717 +
      + Link +
      • + +
    • + + CVE-2016-3140 +
      + Link +
      • + +
    • + + CVE-2016-3139 +
      + Link +
      • + +
    • + + CVE-2016-2184 +
      + Link +
      • + +
    • + + CVE-2016-3137 +
      + Link +
      • + +
    • + + CVE-2016-2185 +
      + Link +
      • + +
    • + + CVE-2016-3138 +
      + Link +
      • + +
    • + + CVE-2016-2186 +
      + Link +
      • + +
    • + + CVE-2015-8830 +
      + Link +
      • + +
    • + + CVE-2015-7885 +
      The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.
      + Link +
      • + +
    • + + CVE-2015-4003 +
      The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2008-4609 +
      The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
      + Link +
      • + +
    • + + CVE-2004-0230 +
      TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.
      + Link +
      • + +
    • + + CVE-2015-4002 +
      drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions.
      + Link +
      • + +
    • + + CVE-2005-3660 +
      Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference.
      + Link +
      • + +
    • + + CVE-2010-4563 +
      The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping.
      + Link +
      • + +
    • + + CVE-2007-3719 +
      The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
      + Link +
      • + +
    • + + CVE-2016-2053 +
      + Link +
      • + +
    • + + CVE-2011-4917 +
      + Link +
      • + +
    • + + CVE-2011-4915 +
      + Link +
      • + +
    • + + CVE-2012-4542 +
      block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes.
      + Link +
      • + +
    • + + CVE-2015-2877 +
      + Link +
      • + +
    • + + CVE-2015-4004 +
      The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2015-4001 +
      Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet.
      + Link +
      • + +
    • + + CVE-2016-2085 +
      + Link +
      • + +
    • + + CVE-2015-8812 +
      + Link +
      • + +
    • + + CVE-2016-2117 +
      + Link +
      • + +
    • + + CVE-2016-3157 +
      + Link +
      • + +
    • + + CVE-2016-2188 +
      + Link +
      • + +
    • + + CVE-2016-3156 +
      + Link +
      • + +
    • + + CVE-2016-3134 +
      + Link +
      • + +
    • + + CVE-2016-3689 +
      + Link +
      • + +
    • + + CVE-2016-2544 +
      + Link +
      • + +
    • + + CVE-2016-2069 +
      + Link +
      • + +
    • + + CVE-2016-2384 +
      + Link +
      • + +
    • + + CVE-2016-3951 +
      + Link +
      • + +
    • + + CVE-2016-2547 +
      + Link +
      • + +
    • + + CVE-2016-2853 +
      + Link +
      • + +
    • + + CVE-2016-2543 +
      + Link +
      • + +
    • + + CVE-2015-8816 +
      + Link +
      • + +
    • + + CVE-2016-2546 +
      + Link +
      • + +
    • + + CVE-2016-2548 +
      + Link +
      • + +
    • + + CVE-2016-2143 +
      + Link +
      • + +
    • + + CVE-2015-7515 +
      + Link +
      • + +
    • + + CVE-2016-3672 +
      + Link +
      • + +
    • + + CVE-2016-2545 +
      + Link +
      • + +
    • + + CVE-2016-2847 +
      + Link +
      • + +
    • + + CVE-2016-2854 +
      + Link +
      • + +
    • + + CVE-2016-2549 +
      + Link +
      • + +
    • + + CVE-2015-1350 +
      + Link +
      • + +
    • + + CVE-2015-8553 +
      + Link +
      • + +
    • + + CVE-2015-8839 +
      + Link +
      • + +
    • + + CVE-2016-2782 +
      + Link +
      • + +
    • + + CVE-2016-2550 +
      + Link +
      • + +
    +
    • + +
  • +
    + nss 2:3.17.2-1.1+deb8u2 - +
    +
      + +
    • + + CVE-2015-7181 +
      The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue.
      + Link +
      • + +
    • + + CVE-2015-7182 +
      Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.
      + Link +
      • + +
    • + + CVE-2016-1978 +
      Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.
      + Link +
      • + +
    • + + CVE-2015-4000 +
      The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
      + Link +
      • + +
    • + + CVE-2016-1938 +
      The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.
      + Link +
      • + +
    • + + CVE-2016-1950 +
      Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.
      + Link +
      • + +
    • + + CVE-2016-1979 +
      Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding.
      + Link +
      • + +
    • + + CVE-2015-7575 +
      Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.
      + Link +
      • + +
    +
    • + +
  • +
    + openssh 1:6.7p1-5 - +
    +
      + +
    • + + CVE-2015-5600 +
      The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.
      + Link +
      • + +
    • + + CVE-2015-5352 +
      The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.
      + Link +
      • + +
    • + + CVE-2016-3115 +
      Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
      + Link +
      • + +
    • + + CVE-2015-6564 +
      Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
      + Link +
      • + +
    • + + CVE-2016-0778 +
      The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
      + Link +
      • + +
    • + + CVE-2016-0777 +
      The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
      + Link +
      • + +
    • + + CVE-2015-6563 +
      The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
      + Link +
      • + +
    • + + CVE-2007-2243 +
      OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.
      + Link +
      • + +
    • + + CVE-2008-3234 +
      sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.
      + Link +
      • + +
    • + + CVE-2007-2768 +
      OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.
      + Link +
      • + +
    • + + CVE-2016-1908 +
      + Link +
      • + +
    • + + CVE-2015-8325 +
      + Link +
      • + +
    +
    • + +
  • +
    + glibc 2.19-18+deb8u1 - +
    +
      + +
    • + + CVE-2015-5277 +
      The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.
      + Link +
      • + +
    • + + CVE-2016-2856 +
      pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option.
      + Link +
      • + +
    • + + CVE-2014-8121 +
      DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.
      + Link +
      • + +
    • + + CVE-2015-7547 +
      Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
      + Link +
      • + +
    • + + CVE-2015-5180 +
      + Link +
      • + +
    • + + CVE-2013-2207 +
      pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
      + Link +
      • + +
    • + + CVE-2015-8777 +
      The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
      + Link +
      • + +
    • + + CVE-2010-4756 +
      The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
      + Link +
      • + +
    • + + CVE-2010-4052 +
      Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
      + Link +
      • + +
    • + + CVE-2010-4051 +
      The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
      + Link +
      • + +
    • + + CVE-2016-1234 +
      + Link +
      • + +
    • + + CVE-2015-8776 +
      + Link +
      • + +
    • + + CVE-2015-8778 +
      + Link +
      • + +
    • + + CVE-2014-9761 +
      + Link +
      • + +
    • + + CVE-2016-3075 +
      + Link +
      • + +
    • + + CVE-2015-8779 +
      + Link +
      • + +
    +
    • + +
  • +
    + openssl 1.0.1k-3+deb8u2 - +
    +
      + +
    • + + CVE-2016-2842 +
      The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.
      + Link +
      • + +
    • + + CVE-2016-0705 +
      Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
      + Link +
      • + +
    • + + CVE-2016-0799 +
      The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.
      + Link +
      • + +
    • + + CVE-2016-0798 +
      Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.
      + Link +
      • + +
    • + + CVE-2016-0797 +
      Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.
      + Link +
      • + +
    • + + CVE-2016-0702 +
      The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.
      + Link +
      • + +
    • + + CVE-2010-0928 +
      OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."
      + Link +
      • + +
    • + + CVE-2007-6755 +
      The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + krb5 1.12.1+dfsg-19+deb8u1 - +
    +
      + +
    • + + CVE-2015-8631 +
      Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.
      + Link +
      • + +
    • + + CVE-2015-2694 +
      The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.
      + Link +
      • + +
    • + + CVE-2015-8630 +
      The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.
      + Link +
      • + +
    • + + CVE-2016-3119 +
      The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
      + Link +
      • + +
    • + + CVE-2015-8629 +
      The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
      + Link +
      • + +
    • + + CVE-2004-0971 +
      The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
      + Link +
      • + +
    +
    • + +
  • +
    + nettle 2.7.1-5 - +
    +
      + +
    • + + CVE-2015-8803 +
      The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
      + Link +
      • + +
    • + + CVE-2015-8805 +
      The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.
      + Link +
      • + +
    • + + CVE-2015-8804 +
      x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + icu 52.1-8+deb8u3 - +
    +
      + +
    • + + CVE-2015-4844 +
      Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2016-0494 +
      Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2015-2632 +
      Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
      + Link +
      • + +
    +
    • + +
  • +
    + git 1:2.1.4-2.1+deb8u1 - +
    +
      + +
    • + + CVE-2016-2315 +
      revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
      + Link +
      • + +
    • + + CVE-2016-2324 +
      Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
      + Link +
      • + +
    +
    • + +
  • +
    + perl 5.20.2-3+deb8u1 - +
    +
      + +
    • + + CVE-2015-8607 +
      The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
      + Link +
      • + +
    • + + CVE-2011-4116 +
      + Link +
      • + +
    • + + CVE-2012-3878 +
      + Link +
      • + +
    • + + CVE-2016-2381 +
      Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
      + Link +
      • + +
    +
    • + +
  • +
    + curl 7.38.0-4+deb8u2 - +
    +
      + +
    • + + CVE-2016-0755 +
      The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
      + Link +
      • + +
    +
    • + +
  • +
    + pam 1.1.8-3.1 - +
    +
      + +
    • + + CVE-2015-3238 +
      The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
      + Link +
      • + +
    +
    • + +
  • +
    + libidn 1.29-1 - +
    +
      + +
    • + + CVE-2015-2059 +
      The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.
      + Link +
      • + +
    +
    • + +
  • +
    + gnutls28 3.3.8-6+deb8u3 - +
    +
      + +
    • + + CVE-2011-3389 +
      The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
      + Link +
      • + +
    +
    • + +
  • +
    + apt 1.0.9.8.1 - +
    +
      + +
    • + + CVE-2011-3374 +
      + Link +
      • + +
    • + + CVE-2012-3587 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack.
      + Link +
      • + +
    • + + CVE-2012-0954 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587.
      + Link +
      • + +
    +
    • + +
  • +
    + util-linux 2.25.2-6 - +
    +
      + +
    • + + CVE-2015-5224 +
      + Link +
      • + +
    • + + CVE-2016-2779 +
      + Link +
      • + +
    • + + CVE-2015-5218 +
      Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.
      + Link +
      • + +
    +
    • + +
  • +
    + gcc-4.9 4.9.2-10 - +
    +
      + +
    • + + CVE-2015-5276 +
      The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + systemd 215-17+deb8u2 - +
    +
      + +
    • + + CVE-2013-4392 +
      systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.
      + Link +
      • + +
    • + + CVE-2015-8842 +
      + Link +
      • + +
    +
    • + +
  • +
    + shadow 1:4.2-3 - +
    +
      + +
    • + + CVE-2013-4235 +
      + Link +
      • + +
    • + + CVE-2007-5686 +
      initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.
      + Link +
      • + +
    +
    • + +
  • +
    + rpm 4.11.3-1.1 - +
    +
      + +
    • + + CVE-2010-2199 +
      lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059.
      + Link +
      • + +
    • + + CVE-2010-2198 +
      lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creating a hard link to a vulnerable file that has (1) POSIX file capabilities or (2) SELinux context information, a related issue to CVE-2010-2059.
      + Link +
      • + +
    +
    • + +
  • +
    + expat 2.1.0-6+deb8u1 - +
    +
      + +
    • + + CVE-2013-0340 +
      expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + audit 1:2.4-1 - +
    +
      + +
    • + + CVE-2015-5186 +
      + Link +
      • + +
    +
    • + +
  • +
    + python-defaults 2.7.9-1 - +
    +
      + +
    • + + CVE-2008-4108 +
      Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory.
      + Link +
      • + +
    +
    • + +
  • +
    + libbsd 0.7.0-2 - +
    +
      + +
    • + + CVE-2016-2090 +
      + Link +
      • + +
    +
    • + +
  • +
    + openldap 2.4.40+dfsg-1+deb8u1 - +
    +
      + +
    • + + CVE-2015-3276 +
      The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + python2.7 2.7.9-2 - +
    +
      + +
    • + + CVE-2013-7040 +
      Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.
      + Link +
      • + +
    +
    • + +
  • +
    + tar 1.27.1-2 - +
    +
      + +
    • + + CVE-2005-2541 +
      Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
      + Link +
      • + +
    +
    • + +
  • +
    + wget 1.16-1 - +
    +
      + +
    • + + CVE-2006-6719 +
      The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.
      + Link +
      • + +
    +
    • + +
  • +
    + dpkg 1.17.26 - +
    +
      + +
    +
    • + +
  • +
    + rtmpdump 2.4+20150115.gita107cef-1 - +
    +
      + +
    +
    • + +
  • +
    + debian-archive-keyring 2014.3 - +
    +
      + +
    +
    • + +
  • +
    + elfutils 0.159-4.2 - +
    +
      + +
    +
    • + +
  • +
    + lua5.2 5.2.3-1.1 - +
    +
      + +
    +
    • + +
  • +
    + gcc-4.8 4.8.4-1 - +
    +
      + +
    +
    • + +
  • +
    + p11-kit 0.20.7-1 - +
    +
      + +
    +
    • + +
  • +
    + gdbm 1.8.3-13.1 - +
    +
      + +
    +
    • + +
  • +
    + sqlite3 3.8.7.1-1+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + mawk 1.3.3-17 - +
    +
      + +
    +
    • + +
  • +
    + ca-certificates 20141019 - +
    +
      + +
    +
    • + +
  • +
    + ncurses 5.9+20140913-1 - +
    +
      + +
    +
    • + +
  • +
    + mpclib3 1.0.2-1 - +
    +
      + +
    +
    • + +
  • +
    + libusb 2:0.1.12-25 - +
    +
      + +
    +
    • + +
  • +
    + apr 1.5.1-3 - +
    +
      + +
    +
    • + +
  • +
    + bash 4.3-11 - +
    +
      + +
    +
    • + +
  • +
    + kmod 18-3 - +
    +
      + +
    +
    • + +
  • +
    + sensible-utils 0.0.9 - +
    +
      + +
    +
    • + +
  • +
    + mercurial 3.1.2-2+deb8u1 - +
    +
      + +
    • + + CVE-2016-3068 +
      + Link +
      • + +
    • + + CVE-2016-3069 +
      + Link +
      • + +
    • + + CVE-2016-3630 +
      + Link +
      • + +
    +
    • + +
  • +
    + init-system-helpers 1.22 - +
    +
      + +
    +
    • + +
  • +
    + explorercanvas 0.r3-3 - +
    +
      + +
    +
    • + +
  • +
    + keyutils 1.5.9-5 - +
    +
      + +
    +
    • + +
  • +
    + procps 2:3.3.9-9 - +
    +
      + +
    +
    • + +
  • +
    + inetutils 2:1.9.2.39.3a460-3 - +
    +
      + +
    +
    • + +
  • +
    + debianutils 4.4 - +
    +
      + +
    +
    • + +
  • +
    + startpar 0.59-3 - +
    +
      + +
    +
    • + +
  • +
    + libedit 3.1-20140620-2 - +
    +
      + +
    +
    • + +
  • +
    + libtext-wrapi18n-perl 0.06-7 - +
    +
      + +
    +
    • + +
  • +
    + libtext-iconv-perl 1.7-5 - +
    +
      + +
    +
    • + +
  • +
    + gmp 2:6.0.0+dfsg-6 - +
    +
      + +
    +
    • + +
  • +
    + libcap2 1:2.24-8 - +
    +
      + +
    +
    • + +
  • +
    + findutils 4.4.2-9 - +
    +
      + +
    +
    • + +
  • +
    + slang2 2.3.0-2 - +
    +
      + +
    +
    • + +
  • +
    + attr 1:2.4.47-2 - +
    +
      + +
    +
    • + +
  • +
    + libpsl 0.5.1-1 - +
    +
      + +
    +
    • + +
  • +
    + cdebconf 0.192 - +
    +
      + +
    +
    • + +
  • +
    + xz-utils 5.1.1alpha+20120614-2 - +
    +
      + +
    +
    • + +
  • +
    + coreutils 8.23-4 - +
    +
      + +
    • + + CVE-2016-2781 +
      + Link +
      • + +
    +
    • + +
  • +
    + configobj 5.0.6-1 - +
    +
      + +
    +
    • + +
  • +
    + grep 2.20-4.1 - +
    +
      + +
    +
    • + +
  • +
    + six 1.8.0-1 - +
    +
      + +
    +
    • + +
  • +
    + libselinux 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + libssh2 1.4.3-4.1 - +
    +
      + +
    • + + CVE-2016-0787 +
      + Link +
      • + +
    +
    • + +
  • +
    + hostname 3.15 - +
    +
      + +
    +
    • + +
  • +
    + acl 2.2.52-2 - +
    +
      + +
    +
    • + +
  • +
    + liblocale-gettext-perl 1.05-8 - +
    +
      + +
    +
    • + +
  • +
    + liberror-perl 0.17-1.1 - +
    +
      + +
    +
    • + +
  • +
    + gcc-defaults 1.136 - +
    +
      + +
    +
    • + +
  • +
    + isl 0.12.2-2 - +
    +
      + +
    +
    • + +
  • +
    + mpfr4 3.1.2-2 - +
    +
      + +
    +
    • + +
  • +
    + libgcrypt20 1.6.3-2 - +
    +
      + +
    • + + CVE-2015-7511 +
      + Link +
      • + +
    +
    • + +
  • +
    + debconf 1.5.56 - +
    +
      + +
    +
    • + +
  • +
    + readline6 6.3-8 - +
    +
      + +
    +
    • + +
  • +
    + cyrus-sasl2 2.1.26.dfsg1-13+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + cryptsetup 2:1.6.6-5 - +
    +
      + +
    +
    • + +
  • +
    + sed 4.2.2-4 - +
    +
      + +
    +
    • + +
  • +
    + diffutils 1:3.3-1 - +
    +
      + +
    +
    • + +
  • +
    + libtasn1-6 4.2-3+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + bzr 2.6.0+bzr6595-6 - +
    +
      + +
    +
    • + +
  • +
    + zlib 1:1.2.8.dfsg-2 - +
    +
      + +
    +
    • + +
  • +
    + libtext-charwidth-perl 0.04-7 - +
    +
      + +
    +
    • + +
  • +
    + dash 0.5.7-4 - +
    +
      + +
    +
    • + +
  • +
    + bzip2 1.0.6-7 - +
    +
      + +
    +
    • + +
  • +
    + base-files 8+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + insserv 1.14.0-5 - +
    +
      + +
    +
    • + +
  • +
    + ucf 3.0030 - +
    +
      + +
    +
    • + +
  • +
    + apr-util 1.5.4-1 - +
    +
      + +
    +
    • + +
  • +
    + gzip 1.6-4 - +
    +
      + +
    +
    • + +
  • +
    + mime-support 3.58 - +
    +
      + +
    +
    • + +
  • +
    + db5.3 5.3.28-9 - +
    +
      + +
    +
    • + +
  • +
    + e2fsprogs 1.42.12-1.1 - +
    +
      + +
    +
    • + +
  • +
    + tzdata 2015g-0+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + nspr 2:4.10.7-1+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + base-passwd 3.5.37 - +
    +
      + +
    +
    • + +
  • +
    + libffi 3.1-2 - +
    +
      + +
    +
    • + +
  • +
    + serf 1.3.8-1 - +
    +
      + +
    +
    • + +
  • +
    + libsepol 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + gnupg 1.4.18-7 - +
    +
      + +
    +
    • + +
  • +
    + netbase 5.3 - +
    +
      + +
    +
    • + +
  • +
    + make-dfsg 4.0-8.1 - +
    +
      + +
    +
    • + +
  • +
    + file 1:5.22+15-2 - +
    +
      + +
    +
    • + +
  • +
    + popt 1.16-10 - +
    +
      + +
    +
    • + +
  • +
    + libsemanage 2.3-1 - +
    +
      + +
    +
    • + +
  • +
    + lvm2 2.02.111-2.2 - +
    +
      + +
    +
    • + +
  • +
    + iproute2 3.16.0-2 - +
    +
      + +
    +
    • + +
  • +
    + binutils 2.25-5 - +
    +
      + +
    +
    • + +
  • +
    + subversion 1.8.10-6+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + adduser 3.113+nmu3 - +
    +
      + +
    +
    • + +
  • +
    + cloog 0.18.2-1 - +
    +
      + +
    +
    • + +
  • +
    + ustr 1.0.4-3 - +
    +
      + +
    +
    • + +
  • +
    + lsb 4.1+Debian13+nmu1 - +
    +
      + +
    +
    • + +
  • +
    + libgpg-error 1.17-3 - +
    +
      + +
    +
    • + +
  • +
    + sysvinit 2.88dsf-59 - +
    +
      + +
    +
    • + +
+
+
+ +
+

sha256:19e278f7ac0ae60be568b71fb5cbdbfd92b023604912ca1295a6337f1507ed9e

+
+
+
    + +
  • +
    + pcre3 2:8.35-3.3 - +
    +
      + +
    • + + CVE-2015-8380 +
      The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8390 +
      PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8395 +
      PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392.
      + Link +
      • + +
    • + + CVE-2015-8387 +
      PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-2328 +
      PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8384 +
      PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-8389 +
      PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8388 +
      PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8391 +
      The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8394 +
      PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8386 +
      PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8392 +
      PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-2327 +
      PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8385 +
      PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-3191 +
      The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
      + Link +
      • + +
    • + + CVE-2015-8383 +
      PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8381 +
      The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-1283 +
      The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2014-9769 +
      pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset.
      + Link +
      • + +
    • + + CVE-2015-8382 +
      The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.
      + Link +
      • + +
    • + + CVE-2015-8393 +
      pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
      + Link +
      • + +
    • + + CVE-2015-2326 +
      + Link +
      • + +
    • + + CVE-2015-3210 +
      + Link +
      • + +
    • + + CVE-2015-2325 +
      + Link +
      • + +
    • + + CVE-2015-5073 +
      + Link +
      • + +
    • + + CVE-2015-3217 +
      + Link +
      • + +
    +
    • + +
  • +
    + linux 3.16.7-ckt20-1+deb8u2 - +
    +
      + +
    • + + CVE-2013-7445 +
      The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.
      + Link +
      • + +
    • + + CVE-2016-0728 +
      The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
      + Link +
      • + +
    • + + CVE-2015-8785 +
      The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.
      + Link +
      • + +
    • + + CVE-2015-8767 +
      net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
      + Link +
      • + +
    • + + CVE-2015-7566 +
      The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.
      + Link +
      • + +
    • + + CVE-2013-4312 +
      The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.
      + Link +
      • + +
    • + + CVE-2016-0821 +
      The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.
      + Link +
      • + +
    • + + CVE-2016-0723 +
      Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call.
      + Link +
      • + +
    • + + CVE-2016-3136 +
      + Link +
      • + +
    • + + CVE-2014-9717 +
      + Link +
      • + +
    • + + CVE-2016-3140 +
      + Link +
      • + +
    • + + CVE-2016-3139 +
      + Link +
      • + +
    • + + CVE-2016-2184 +
      + Link +
      • + +
    • + + CVE-2016-3137 +
      + Link +
      • + +
    • + + CVE-2016-2185 +
      + Link +
      • + +
    • + + CVE-2016-3138 +
      + Link +
      • + +
    • + + CVE-2016-2186 +
      + Link +
      • + +
    • + + CVE-2015-8830 +
      + Link +
      • + +
    • + + CVE-2015-7885 +
      The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.
      + Link +
      • + +
    • + + CVE-2015-4003 +
      The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2008-4609 +
      The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
      + Link +
      • + +
    • + + CVE-2004-0230 +
      TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.
      + Link +
      • + +
    • + + CVE-2015-4002 +
      drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions.
      + Link +
      • + +
    • + + CVE-2005-3660 +
      Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference.
      + Link +
      • + +
    • + + CVE-2010-4563 +
      The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping.
      + Link +
      • + +
    • + + CVE-2007-3719 +
      The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
      + Link +
      • + +
    • + + CVE-2016-2053 +
      + Link +
      • + +
    • + + CVE-2011-4917 +
      + Link +
      • + +
    • + + CVE-2011-4915 +
      + Link +
      • + +
    • + + CVE-2012-4542 +
      block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes.
      + Link +
      • + +
    • + + CVE-2015-2877 +
      + Link +
      • + +
    • + + CVE-2015-4004 +
      The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2015-4001 +
      Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet.
      + Link +
      • + +
    • + + CVE-2016-2085 +
      + Link +
      • + +
    • + + CVE-2015-8812 +
      + Link +
      • + +
    • + + CVE-2016-2117 +
      + Link +
      • + +
    • + + CVE-2016-3157 +
      + Link +
      • + +
    • + + CVE-2016-2188 +
      + Link +
      • + +
    • + + CVE-2016-3156 +
      + Link +
      • + +
    • + + CVE-2016-3134 +
      + Link +
      • + +
    • + + CVE-2016-3689 +
      + Link +
      • + +
    • + + CVE-2016-2544 +
      + Link +
      • + +
    • + + CVE-2016-2069 +
      + Link +
      • + +
    • + + CVE-2016-2384 +
      + Link +
      • + +
    • + + CVE-2016-3951 +
      + Link +
      • + +
    • + + CVE-2016-2547 +
      + Link +
      • + +
    • + + CVE-2016-2853 +
      + Link +
      • + +
    • + + CVE-2016-2543 +
      + Link +
      • + +
    • + + CVE-2015-8816 +
      + Link +
      • + +
    • + + CVE-2016-2546 +
      + Link +
      • + +
    • + + CVE-2016-2548 +
      + Link +
      • + +
    • + + CVE-2016-2143 +
      + Link +
      • + +
    • + + CVE-2015-7515 +
      + Link +
      • + +
    • + + CVE-2016-3672 +
      + Link +
      • + +
    • + + CVE-2016-2545 +
      + Link +
      • + +
    • + + CVE-2016-2847 +
      + Link +
      • + +
    • + + CVE-2016-2854 +
      + Link +
      • + +
    • + + CVE-2016-2549 +
      + Link +
      • + +
    • + + CVE-2015-1350 +
      + Link +
      • + +
    • + + CVE-2015-8553 +
      + Link +
      • + +
    • + + CVE-2015-8839 +
      + Link +
      • + +
    • + + CVE-2016-2782 +
      + Link +
      • + +
    • + + CVE-2016-2550 +
      + Link +
      • + +
    +
    • + +
  • +
    + nss 2:3.17.2-1.1+deb8u2 - +
    +
      + +
    • + + CVE-2015-7181 +
      The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue.
      + Link +
      • + +
    • + + CVE-2015-7182 +
      Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.
      + Link +
      • + +
    • + + CVE-2016-1978 +
      Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.
      + Link +
      • + +
    • + + CVE-2015-4000 +
      The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
      + Link +
      • + +
    • + + CVE-2016-1938 +
      The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.
      + Link +
      • + +
    • + + CVE-2016-1950 +
      Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.
      + Link +
      • + +
    • + + CVE-2016-1979 +
      Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding.
      + Link +
      • + +
    • + + CVE-2015-7575 +
      Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.
      + Link +
      • + +
    +
    • + +
  • +
    + openssh 1:6.7p1-5 - +
    +
      + +
    • + + CVE-2015-5600 +
      The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.
      + Link +
      • + +
    • + + CVE-2015-5352 +
      The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.
      + Link +
      • + +
    • + + CVE-2016-3115 +
      Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
      + Link +
      • + +
    • + + CVE-2015-6564 +
      Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
      + Link +
      • + +
    • + + CVE-2016-0778 +
      The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
      + Link +
      • + +
    • + + CVE-2016-0777 +
      The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
      + Link +
      • + +
    • + + CVE-2015-6563 +
      The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
      + Link +
      • + +
    • + + CVE-2007-2243 +
      OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.
      + Link +
      • + +
    • + + CVE-2008-3234 +
      sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.
      + Link +
      • + +
    • + + CVE-2007-2768 +
      OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.
      + Link +
      • + +
    • + + CVE-2016-1908 +
      + Link +
      • + +
    • + + CVE-2015-8325 +
      + Link +
      • + +
    +
    • + +
  • +
    + openssl 1.0.1k-3+deb8u2 - +
    +
      + +
    • + + CVE-2016-2842 +
      The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.
      + Link +
      • + +
    • + + CVE-2016-0705 +
      Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
      + Link +
      • + +
    • + + CVE-2016-0799 +
      The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.
      + Link +
      • + +
    • + + CVE-2016-0798 +
      Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.
      + Link +
      • + +
    • + + CVE-2016-0797 +
      Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.
      + Link +
      • + +
    • + + CVE-2016-0702 +
      The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.
      + Link +
      • + +
    • + + CVE-2010-0928 +
      OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."
      + Link +
      • + +
    • + + CVE-2007-6755 +
      The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + glibc 2.19-18+deb8u1 - +
    +
      + +
    • + + CVE-2015-5277 +
      The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.
      + Link +
      • + +
    • + + CVE-2016-2856 +
      pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option.
      + Link +
      • + +
    • + + CVE-2014-8121 +
      DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.
      + Link +
      • + +
    • + + CVE-2015-7547 +
      Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
      + Link +
      • + +
    • + + CVE-2015-5180 +
      + Link +
      • + +
    • + + CVE-2013-2207 +
      pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
      + Link +
      • + +
    • + + CVE-2015-8777 +
      The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
      + Link +
      • + +
    • + + CVE-2010-4756 +
      The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
      + Link +
      • + +
    • + + CVE-2010-4052 +
      Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
      + Link +
      • + +
    • + + CVE-2010-4051 +
      The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
      + Link +
      • + +
    • + + CVE-2016-1234 +
      + Link +
      • + +
    • + + CVE-2015-8776 +
      + Link +
      • + +
    • + + CVE-2015-8778 +
      + Link +
      • + +
    • + + CVE-2014-9761 +
      + Link +
      • + +
    • + + CVE-2016-3075 +
      + Link +
      • + +
    • + + CVE-2015-8779 +
      + Link +
      • + +
    +
    • + +
  • +
    + krb5 1.12.1+dfsg-19+deb8u1 - +
    +
      + +
    • + + CVE-2015-8631 +
      Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.
      + Link +
      • + +
    • + + CVE-2015-2694 +
      The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.
      + Link +
      • + +
    • + + CVE-2015-8630 +
      The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.
      + Link +
      • + +
    • + + CVE-2016-3119 +
      The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
      + Link +
      • + +
    • + + CVE-2015-8629 +
      The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
      + Link +
      • + +
    • + + CVE-2004-0971 +
      The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
      + Link +
      • + +
    +
    • + +
  • +
    + nettle 2.7.1-5 - +
    +
      + +
    • + + CVE-2015-8803 +
      The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
      + Link +
      • + +
    • + + CVE-2015-8805 +
      The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.
      + Link +
      • + +
    • + + CVE-2015-8804 +
      x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + icu 52.1-8+deb8u3 - +
    +
      + +
    • + + CVE-2015-4844 +
      Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2016-0494 +
      Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2015-2632 +
      Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
      + Link +
      • + +
    +
    • + +
  • +
    + git 1:2.1.4-2.1+deb8u1 - +
    +
      + +
    • + + CVE-2016-2315 +
      revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
      + Link +
      • + +
    • + + CVE-2016-2324 +
      Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
      + Link +
      • + +
    +
    • + +
  • +
    + perl 5.20.2-3+deb8u1 - +
    +
      + +
    • + + CVE-2015-8607 +
      The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
      + Link +
      • + +
    • + + CVE-2011-4116 +
      + Link +
      • + +
    • + + CVE-2012-3878 +
      + Link +
      • + +
    • + + CVE-2016-2381 +
      Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
      + Link +
      • + +
    +
    • + +
  • +
    + gcc-4.9 4.9.2-10 - +
    +
      + +
    • + + CVE-2015-5276 +
      The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + gnutls28 3.3.8-6+deb8u3 - +
    +
      + +
    • + + CVE-2011-3389 +
      The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
      + Link +
      • + +
    +
    • + +
  • +
    + apt 1.0.9.8.1 - +
    +
      + +
    • + + CVE-2011-3374 +
      + Link +
      • + +
    • + + CVE-2012-3587 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack.
      + Link +
      • + +
    • + + CVE-2012-0954 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587.
      + Link +
      • + +
    +
    • + +
  • +
    + util-linux 2.25.2-6 - +
    +
      + +
    • + + CVE-2015-5224 +
      + Link +
      • + +
    • + + CVE-2016-2779 +
      + Link +
      • + +
    • + + CVE-2015-5218 +
      Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.
      + Link +
      • + +
    +
    • + +
  • +
    + pam 1.1.8-3.1 - +
    +
      + +
    • + + CVE-2015-3238 +
      The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
      + Link +
      • + +
    +
    • + +
  • +
    + libidn 1.29-1 - +
    +
      + +
    • + + CVE-2015-2059 +
      The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.
      + Link +
      • + +
    +
    • + +
  • +
    + curl 7.38.0-4+deb8u2 - +
    +
      + +
    • + + CVE-2016-0755 +
      The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
      + Link +
      • + +
    +
    • + +
  • +
    + shadow 1:4.2-3 - +
    +
      + +
    • + + CVE-2013-4235 +
      + Link +
      • + +
    • + + CVE-2007-5686 +
      initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.
      + Link +
      • + +
    +
    • + +
  • +
    + systemd 215-17+deb8u2 - +
    +
      + +
    • + + CVE-2013-4392 +
      systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.
      + Link +
      • + +
    • + + CVE-2015-8842 +
      + Link +
      • + +
    +
    • + +
  • +
    + rpm 4.11.3-1.1 - +
    +
      + +
    • + + CVE-2010-2199 +
      lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059.
      + Link +
      • + +
    • + + CVE-2010-2198 +
      lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creating a hard link to a vulnerable file that has (1) POSIX file capabilities or (2) SELinux context information, a related issue to CVE-2010-2059.
      + Link +
      • + +
    +
    • + +
  • +
    + wget 1.16-1 - +
    +
      + +
    • + + CVE-2006-6719 +
      The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.
      + Link +
      • + +
    +
    • + +
  • +
    + tar 1.27.1-2 - +
    +
      + +
    • + + CVE-2005-2541 +
      Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
      + Link +
      • + +
    +
    • + +
  • +
    + libbsd 0.7.0-2 - +
    +
      + +
    • + + CVE-2016-2090 +
      + Link +
      • + +
    +
    • + +
  • +
    + python2.7 2.7.9-2 - +
    +
      + +
    • + + CVE-2013-7040 +
      Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.
      + Link +
      • + +
    +
    • + +
  • +
    + audit 1:2.4-1 - +
    +
      + +
    • + + CVE-2015-5186 +
      + Link +
      • + +
    +
    • + +
  • +
    + python-defaults 2.7.9-1 - +
    +
      + +
    • + + CVE-2008-4108 +
      Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory.
      + Link +
      • + +
    +
    • + +
  • +
    + openldap 2.4.40+dfsg-1+deb8u1 - +
    +
      + +
    • + + CVE-2015-3276 +
      The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + expat 2.1.0-6+deb8u1 - +
    +
      + +
    • + + CVE-2013-0340 +
      expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + libcap2 1:2.24-8 - +
    +
      + +
    +
    • + +
  • +
    + binutils 2.25-5 - +
    +
      + +
    +
    • + +
  • +
    + elfutils 0.159-4.2 - +
    +
      + +
    +
    • + +
  • +
    + libgpg-error 1.17-3 - +
    +
      + +
    +
    • + +
  • +
    + init-system-helpers 1.22 - +
    +
      + +
    +
    • + +
  • +
    + make-dfsg 4.0-8.1 - +
    +
      + +
    +
    • + +
  • +
    + hostname 3.15 - +
    +
      + +
    +
    • + +
  • +
    + insserv 1.14.0-5 - +
    +
      + +
    +
    • + +
  • +
    + mawk 1.3.3-17 - +
    +
      + +
    +
    • + +
  • +
    + libpsl 0.5.1-1 - +
    +
      + +
    +
    • + +
  • +
    + apr 1.5.1-3 - +
    +
      + +
    +
    • + +
  • +
    + db5.3 5.3.28-9 - +
    +
      + +
    +
    • + +
  • +
    + sed 4.2.2-4 - +
    +
      + +
    +
    • + +
  • +
    + dash 0.5.7-4 - +
    +
      + +
    +
    • + +
  • +
    + startpar 0.59-3 - +
    +
      + +
    +
    • + +
  • +
    + zlib 1:1.2.8.dfsg-2 - +
    +
      + +
    +
    • + +
  • +
    + mercurial 3.1.2-2+deb8u1 - +
    +
      + +
    • + + CVE-2016-3068 +
      + Link +
      • + +
    • + + CVE-2016-3069 +
      + Link +
      • + +
    • + + CVE-2016-3630 +
      + Link +
      • + +
    +
    • + +
  • +
    + debianutils 4.4 - +
    +
      + +
    +
    • + +
  • +
    + cryptsetup 2:1.6.6-5 - +
    +
      + +
    +
    • + +
  • +
    + popt 1.16-10 - +
    +
      + +
    +
    • + +
  • +
    + base-passwd 3.5.37 - +
    +
      + +
    +
    • + +
  • +
    + liberror-perl 0.17-1.1 - +
    +
      + +
    +
    • + +
  • +
    + libffi 3.1-2 - +
    +
      + +
    +
    • + +
  • +
    + ncurses 5.9+20140913-1 - +
    +
      + +
    +
    • + +
  • +
    + p11-kit 0.20.7-1 - +
    +
      + +
    +
    • + +
  • +
    + libssh2 1.4.3-4.1 - +
    +
      + +
    • + + CVE-2016-0787 +
      + Link +
      • + +
    +
    • + +
  • +
    + mpclib3 1.0.2-1 - +
    +
      + +
    +
    • + +
  • +
    + acl 2.2.52-2 - +
    +
      + +
    +
    • + +
  • +
    + libgcrypt20 1.6.3-2 - +
    +
      + +
    • + + CVE-2015-7511 +
      + Link +
      • + +
    +
    • + +
  • +
    + ucf 3.0030 - +
    +
      + +
    +
    • + +
  • +
    + subversion 1.8.10-6+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + xz-utils 5.1.1alpha+20120614-2 - +
    +
      + +
    +
    • + +
  • +
    + ustr 1.0.4-3 - +
    +
      + +
    +
    • + +
  • +
    + gcc-defaults 1.136 - +
    +
      + +
    +
    • + +
  • +
    + lvm2 2.02.111-2.2 - +
    +
      + +
    +
    • + +
  • +
    + sqlite3 3.8.7.1-1+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + diffutils 1:3.3-1 - +
    +
      + +
    +
    • + +
  • +
    + debian-archive-keyring 2014.3 - +
    +
      + +
    +
    • + +
  • +
    + lua5.2 5.2.3-1.1 - +
    +
      + +
    +
    • + +
  • +
    + libselinux 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + libtasn1-6 4.2-3+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + liblocale-gettext-perl 1.05-8 - +
    +
      + +
    +
    • + +
  • +
    + apr-util 1.5.4-1 - +
    +
      + +
    +
    • + +
  • +
    + keyutils 1.5.9-5 - +
    +
      + +
    +
    • + +
  • +
    + sensible-utils 0.0.9 - +
    +
      + +
    +
    • + +
  • +
    + cdebconf 0.192 - +
    +
      + +
    +
    • + +
  • +
    + kmod 18-3 - +
    +
      + +
    +
    • + +
  • +
    + mpfr4 3.1.2-2 - +
    +
      + +
    +
    • + +
  • +
    + bash 4.3-11 - +
    +
      + +
    +
    • + +
  • +
    + cyrus-sasl2 2.1.26.dfsg1-13+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + debconf 1.5.56 - +
    +
      + +
    +
    • + +
  • +
    + e2fsprogs 1.42.12-1.1 - +
    +
      + +
    +
    • + +
  • +
    + readline6 6.3-8 - +
    +
      + +
    +
    • + +
  • +
    + libsepol 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + nspr 2:4.10.7-1+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + inetutils 2:1.9.2.39.3a460-3 - +
    +
      + +
    +
    • + +
  • +
    + bzip2 1.0.6-7 - +
    +
      + +
    +
    • + +
  • +
    + configobj 5.0.6-1 - +
    +
      + +
    +
    • + +
  • +
    + cloog 0.18.2-1 - +
    +
      + +
    +
    • + +
  • +
    + libusb 2:0.1.12-25 - +
    +
      + +
    +
    • + +
  • +
    + grep 2.20-4.1 - +
    +
      + +
    +
    • + +
  • +
    + dpkg 1.17.26 - +
    +
      + +
    +
    • + +
  • +
    + serf 1.3.8-1 - +
    +
      + +
    +
    • + +
  • +
    + libtext-wrapi18n-perl 0.06-7 - +
    +
      + +
    +
    • + +
  • +
    + findutils 4.4.2-9 - +
    +
      + +
    +
    • + +
  • +
    + sysvinit 2.88dsf-59 - +
    +
      + +
    +
    • + +
  • +
    + file 1:5.22+15-2 - +
    +
      + +
    +
    • + +
  • +
    + iproute2 3.16.0-2 - +
    +
      + +
    +
    • + +
  • +
    + tzdata 2015g-0+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + lsb 4.1+Debian13+nmu1 - +
    +
      + +
    +
    • + +
  • +
    + base-files 8+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + libtext-iconv-perl 1.7-5 - +
    +
      + +
    +
    • + +
  • +
    + six 1.8.0-1 - +
    +
      + +
    +
    • + +
  • +
    + netbase 5.3 - +
    +
      + +
    +
    • + +
  • +
    + rtmpdump 2.4+20150115.gita107cef-1 - +
    +
      + +
    +
    • + +
  • +
    + libtext-charwidth-perl 0.04-7 - +
    +
      + +
    +
    • + +
  • +
    + gnupg 1.4.18-7 - +
    +
      + +
    +
    • + +
  • +
    + attr 1:2.4.47-2 - +
    +
      + +
    +
    • + +
  • +
    + bzr 2.6.0+bzr6595-6 - +
    +
      + +
    +
    • + +
  • +
    + gzip 1.6-4 - +
    +
      + +
    +
    • + +
  • +
    + mime-support 3.58 - +
    +
      + +
    +
    • + +
  • +
    + gcc-4.8 4.8.4-1 - +
    +
      + +
    +
    • + +
  • +
    + coreutils 8.23-4 - +
    +
      + +
    • + + CVE-2016-2781 +
      + Link +
      • + +
    +
    • + +
  • +
    + libedit 3.1-20140620-2 - +
    +
      + +
    +
    • + +
  • +
    + isl 0.12.2-2 - +
    +
      + +
    +
    • + +
  • +
    + adduser 3.113+nmu3 - +
    +
      + +
    +
    • + +
  • +
    + gdbm 1.8.3-13.1 - +
    +
      + +
    +
    • + +
  • +
    + procps 2:3.3.9-9 - +
    +
      + +
    +
    • + +
  • +
    + gmp 2:6.0.0+dfsg-6 - +
    +
      + +
    +
    • + +
  • +
    + libsemanage 2.3-1 - +
    +
      + +
    +
    • + +
  • +
    + slang2 2.3.0-2 - +
    +
      + +
    +
    • + +
  • +
    + explorercanvas 0.r3-3 - +
    +
      + +
    +
    • + +
  • +
    + ca-certificates 20141019 - +
    +
      + +
    +
    • + +
+
+
+ +
+

sha256:941d6f30f213b003998e30d6eabb22903853cfdd8cfbcee01471be9d3007ea35

+
+
+
    + +
  • +
    + pcre3 2:8.35-3.3 - +
    +
      + +
    • + + CVE-2015-8380 +
      The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8390 +
      PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8395 +
      PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392.
      + Link +
      • + +
    • + + CVE-2015-8387 +
      PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-2328 +
      PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8384 +
      PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-8389 +
      PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8388 +
      PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8391 +
      The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8394 +
      PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8386 +
      PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8392 +
      PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-2327 +
      PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8385 +
      PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-3191 +
      The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
      + Link +
      • + +
    • + + CVE-2015-8383 +
      PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8381 +
      The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-1283 +
      The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2014-9769 +
      pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset.
      + Link +
      • + +
    • + + CVE-2015-8382 +
      The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.
      + Link +
      • + +
    • + + CVE-2015-8393 +
      pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
      + Link +
      • + +
    • + + CVE-2015-2326 +
      + Link +
      • + +
    • + + CVE-2015-3210 +
      + Link +
      • + +
    • + + CVE-2015-2325 +
      + Link +
      • + +
    • + + CVE-2015-5073 +
      + Link +
      • + +
    • + + CVE-2015-3217 +
      + Link +
      • + +
    +
    • + +
  • +
    + linux 3.16.7-ckt20-1+deb8u2 - +
    +
      + +
    • + + CVE-2013-7445 +
      The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.
      + Link +
      • + +
    • + + CVE-2016-0728 +
      The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
      + Link +
      • + +
    • + + CVE-2015-8785 +
      The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.
      + Link +
      • + +
    • + + CVE-2015-8767 +
      net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
      + Link +
      • + +
    • + + CVE-2015-7566 +
      The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.
      + Link +
      • + +
    • + + CVE-2013-4312 +
      The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.
      + Link +
      • + +
    • + + CVE-2016-0821 +
      The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.
      + Link +
      • + +
    • + + CVE-2016-0723 +
      Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call.
      + Link +
      • + +
    • + + CVE-2016-3136 +
      + Link +
      • + +
    • + + CVE-2014-9717 +
      + Link +
      • + +
    • + + CVE-2016-3140 +
      + Link +
      • + +
    • + + CVE-2016-3139 +
      + Link +
      • + +
    • + + CVE-2016-2184 +
      + Link +
      • + +
    • + + CVE-2016-3137 +
      + Link +
      • + +
    • + + CVE-2016-2185 +
      + Link +
      • + +
    • + + CVE-2016-3138 +
      + Link +
      • + +
    • + + CVE-2016-2186 +
      + Link +
      • + +
    • + + CVE-2015-8830 +
      + Link +
      • + +
    • + + CVE-2015-7885 +
      The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.
      + Link +
      • + +
    • + + CVE-2015-4003 +
      The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2008-4609 +
      The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
      + Link +
      • + +
    • + + CVE-2004-0230 +
      TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.
      + Link +
      • + +
    • + + CVE-2015-4002 +
      drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions.
      + Link +
      • + +
    • + + CVE-2005-3660 +
      Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference.
      + Link +
      • + +
    • + + CVE-2010-4563 +
      The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping.
      + Link +
      • + +
    • + + CVE-2007-3719 +
      The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
      + Link +
      • + +
    • + + CVE-2016-2053 +
      + Link +
      • + +
    • + + CVE-2011-4917 +
      + Link +
      • + +
    • + + CVE-2011-4915 +
      + Link +
      • + +
    • + + CVE-2012-4542 +
      block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes.
      + Link +
      • + +
    • + + CVE-2015-2877 +
      + Link +
      • + +
    • + + CVE-2015-4004 +
      The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2015-4001 +
      Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet.
      + Link +
      • + +
    • + + CVE-2016-2085 +
      + Link +
      • + +
    • + + CVE-2015-8812 +
      + Link +
      • + +
    • + + CVE-2016-2117 +
      + Link +
      • + +
    • + + CVE-2016-3157 +
      + Link +
      • + +
    • + + CVE-2016-2188 +
      + Link +
      • + +
    • + + CVE-2016-3156 +
      + Link +
      • + +
    • + + CVE-2016-3134 +
      + Link +
      • + +
    • + + CVE-2016-3689 +
      + Link +
      • + +
    • + + CVE-2016-2544 +
      + Link +
      • + +
    • + + CVE-2016-2069 +
      + Link +
      • + +
    • + + CVE-2016-2384 +
      + Link +
      • + +
    • + + CVE-2016-3951 +
      + Link +
      • + +
    • + + CVE-2016-2547 +
      + Link +
      • + +
    • + + CVE-2016-2853 +
      + Link +
      • + +
    • + + CVE-2016-2543 +
      + Link +
      • + +
    • + + CVE-2015-8816 +
      + Link +
      • + +
    • + + CVE-2016-2546 +
      + Link +
      • + +
    • + + CVE-2016-2548 +
      + Link +
      • + +
    • + + CVE-2016-2143 +
      + Link +
      • + +
    • + + CVE-2015-7515 +
      + Link +
      • + +
    • + + CVE-2016-3672 +
      + Link +
      • + +
    • + + CVE-2016-2545 +
      + Link +
      • + +
    • + + CVE-2016-2847 +
      + Link +
      • + +
    • + + CVE-2016-2854 +
      + Link +
      • + +
    • + + CVE-2016-2549 +
      + Link +
      • + +
    • + + CVE-2015-1350 +
      + Link +
      • + +
    • + + CVE-2015-8553 +
      + Link +
      • + +
    • + + CVE-2015-8839 +
      + Link +
      • + +
    • + + CVE-2016-2782 +
      + Link +
      • + +
    • + + CVE-2016-2550 +
      + Link +
      • + +
    +
    • + +
  • +
    + nss 2:3.17.2-1.1+deb8u2 - +
    +
      + +
    • + + CVE-2015-7181 +
      The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue.
      + Link +
      • + +
    • + + CVE-2015-7182 +
      Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.
      + Link +
      • + +
    • + + CVE-2016-1978 +
      Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.
      + Link +
      • + +
    • + + CVE-2015-4000 +
      The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
      + Link +
      • + +
    • + + CVE-2016-1938 +
      The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.
      + Link +
      • + +
    • + + CVE-2016-1950 +
      Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.
      + Link +
      • + +
    • + + CVE-2016-1979 +
      Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding.
      + Link +
      • + +
    • + + CVE-2015-7575 +
      Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.
      + Link +
      • + +
    +
    • + +
  • +
    + openssh 1:6.7p1-5 - +
    +
      + +
    • + + CVE-2015-5600 +
      The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.
      + Link +
      • + +
    • + + CVE-2015-5352 +
      The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.
      + Link +
      • + +
    • + + CVE-2016-3115 +
      Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
      + Link +
      • + +
    • + + CVE-2015-6564 +
      Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
      + Link +
      • + +
    • + + CVE-2016-0778 +
      The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
      + Link +
      • + +
    • + + CVE-2016-0777 +
      The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
      + Link +
      • + +
    • + + CVE-2015-6563 +
      The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
      + Link +
      • + +
    • + + CVE-2007-2243 +
      OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.
      + Link +
      • + +
    • + + CVE-2008-3234 +
      sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.
      + Link +
      • + +
    • + + CVE-2007-2768 +
      OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.
      + Link +
      • + +
    • + + CVE-2016-1908 +
      + Link +
      • + +
    • + + CVE-2015-8325 +
      + Link +
      • + +
    +
    • + +
  • +
    + glibc 2.19-18+deb8u1 - +
    +
      + +
    • + + CVE-2015-5277 +
      The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.
      + Link +
      • + +
    • + + CVE-2016-2856 +
      pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option.
      + Link +
      • + +
    • + + CVE-2014-8121 +
      DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.
      + Link +
      • + +
    • + + CVE-2015-7547 +
      Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
      + Link +
      • + +
    • + + CVE-2015-5180 +
      + Link +
      • + +
    • + + CVE-2013-2207 +
      pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
      + Link +
      • + +
    • + + CVE-2015-8777 +
      The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
      + Link +
      • + +
    • + + CVE-2010-4756 +
      The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
      + Link +
      • + +
    • + + CVE-2010-4052 +
      Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
      + Link +
      • + +
    • + + CVE-2010-4051 +
      The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
      + Link +
      • + +
    • + + CVE-2016-1234 +
      + Link +
      • + +
    • + + CVE-2015-8776 +
      + Link +
      • + +
    • + + CVE-2015-8778 +
      + Link +
      • + +
    • + + CVE-2014-9761 +
      + Link +
      • + +
    • + + CVE-2016-3075 +
      + Link +
      • + +
    • + + CVE-2015-8779 +
      + Link +
      • + +
    +
    • + +
  • +
    + openssl 1.0.1k-3+deb8u2 - +
    +
      + +
    • + + CVE-2016-2842 +
      The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.
      + Link +
      • + +
    • + + CVE-2016-0705 +
      Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
      + Link +
      • + +
    • + + CVE-2016-0799 +
      The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.
      + Link +
      • + +
    • + + CVE-2016-0798 +
      Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.
      + Link +
      • + +
    • + + CVE-2016-0797 +
      Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.
      + Link +
      • + +
    • + + CVE-2016-0702 +
      The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.
      + Link +
      • + +
    • + + CVE-2010-0928 +
      OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."
      + Link +
      • + +
    • + + CVE-2007-6755 +
      The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + krb5 1.12.1+dfsg-19+deb8u1 - +
    +
      + +
    • + + CVE-2015-8631 +
      Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.
      + Link +
      • + +
    • + + CVE-2015-2694 +
      The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.
      + Link +
      • + +
    • + + CVE-2015-8630 +
      The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.
      + Link +
      • + +
    • + + CVE-2016-3119 +
      The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
      + Link +
      • + +
    • + + CVE-2015-8629 +
      The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
      + Link +
      • + +
    • + + CVE-2004-0971 +
      The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
      + Link +
      • + +
    +
    • + +
  • +
    + nettle 2.7.1-5 - +
    +
      + +
    • + + CVE-2015-8803 +
      The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
      + Link +
      • + +
    • + + CVE-2015-8805 +
      The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.
      + Link +
      • + +
    • + + CVE-2015-8804 +
      x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + icu 52.1-8+deb8u3 - +
    +
      + +
    • + + CVE-2015-4844 +
      Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2016-0494 +
      Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2015-2632 +
      Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
      + Link +
      • + +
    +
    • + +
  • +
    + git 1:2.1.4-2.1+deb8u1 - +
    +
      + +
    • + + CVE-2016-2315 +
      revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
      + Link +
      • + +
    • + + CVE-2016-2324 +
      Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
      + Link +
      • + +
    +
    • + +
  • +
    + perl 5.20.2-3+deb8u1 - +
    +
      + +
    • + + CVE-2015-8607 +
      The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
      + Link +
      • + +
    • + + CVE-2011-4116 +
      + Link +
      • + +
    • + + CVE-2012-3878 +
      + Link +
      • + +
    • + + CVE-2016-2381 +
      Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
      + Link +
      • + +
    +
    • + +
  • +
    + gnutls28 3.3.8-6+deb8u3 - +
    +
      + +
    • + + CVE-2011-3389 +
      The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
      + Link +
      • + +
    +
    • + +
  • +
    + pam 1.1.8-3.1 - +
    +
      + +
    • + + CVE-2015-3238 +
      The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
      + Link +
      • + +
    +
    • + +
  • +
    + gcc-4.9 4.9.2-10 - +
    +
      + +
    • + + CVE-2015-5276 +
      The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + util-linux 2.25.2-6 - +
    +
      + +
    • + + CVE-2015-5224 +
      + Link +
      • + +
    • + + CVE-2016-2779 +
      + Link +
      • + +
    • + + CVE-2015-5218 +
      Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.
      + Link +
      • + +
    +
    • + +
  • +
    + apt 1.0.9.8.1 - +
    +
      + +
    • + + CVE-2011-3374 +
      + Link +
      • + +
    • + + CVE-2012-3587 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack.
      + Link +
      • + +
    • + + CVE-2012-0954 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587.
      + Link +
      • + +
    +
    • + +
  • +
    + libidn 1.29-1 - +
    +
      + +
    • + + CVE-2015-2059 +
      The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.
      + Link +
      • + +
    +
    • + +
  • +
    + curl 7.38.0-4+deb8u2 - +
    +
      + +
    • + + CVE-2016-0755 +
      The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
      + Link +
      • + +
    +
    • + +
  • +
    + shadow 1:4.2-3 - +
    +
      + +
    • + + CVE-2013-4235 +
      + Link +
      • + +
    • + + CVE-2007-5686 +
      initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.
      + Link +
      • + +
    +
    • + +
  • +
    + systemd 215-17+deb8u2 - +
    +
      + +
    • + + CVE-2013-4392 +
      systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.
      + Link +
      • + +
    • + + CVE-2015-8842 +
      + Link +
      • + +
    +
    • + +
  • +
    + rpm 4.11.3-1.1 - +
    +
      + +
    • + + CVE-2010-2199 +
      lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059.
      + Link +
      • + +
    • + + CVE-2010-2198 +
      lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creating a hard link to a vulnerable file that has (1) POSIX file capabilities or (2) SELinux context information, a related issue to CVE-2010-2059.
      + Link +
      • + +
    +
    • + +
  • +
    + libbsd 0.7.0-2 - +
    +
      + +
    • + + CVE-2016-2090 +
      + Link +
      • + +
    +
    • + +
  • +
    + audit 1:2.4-1 - +
    +
      + +
    • + + CVE-2015-5186 +
      + Link +
      • + +
    +
    • + +
  • +
    + expat 2.1.0-6+deb8u1 - +
    +
      + +
    • + + CVE-2013-0340 +
      expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + openldap 2.4.40+dfsg-1+deb8u1 - +
    +
      + +
    • + + CVE-2015-3276 +
      The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + python-defaults 2.7.9-1 - +
    +
      + +
    • + + CVE-2008-4108 +
      Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory.
      + Link +
      • + +
    +
    • + +
  • +
    + python2.7 2.7.9-2 - +
    +
      + +
    • + + CVE-2013-7040 +
      Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.
      + Link +
      • + +
    +
    • + +
  • +
    + wget 1.16-1 - +
    +
      + +
    • + + CVE-2006-6719 +
      The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.
      + Link +
      • + +
    +
    • + +
  • +
    + tar 1.27.1-2 - +
    +
      + +
    • + + CVE-2005-2541 +
      Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
      + Link +
      • + +
    +
    • + +
  • +
    + debconf 1.5.56 - +
    +
      + +
    +
    • + +
  • +
    + libselinux 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + lvm2 2.02.111-2.2 - +
    +
      + +
    +
    • + +
  • +
    + mpclib3 1.0.2-1 - +
    +
      + +
    +
    • + +
  • +
    + gnupg 1.4.18-7 - +
    +
      + +
    +
    • + +
  • +
    + db5.3 5.3.28-9 - +
    +
      + +
    +
    • + +
  • +
    + cdebconf 0.192 - +
    +
      + +
    +
    • + +
  • +
    + kmod 18-3 - +
    +
      + +
    +
    • + +
  • +
    + tzdata 2015g-0+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + cyrus-sasl2 2.1.26.dfsg1-13+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + mpfr4 3.1.2-2 - +
    +
      + +
    +
    • + +
  • +
    + ncurses 5.9+20140913-1 - +
    +
      + +
    +
    • + +
  • +
    + rtmpdump 2.4+20150115.gita107cef-1 - +
    +
      + +
    +
    • + +
  • +
    + configobj 5.0.6-1 - +
    +
      + +
    +
    • + +
  • +
    + startpar 0.59-3 - +
    +
      + +
    +
    • + +
  • +
    + explorercanvas 0.r3-3 - +
    +
      + +
    +
    • + +
  • +
    + mercurial 3.1.2-2+deb8u1 - +
    +
      + +
    • + + CVE-2016-3068 +
      + Link +
      • + +
    • + + CVE-2016-3069 +
      + Link +
      • + +
    • + + CVE-2016-3630 +
      + Link +
      • + +
    +
    • + +
  • +
    + ucf 3.0030 - +
    +
      + +
    +
    • + +
  • +
    + grep 2.20-4.1 - +
    +
      + +
    +
    • + +
  • +
    + sysvinit 2.88dsf-59 - +
    +
      + +
    +
    • + +
  • +
    + slang2 2.3.0-2 - +
    +
      + +
    +
    • + +
  • +
    + libusb 2:0.1.12-25 - +
    +
      + +
    +
    • + +
  • +
    + debian-archive-keyring 2014.3 - +
    +
      + +
    +
    • + +
  • +
    + lsb 4.1+Debian13+nmu1 - +
    +
      + +
    +
    • + +
  • +
    + ca-certificates 20141019 - +
    +
      + +
    +
    • + +
  • +
    + apr 1.5.1-3 - +
    +
      + +
    +
    • + +
  • +
    + libtext-charwidth-perl 0.04-7 - +
    +
      + +
    +
    • + +
  • +
    + gcc-defaults 1.136 - +
    +
      + +
    +
    • + +
  • +
    + libsepol 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + apr-util 1.5.4-1 - +
    +
      + +
    +
    • + +
  • +
    + base-passwd 3.5.37 - +
    +
      + +
    +
    • + +
  • +
    + mawk 1.3.3-17 - +
    +
      + +
    +
    • + +
  • +
    + findutils 4.4.2-9 - +
    +
      + +
    +
    • + +
  • +
    + liblocale-gettext-perl 1.05-8 - +
    +
      + +
    +
    • + +
  • +
    + serf 1.3.8-1 - +
    +
      + +
    +
    • + +
  • +
    + readline6 6.3-8 - +
    +
      + +
    +
    • + +
  • +
    + dash 0.5.7-4 - +
    +
      + +
    +
    • + +
  • +
    + sensible-utils 0.0.9 - +
    +
      + +
    +
    • + +
  • +
    + nspr 2:4.10.7-1+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + file 1:5.22+15-2 - +
    +
      + +
    +
    • + +
  • +
    + libgpg-error 1.17-3 - +
    +
      + +
    +
    • + +
  • +
    + adduser 3.113+nmu3 - +
    +
      + +
    +
    • + +
  • +
    + cryptsetup 2:1.6.6-5 - +
    +
      + +
    +
    • + +
  • +
    + hostname 3.15 - +
    +
      + +
    +
    • + +
  • +
    + bzip2 1.0.6-7 - +
    +
      + +
    +
    • + +
  • +
    + netbase 5.3 - +
    +
      + +
    +
    • + +
  • +
    + gmp 2:6.0.0+dfsg-6 - +
    +
      + +
    +
    • + +
  • +
    + libedit 3.1-20140620-2 - +
    +
      + +
    +
    • + +
  • +
    + libpsl 0.5.1-1 - +
    +
      + +
    +
    • + +
  • +
    + acl 2.2.52-2 - +
    +
      + +
    +
    • + +
  • +
    + isl 0.12.2-2 - +
    +
      + +
    +
    • + +
  • +
    + procps 2:3.3.9-9 - +
    +
      + +
    +
    • + +
  • +
    + libtext-wrapi18n-perl 0.06-7 - +
    +
      + +
    +
    • + +
  • +
    + mime-support 3.58 - +
    +
      + +
    +
    • + +
  • +
    + liberror-perl 0.17-1.1 - +
    +
      + +
    +
    • + +
  • +
    + sqlite3 3.8.7.1-1+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + popt 1.16-10 - +
    +
      + +
    +
    • + +
  • +
    + libgcrypt20 1.6.3-2 - +
    +
      + +
    • + + CVE-2015-7511 +
      + Link +
      • + +
    +
    • + +
  • +
    + debianutils 4.4 - +
    +
      + +
    +
    • + +
  • +
    + libcap2 1:2.24-8 - +
    +
      + +
    +
    • + +
  • +
    + binutils 2.25-5 - +
    +
      + +
    +
    • + +
  • +
    + elfutils 0.159-4.2 - +
    +
      + +
    +
    • + +
  • +
    + gzip 1.6-4 - +
    +
      + +
    +
    • + +
  • +
    + keyutils 1.5.9-5 - +
    +
      + +
    +
    • + +
  • +
    + zlib 1:1.2.8.dfsg-2 - +
    +
      + +
    +
    • + +
  • +
    + iproute2 3.16.0-2 - +
    +
      + +
    +
    • + +
  • +
    + libtext-iconv-perl 1.7-5 - +
    +
      + +
    +
    • + +
  • +
    + dpkg 1.17.26 - +
    +
      + +
    +
    • + +
  • +
    + libffi 3.1-2 - +
    +
      + +
    +
    • + +
  • +
    + coreutils 8.23-4 - +
    +
      + +
    • + + CVE-2016-2781 +
      + Link +
      • + +
    +
    • + +
  • +
    + libssh2 1.4.3-4.1 - +
    +
      + +
    • + + CVE-2016-0787 +
      + Link +
      • + +
    +
    • + +
  • +
    + ustr 1.0.4-3 - +
    +
      + +
    +
    • + +
  • +
    + lua5.2 5.2.3-1.1 - +
    +
      + +
    +
    • + +
  • +
    + e2fsprogs 1.42.12-1.1 - +
    +
      + +
    +
    • + +
  • +
    + libtasn1-6 4.2-3+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + make-dfsg 4.0-8.1 - +
    +
      + +
    +
    • + +
  • +
    + attr 1:2.4.47-2 - +
    +
      + +
    +
    • + +
  • +
    + bzr 2.6.0+bzr6595-6 - +
    +
      + +
    +
    • + +
  • +
    + gcc-4.8 4.8.4-1 - +
    +
      + +
    +
    • + +
  • +
    + diffutils 1:3.3-1 - +
    +
      + +
    +
    • + +
  • +
    + sed 4.2.2-4 - +
    +
      + +
    +
    • + +
  • +
    + subversion 1.8.10-6+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + libsemanage 2.3-1 - +
    +
      + +
    +
    • + +
  • +
    + base-files 8+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + cloog 0.18.2-1 - +
    +
      + +
    +
    • + +
  • +
    + bash 4.3-11 - +
    +
      + +
    +
    • + +
  • +
    + six 1.8.0-1 - +
    +
      + +
    +
    • + +
  • +
    + inetutils 2:1.9.2.39.3a460-3 - +
    +
      + +
    +
    • + +
  • +
    + init-system-helpers 1.22 - +
    +
      + +
    +
    • + +
  • +
    + xz-utils 5.1.1alpha+20120614-2 - +
    +
      + +
    +
    • + +
  • +
    + insserv 1.14.0-5 - +
    +
      + +
    +
    • + +
  • +
    + p11-kit 0.20.7-1 - +
    +
      + +
    +
    • + +
  • +
    + gdbm 1.8.3-13.1 - +
    +
      + +
    +
    • + +
+
+
+ +
+

sha256:0a01a60e642e26d1fd83e55df574747c15c7e1981bc640e66258a6c7a25b7015

+
+
+
    + +
  • +
    + pcre3 2:8.35-3.3 - +
    +
      + +
    • + + CVE-2015-8380 +
      The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8390 +
      PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8395 +
      PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392.
      + Link +
      • + +
    • + + CVE-2015-8387 +
      PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-2328 +
      PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8384 +
      PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-8389 +
      PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8388 +
      PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8391 +
      The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8394 +
      PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8386 +
      PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8392 +
      PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-2327 +
      PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8385 +
      PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-3191 +
      The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
      + Link +
      • + +
    • + + CVE-2015-8383 +
      PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8381 +
      The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-1283 +
      The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2014-9769 +
      pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset.
      + Link +
      • + +
    • + + CVE-2015-8382 +
      The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.
      + Link +
      • + +
    • + + CVE-2015-8393 +
      pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
      + Link +
      • + +
    • + + CVE-2015-2326 +
      + Link +
      • + +
    • + + CVE-2015-3210 +
      + Link +
      • + +
    • + + CVE-2015-2325 +
      + Link +
      • + +
    • + + CVE-2015-5073 +
      + Link +
      • + +
    • + + CVE-2015-3217 +
      + Link +
      • + +
    +
    • + +
  • +
    + linux 3.16.7-ckt20-1+deb8u2 - +
    +
      + +
    • + + CVE-2013-7445 +
      The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.
      + Link +
      • + +
    • + + CVE-2016-0728 +
      The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
      + Link +
      • + +
    • + + CVE-2015-8785 +
      The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.
      + Link +
      • + +
    • + + CVE-2015-8767 +
      net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
      + Link +
      • + +
    • + + CVE-2015-7566 +
      The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.
      + Link +
      • + +
    • + + CVE-2013-4312 +
      The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.
      + Link +
      • + +
    • + + CVE-2016-0821 +
      The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.
      + Link +
      • + +
    • + + CVE-2016-0723 +
      Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call.
      + Link +
      • + +
    • + + CVE-2016-3136 +
      + Link +
      • + +
    • + + CVE-2014-9717 +
      + Link +
      • + +
    • + + CVE-2016-3140 +
      + Link +
      • + +
    • + + CVE-2016-3139 +
      + Link +
      • + +
    • + + CVE-2016-2184 +
      + Link +
      • + +
    • + + CVE-2016-3137 +
      + Link +
      • + +
    • + + CVE-2016-2185 +
      + Link +
      • + +
    • + + CVE-2016-3138 +
      + Link +
      • + +
    • + + CVE-2016-2186 +
      + Link +
      • + +
    • + + CVE-2015-8830 +
      + Link +
      • + +
    • + + CVE-2015-7885 +
      The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.
      + Link +
      • + +
    • + + CVE-2015-4003 +
      The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2008-4609 +
      The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
      + Link +
      • + +
    • + + CVE-2004-0230 +
      TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.
      + Link +
      • + +
    • + + CVE-2015-4002 +
      drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions.
      + Link +
      • + +
    • + + CVE-2005-3660 +
      Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference.
      + Link +
      • + +
    • + + CVE-2010-4563 +
      The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping.
      + Link +
      • + +
    • + + CVE-2007-3719 +
      The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
      + Link +
      • + +
    • + + CVE-2016-2053 +
      + Link +
      • + +
    • + + CVE-2011-4917 +
      + Link +
      • + +
    • + + CVE-2011-4915 +
      + Link +
      • + +
    • + + CVE-2012-4542 +
      block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes.
      + Link +
      • + +
    • + + CVE-2015-2877 +
      + Link +
      • + +
    • + + CVE-2015-4004 +
      The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2015-4001 +
      Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet.
      + Link +
      • + +
    • + + CVE-2016-2085 +
      + Link +
      • + +
    • + + CVE-2015-8812 +
      + Link +
      • + +
    • + + CVE-2016-2117 +
      + Link +
      • + +
    • + + CVE-2016-3157 +
      + Link +
      • + +
    • + + CVE-2016-2188 +
      + Link +
      • + +
    • + + CVE-2016-3156 +
      + Link +
      • + +
    • + + CVE-2016-3134 +
      + Link +
      • + +
    • + + CVE-2016-3689 +
      + Link +
      • + +
    • + + CVE-2016-2544 +
      + Link +
      • + +
    • + + CVE-2016-2069 +
      + Link +
      • + +
    • + + CVE-2016-2384 +
      + Link +
      • + +
    • + + CVE-2016-3951 +
      + Link +
      • + +
    • + + CVE-2016-2547 +
      + Link +
      • + +
    • + + CVE-2016-2853 +
      + Link +
      • + +
    • + + CVE-2016-2543 +
      + Link +
      • + +
    • + + CVE-2015-8816 +
      + Link +
      • + +
    • + + CVE-2016-2546 +
      + Link +
      • + +
    • + + CVE-2016-2548 +
      + Link +
      • + +
    • + + CVE-2016-2143 +
      + Link +
      • + +
    • + + CVE-2015-7515 +
      + Link +
      • + +
    • + + CVE-2016-3672 +
      + Link +
      • + +
    • + + CVE-2016-2545 +
      + Link +
      • + +
    • + + CVE-2016-2847 +
      + Link +
      • + +
    • + + CVE-2016-2854 +
      + Link +
      • + +
    • + + CVE-2016-2549 +
      + Link +
      • + +
    • + + CVE-2015-1350 +
      + Link +
      • + +
    • + + CVE-2015-8553 +
      + Link +
      • + +
    • + + CVE-2015-8839 +
      + Link +
      • + +
    • + + CVE-2016-2782 +
      + Link +
      • + +
    • + + CVE-2016-2550 +
      + Link +
      • + +
    +
    • + +
  • +
    + openssh 1:6.7p1-5 - +
    +
      + +
    • + + CVE-2015-5600 +
      The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.
      + Link +
      • + +
    • + + CVE-2015-5352 +
      The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.
      + Link +
      • + +
    • + + CVE-2016-3115 +
      Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
      + Link +
      • + +
    • + + CVE-2015-6564 +
      Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
      + Link +
      • + +
    • + + CVE-2016-0778 +
      The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
      + Link +
      • + +
    • + + CVE-2016-0777 +
      The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
      + Link +
      • + +
    • + + CVE-2015-6563 +
      The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
      + Link +
      • + +
    • + + CVE-2007-2243 +
      OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.
      + Link +
      • + +
    • + + CVE-2008-3234 +
      sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.
      + Link +
      • + +
    • + + CVE-2007-2768 +
      OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.
      + Link +
      • + +
    • + + CVE-2016-1908 +
      + Link +
      • + +
    • + + CVE-2015-8325 +
      + Link +
      • + +
    +
    • + +
  • +
    + openssl 1.0.1k-3+deb8u2 - +
    +
      + +
    • + + CVE-2016-2842 +
      The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.
      + Link +
      • + +
    • + + CVE-2016-0705 +
      Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
      + Link +
      • + +
    • + + CVE-2016-0799 +
      The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.
      + Link +
      • + +
    • + + CVE-2016-0798 +
      Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.
      + Link +
      • + +
    • + + CVE-2016-0797 +
      Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.
      + Link +
      • + +
    • + + CVE-2016-0702 +
      The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.
      + Link +
      • + +
    • + + CVE-2010-0928 +
      OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."
      + Link +
      • + +
    • + + CVE-2007-6755 +
      The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + glibc 2.19-18+deb8u1 - +
    +
      + +
    • + + CVE-2015-5277 +
      The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.
      + Link +
      • + +
    • + + CVE-2016-2856 +
      pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option.
      + Link +
      • + +
    • + + CVE-2014-8121 +
      DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.
      + Link +
      • + +
    • + + CVE-2015-7547 +
      Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
      + Link +
      • + +
    • + + CVE-2015-5180 +
      + Link +
      • + +
    • + + CVE-2013-2207 +
      pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
      + Link +
      • + +
    • + + CVE-2015-8777 +
      The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
      + Link +
      • + +
    • + + CVE-2010-4756 +
      The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
      + Link +
      • + +
    • + + CVE-2010-4052 +
      Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
      + Link +
      • + +
    • + + CVE-2010-4051 +
      The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
      + Link +
      • + +
    • + + CVE-2016-1234 +
      + Link +
      • + +
    • + + CVE-2015-8776 +
      + Link +
      • + +
    • + + CVE-2015-8778 +
      + Link +
      • + +
    • + + CVE-2014-9761 +
      + Link +
      • + +
    • + + CVE-2016-3075 +
      + Link +
      • + +
    • + + CVE-2015-8779 +
      + Link +
      • + +
    +
    • + +
  • +
    + krb5 1.12.1+dfsg-19+deb8u1 - +
    +
      + +
    • + + CVE-2015-8631 +
      Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.
      + Link +
      • + +
    • + + CVE-2015-2694 +
      The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.
      + Link +
      • + +
    • + + CVE-2015-8630 +
      The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.
      + Link +
      • + +
    • + + CVE-2016-3119 +
      The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
      + Link +
      • + +
    • + + CVE-2015-8629 +
      The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
      + Link +
      • + +
    • + + CVE-2004-0971 +
      The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
      + Link +
      • + +
    +
    • + +
  • +
    + nettle 2.7.1-5 - +
    +
      + +
    • + + CVE-2015-8803 +
      The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
      + Link +
      • + +
    • + + CVE-2015-8805 +
      The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.
      + Link +
      • + +
    • + + CVE-2015-8804 +
      x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + icu 52.1-8+deb8u3 - +
    +
      + +
    • + + CVE-2015-4844 +
      Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2016-0494 +
      Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2015-2632 +
      Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
      + Link +
      • + +
    +
    • + +
  • +
    + git 1:2.1.4-2.1+deb8u1 - +
    +
      + +
    • + + CVE-2016-2315 +
      revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
      + Link +
      • + +
    • + + CVE-2016-2324 +
      Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
      + Link +
      • + +
    +
    • + +
  • +
    + perl 5.20.2-3+deb8u1 - +
    +
      + +
    • + + CVE-2015-8607 +
      The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
      + Link +
      • + +
    • + + CVE-2011-4116 +
      + Link +
      • + +
    • + + CVE-2012-3878 +
      + Link +
      • + +
    • + + CVE-2016-2381 +
      Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
      + Link +
      • + +
    +
    • + +
  • +
    + gnutls28 3.3.8-6+deb8u3 - +
    +
      + +
    • + + CVE-2011-3389 +
      The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
      + Link +
      • + +
    +
    • + +
  • +
    + libidn 1.29-1 - +
    +
      + +
    • + + CVE-2015-2059 +
      The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.
      + Link +
      • + +
    +
    • + +
  • +
    + pam 1.1.8-3.1 - +
    +
      + +
    • + + CVE-2015-3238 +
      The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
      + Link +
      • + +
    +
    • + +
  • +
    + curl 7.38.0-4+deb8u2 - +
    +
      + +
    • + + CVE-2016-0755 +
      The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
      + Link +
      • + +
    +
    • + +
  • +
    + gcc-4.9 4.9.2-10 - +
    +
      + +
    • + + CVE-2015-5276 +
      The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + util-linux 2.25.2-6 - +
    +
      + +
    • + + CVE-2015-5224 +
      + Link +
      • + +
    • + + CVE-2016-2779 +
      + Link +
      • + +
    • + + CVE-2015-5218 +
      Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.
      + Link +
      • + +
    +
    • + +
  • +
    + apt 1.0.9.8.1 - +
    +
      + +
    • + + CVE-2011-3374 +
      + Link +
      • + +
    • + + CVE-2012-3587 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack.
      + Link +
      • + +
    • + + CVE-2012-0954 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587.
      + Link +
      • + +
    +
    • + +
  • +
    + shadow 1:4.2-3 - +
    +
      + +
    • + + CVE-2013-4235 +
      + Link +
      • + +
    • + + CVE-2007-5686 +
      initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.
      + Link +
      • + +
    +
    • + +
  • +
    + systemd 215-17+deb8u2 - +
    +
      + +
    • + + CVE-2013-4392 +
      systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.
      + Link +
      • + +
    • + + CVE-2015-8842 +
      + Link +
      • + +
    +
    • + +
  • +
    + tar 1.27.1-2 - +
    +
      + +
    • + + CVE-2005-2541 +
      Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
      + Link +
      • + +
    +
    • + +
  • +
    + openldap 2.4.40+dfsg-1+deb8u1 - +
    +
      + +
    • + + CVE-2015-3276 +
      The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + python-defaults 2.7.9-1 - +
    +
      + +
    • + + CVE-2008-4108 +
      Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory.
      + Link +
      • + +
    +
    • + +
  • +
    + audit 1:2.4-1 - +
    +
      + +
    • + + CVE-2015-5186 +
      + Link +
      • + +
    +
    • + +
  • +
    + expat 2.1.0-6+deb8u1 - +
    +
      + +
    • + + CVE-2013-0340 +
      expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + libbsd 0.7.0-2 - +
    +
      + +
    • + + CVE-2016-2090 +
      + Link +
      • + +
    +
    • + +
  • +
    + python2.7 2.7.9-2 - +
    +
      + +
    • + + CVE-2013-7040 +
      Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.
      + Link +
      • + +
    +
    • + +
  • +
    + wget 1.16-1 - +
    +
      + +
    • + + CVE-2006-6719 +
      The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.
      + Link +
      • + +
    +
    • + +
  • +
    + libtext-wrapi18n-perl 0.06-7 - +
    +
      + +
    +
    • + +
  • +
    + attr 1:2.4.47-2 - +
    +
      + +
    +
    • + +
  • +
    + mpclib3 1.0.2-1 - +
    +
      + +
    +
    • + +
  • +
    + inetutils 2:1.9.2.39.3a460-3 - +
    +
      + +
    +
    • + +
  • +
    + adduser 3.113+nmu3 - +
    +
      + +
    +
    • + +
  • +
    + dash 0.5.7-4 - +
    +
      + +
    +
    • + +
  • +
    + coreutils 8.23-4 - +
    +
      + +
    • + + CVE-2016-2781 +
      + Link +
      • + +
    +
    • + +
  • +
    + procps 2:3.3.9-9 - +
    +
      + +
    +
    • + +
  • +
    + libselinux 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + libpsl 0.5.1-1 - +
    +
      + +
    +
    • + +
  • +
    + cyrus-sasl2 2.1.26.dfsg1-13+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + tzdata 2015g-0+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + gdbm 1.8.3-13.1 - +
    +
      + +
    +
    • + +
  • +
    + ustr 1.0.4-3 - +
    +
      + +
    +
    • + +
  • +
    + libgpg-error 1.17-3 - +
    +
      + +
    +
    • + +
  • +
    + zlib 1:1.2.8.dfsg-2 - +
    +
      + +
    +
    • + +
  • +
    + libsepol 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + libtasn1-6 4.2-3+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + mpfr4 3.1.2-2 - +
    +
      + +
    +
    • + +
  • +
    + slang2 2.3.0-2 - +
    +
      + +
    +
    • + +
  • +
    + apr 1.5.1-3 - +
    +
      + +
    +
    • + +
  • +
    + bzr 2.6.0+bzr6595-6 - +
    +
      + +
    +
    • + +
  • +
    + debian-archive-keyring 2014.3 - +
    +
      + +
    +
    • + +
  • +
    + configobj 5.0.6-1 - +
    +
      + +
    +
    • + +
  • +
    + libusb 2:0.1.12-25 - +
    +
      + +
    +
    • + +
  • +
    + isl 0.12.2-2 - +
    +
      + +
    +
    • + +
  • +
    + liblocale-gettext-perl 1.05-8 - +
    +
      + +
    +
    • + +
  • +
    + gcc-4.8 4.8.4-1 - +
    +
      + +
    +
    • + +
  • +
    + liberror-perl 0.17-1.1 - +
    +
      + +
    +
    • + +
  • +
    + grep 2.20-4.1 - +
    +
      + +
    +
    • + +
  • +
    + lvm2 2.02.111-2.2 - +
    +
      + +
    +
    • + +
  • +
    + cryptsetup 2:1.6.6-5 - +
    +
      + +
    +
    • + +
  • +
    + mercurial 3.1.2-2+deb8u1 - +
    +
      + +
    • + + CVE-2016-3068 +
      + Link +
      • + +
    • + + CVE-2016-3069 +
      + Link +
      • + +
    • + + CVE-2016-3630 +
      + Link +
      • + +
    +
    • + +
  • +
    + subversion 1.8.10-6+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + libffi 3.1-2 - +
    +
      + +
    +
    • + +
  • +
    + cloog 0.18.2-1 - +
    +
      + +
    +
    • + +
  • +
    + findutils 4.4.2-9 - +
    +
      + +
    +
    • + +
  • +
    + gnupg 1.4.18-7 - +
    +
      + +
    +
    • + +
  • +
    + gmp 2:6.0.0+dfsg-6 - +
    +
      + +
    +
    • + +
  • +
    + libssh2 1.4.3-4.1 - +
    +
      + +
    • + + CVE-2016-0787 +
      + Link +
      • + +
    +
    • + +
  • +
    + rtmpdump 2.4+20150115.gita107cef-1 - +
    +
      + +
    +
    • + +
  • +
    + init-system-helpers 1.22 - +
    +
      + +
    +
    • + +
  • +
    + startpar 0.59-3 - +
    +
      + +
    +
    • + +
  • +
    + debconf 1.5.56 - +
    +
      + +
    +
    • + +
  • +
    + libsemanage 2.3-1 - +
    +
      + +
    +
    • + +
  • +
    + mawk 1.3.3-17 - +
    +
      + +
    +
    • + +
  • +
    + readline6 6.3-8 - +
    +
      + +
    +
    • + +
  • +
    + sqlite3 3.8.7.1-1+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + apr-util 1.5.4-1 - +
    +
      + +
    +
    • + +
  • +
    + sed 4.2.2-4 - +
    +
      + +
    +
    • + +
  • +
    + gcc-defaults 1.136 - +
    +
      + +
    +
    • + +
  • +
    + libgcrypt20 1.6.3-2 - +
    +
      + +
    • + + CVE-2015-7511 +
      + Link +
      • + +
    +
    • + +
  • +
    + hostname 3.15 - +
    +
      + +
    +
    • + +
  • +
    + diffutils 1:3.3-1 - +
    +
      + +
    +
    • + +
  • +
    + six 1.8.0-1 - +
    +
      + +
    +
    • + +
  • +
    + cdebconf 0.192 - +
    +
      + +
    +
    • + +
  • +
    + gzip 1.6-4 - +
    +
      + +
    +
    • + +
  • +
    + lsb 4.1+Debian13+nmu1 - +
    +
      + +
    +
    • + +
  • +
    + libedit 3.1-20140620-2 - +
    +
      + +
    +
    • + +
  • +
    + kmod 18-3 - +
    +
      + +
    +
    • + +
  • +
    + dpkg 1.17.26 - +
    +
      + +
    +
    • + +
  • +
    + binutils 2.25-5 - +
    +
      + +
    +
    • + +
  • +
    + ncurses 5.9+20140913-1 - +
    +
      + +
    +
    • + +
  • +
    + base-files 8+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + keyutils 1.5.9-5 - +
    +
      + +
    +
    • + +
  • +
    + libtext-charwidth-perl 0.04-7 - +
    +
      + +
    +
    • + +
  • +
    + xz-utils 5.1.1alpha+20120614-2 - +
    +
      + +
    +
    • + +
  • +
    + insserv 1.14.0-5 - +
    +
      + +
    +
    • + +
  • +
    + base-passwd 3.5.37 - +
    +
      + +
    +
    • + +
  • +
    + db5.3 5.3.28-9 - +
    +
      + +
    +
    • + +
  • +
    + sysvinit 2.88dsf-59 - +
    +
      + +
    +
    • + +
  • +
    + bzip2 1.0.6-7 - +
    +
      + +
    +
    • + +
  • +
    + ca-certificates 20141019 - +
    +
      + +
    +
    • + +
  • +
    + make-dfsg 4.0-8.1 - +
    +
      + +
    +
    • + +
  • +
    + debianutils 4.4 - +
    +
      + +
    +
    • + +
  • +
    + e2fsprogs 1.42.12-1.1 - +
    +
      + +
    +
    • + +
  • +
    + netbase 5.3 - +
    +
      + +
    +
    • + +
  • +
    + sensible-utils 0.0.9 - +
    +
      + +
    +
    • + +
  • +
    + ucf 3.0030 - +
    +
      + +
    +
    • + +
  • +
    + libtext-iconv-perl 1.7-5 - +
    +
      + +
    +
    • + +
  • +
    + bash 4.3-11 - +
    +
      + +
    +
    • + +
  • +
    + iproute2 3.16.0-2 - +
    +
      + +
    +
    • + +
  • +
    + p11-kit 0.20.7-1 - +
    +
      + +
    +
    • + +
  • +
    + mime-support 3.58 - +
    +
      + +
    +
    • + +
  • +
    + serf 1.3.8-1 - +
    +
      + +
    +
    • + +
  • +
    + acl 2.2.52-2 - +
    +
      + +
    +
    • + +
  • +
    + explorercanvas 0.r3-3 - +
    +
      + +
    +
    • + +
  • +
    + libcap2 1:2.24-8 - +
    +
      + +
    +
    • + +
+
+
+ +
+

sha256:7f7f57d387eecde53e2b1cc178afcaf7538a37e79c41c7ebe22589b6c9a32565

+
+
+
    + +
  • +
    + pcre3 2:8.35-3.3 - +
    +
      + +
    • + + CVE-2015-8380 +
      The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8390 +
      PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8395 +
      PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392.
      + Link +
      • + +
    • + + CVE-2015-8387 +
      PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-2328 +
      PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8384 +
      PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-8389 +
      PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8388 +
      PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8391 +
      The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8394 +
      PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8386 +
      PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8392 +
      PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-2327 +
      PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8385 +
      PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-3191 +
      The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
      + Link +
      • + +
    • + + CVE-2015-8383 +
      PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8381 +
      The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-1283 +
      The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2014-9769 +
      pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset.
      + Link +
      • + +
    • + + CVE-2015-8382 +
      The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.
      + Link +
      • + +
    • + + CVE-2015-8393 +
      pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
      + Link +
      • + +
    • + + CVE-2015-2326 +
      + Link +
      • + +
    • + + CVE-2015-3210 +
      + Link +
      • + +
    • + + CVE-2015-2325 +
      + Link +
      • + +
    • + + CVE-2015-5073 +
      + Link +
      • + +
    • + + CVE-2015-3217 +
      + Link +
      • + +
    +
    • + +
  • +
    + linux 3.16.7-ckt20-1+deb8u2 - +
    +
      + +
    • + + CVE-2013-7445 +
      The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.
      + Link +
      • + +
    • + + CVE-2016-0728 +
      The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
      + Link +
      • + +
    • + + CVE-2015-8785 +
      The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.
      + Link +
      • + +
    • + + CVE-2015-8767 +
      net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
      + Link +
      • + +
    • + + CVE-2015-7566 +
      The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.
      + Link +
      • + +
    • + + CVE-2013-4312 +
      The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.
      + Link +
      • + +
    • + + CVE-2016-0821 +
      The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.
      + Link +
      • + +
    • + + CVE-2016-0723 +
      Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call.
      + Link +
      • + +
    • + + CVE-2016-3136 +
      + Link +
      • + +
    • + + CVE-2014-9717 +
      + Link +
      • + +
    • + + CVE-2016-3140 +
      + Link +
      • + +
    • + + CVE-2016-3139 +
      + Link +
      • + +
    • + + CVE-2016-2184 +
      + Link +
      • + +
    • + + CVE-2016-3137 +
      + Link +
      • + +
    • + + CVE-2016-2185 +
      + Link +
      • + +
    • + + CVE-2016-3138 +
      + Link +
      • + +
    • + + CVE-2016-2186 +
      + Link +
      • + +
    • + + CVE-2015-8830 +
      + Link +
      • + +
    • + + CVE-2015-7885 +
      The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.
      + Link +
      • + +
    • + + CVE-2015-4003 +
      The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2008-4609 +
      The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
      + Link +
      • + +
    • + + CVE-2004-0230 +
      TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.
      + Link +
      • + +
    • + + CVE-2015-4002 +
      drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions.
      + Link +
      • + +
    • + + CVE-2005-3660 +
      Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference.
      + Link +
      • + +
    • + + CVE-2010-4563 +
      The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping.
      + Link +
      • + +
    • + + CVE-2007-3719 +
      The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
      + Link +
      • + +
    • + + CVE-2016-2053 +
      + Link +
      • + +
    • + + CVE-2011-4917 +
      + Link +
      • + +
    • + + CVE-2011-4915 +
      + Link +
      • + +
    • + + CVE-2012-4542 +
      block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes.
      + Link +
      • + +
    • + + CVE-2015-2877 +
      + Link +
      • + +
    • + + CVE-2015-4004 +
      The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2015-4001 +
      Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet.
      + Link +
      • + +
    • + + CVE-2016-2085 +
      + Link +
      • + +
    • + + CVE-2015-8812 +
      + Link +
      • + +
    • + + CVE-2016-2117 +
      + Link +
      • + +
    • + + CVE-2016-3157 +
      + Link +
      • + +
    • + + CVE-2016-2188 +
      + Link +
      • + +
    • + + CVE-2016-3156 +
      + Link +
      • + +
    • + + CVE-2016-3134 +
      + Link +
      • + +
    • + + CVE-2016-3689 +
      + Link +
      • + +
    • + + CVE-2016-2544 +
      + Link +
      • + +
    • + + CVE-2016-2069 +
      + Link +
      • + +
    • + + CVE-2016-2384 +
      + Link +
      • + +
    • + + CVE-2016-3951 +
      + Link +
      • + +
    • + + CVE-2016-2547 +
      + Link +
      • + +
    • + + CVE-2016-2853 +
      + Link +
      • + +
    • + + CVE-2016-2543 +
      + Link +
      • + +
    • + + CVE-2015-8816 +
      + Link +
      • + +
    • + + CVE-2016-2546 +
      + Link +
      • + +
    • + + CVE-2016-2548 +
      + Link +
      • + +
    • + + CVE-2016-2143 +
      + Link +
      • + +
    • + + CVE-2015-7515 +
      + Link +
      • + +
    • + + CVE-2016-3672 +
      + Link +
      • + +
    • + + CVE-2016-2545 +
      + Link +
      • + +
    • + + CVE-2016-2847 +
      + Link +
      • + +
    • + + CVE-2016-2854 +
      + Link +
      • + +
    • + + CVE-2016-2549 +
      + Link +
      • + +
    • + + CVE-2015-1350 +
      + Link +
      • + +
    • + + CVE-2015-8553 +
      + Link +
      • + +
    • + + CVE-2015-8839 +
      + Link +
      • + +
    • + + CVE-2016-2782 +
      + Link +
      • + +
    • + + CVE-2016-2550 +
      + Link +
      • + +
    +
    • + +
  • +
    + openssh 1:6.7p1-5 - +
    +
      + +
    • + + CVE-2015-5600 +
      The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.
      + Link +
      • + +
    • + + CVE-2015-5352 +
      The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.
      + Link +
      • + +
    • + + CVE-2016-3115 +
      Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
      + Link +
      • + +
    • + + CVE-2015-6564 +
      Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
      + Link +
      • + +
    • + + CVE-2016-0778 +
      The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
      + Link +
      • + +
    • + + CVE-2016-0777 +
      The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
      + Link +
      • + +
    • + + CVE-2015-6563 +
      The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
      + Link +
      • + +
    • + + CVE-2007-2243 +
      OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.
      + Link +
      • + +
    • + + CVE-2008-3234 +
      sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.
      + Link +
      • + +
    • + + CVE-2007-2768 +
      OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.
      + Link +
      • + +
    • + + CVE-2016-1908 +
      + Link +
      • + +
    • + + CVE-2015-8325 +
      + Link +
      • + +
    +
    • + +
  • +
    + openssl 1.0.1k-3+deb8u2 - +
    +
      + +
    • + + CVE-2016-2842 +
      The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.
      + Link +
      • + +
    • + + CVE-2016-0705 +
      Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
      + Link +
      • + +
    • + + CVE-2016-0799 +
      The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.
      + Link +
      • + +
    • + + CVE-2016-0798 +
      Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.
      + Link +
      • + +
    • + + CVE-2016-0797 +
      Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.
      + Link +
      • + +
    • + + CVE-2016-0702 +
      The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.
      + Link +
      • + +
    • + + CVE-2010-0928 +
      OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."
      + Link +
      • + +
    • + + CVE-2007-6755 +
      The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + glibc 2.19-18+deb8u1 - +
    +
      + +
    • + + CVE-2015-5277 +
      The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.
      + Link +
      • + +
    • + + CVE-2016-2856 +
      pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option.
      + Link +
      • + +
    • + + CVE-2014-8121 +
      DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.
      + Link +
      • + +
    • + + CVE-2015-7547 +
      Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
      + Link +
      • + +
    • + + CVE-2015-5180 +
      + Link +
      • + +
    • + + CVE-2013-2207 +
      pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
      + Link +
      • + +
    • + + CVE-2015-8777 +
      The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
      + Link +
      • + +
    • + + CVE-2010-4756 +
      The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
      + Link +
      • + +
    • + + CVE-2010-4052 +
      Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
      + Link +
      • + +
    • + + CVE-2010-4051 +
      The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
      + Link +
      • + +
    • + + CVE-2016-1234 +
      + Link +
      • + +
    • + + CVE-2015-8776 +
      + Link +
      • + +
    • + + CVE-2015-8778 +
      + Link +
      • + +
    • + + CVE-2014-9761 +
      + Link +
      • + +
    • + + CVE-2016-3075 +
      + Link +
      • + +
    • + + CVE-2015-8779 +
      + Link +
      • + +
    +
    • + +
  • +
    + krb5 1.12.1+dfsg-19+deb8u1 - +
    +
      + +
    • + + CVE-2015-8631 +
      Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.
      + Link +
      • + +
    • + + CVE-2015-2694 +
      The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.
      + Link +
      • + +
    • + + CVE-2015-8630 +
      The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.
      + Link +
      • + +
    • + + CVE-2016-3119 +
      The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
      + Link +
      • + +
    • + + CVE-2015-8629 +
      The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
      + Link +
      • + +
    • + + CVE-2004-0971 +
      The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
      + Link +
      • + +
    +
    • + +
  • +
    + nettle 2.7.1-5 - +
    +
      + +
    • + + CVE-2015-8803 +
      The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
      + Link +
      • + +
    • + + CVE-2015-8805 +
      The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.
      + Link +
      • + +
    • + + CVE-2015-8804 +
      x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + icu 52.1-8+deb8u3 - +
    +
      + +
    • + + CVE-2015-4844 +
      Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2016-0494 +
      Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2015-2632 +
      Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
      + Link +
      • + +
    +
    • + +
  • +
    + git 1:2.1.4-2.1+deb8u1 - +
    +
      + +
    • + + CVE-2016-2315 +
      revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
      + Link +
      • + +
    • + + CVE-2016-2324 +
      Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
      + Link +
      • + +
    +
    • + +
  • +
    + perl 5.20.2-3+deb8u1 - +
    +
      + +
    • + + CVE-2015-8607 +
      The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
      + Link +
      • + +
    • + + CVE-2011-4116 +
      + Link +
      • + +
    • + + CVE-2012-3878 +
      + Link +
      • + +
    • + + CVE-2016-2381 +
      Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
      + Link +
      • + +
    +
    • + +
  • +
    + apt 1.0.9.8.1 - +
    +
      + +
    • + + CVE-2011-3374 +
      + Link +
      • + +
    • + + CVE-2012-3587 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack.
      + Link +
      • + +
    • + + CVE-2012-0954 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587.
      + Link +
      • + +
    +
    • + +
  • +
    + gcc-4.9 4.9.2-10 - +
    +
      + +
    • + + CVE-2015-5276 +
      The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + curl 7.38.0-4+deb8u2 - +
    +
      + +
    • + + CVE-2016-0755 +
      The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
      + Link +
      • + +
    +
    • + +
  • +
    + pam 1.1.8-3.1 - +
    +
      + +
    • + + CVE-2015-3238 +
      The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
      + Link +
      • + +
    +
    • + +
  • +
    + util-linux 2.25.2-6 - +
    +
      + +
    • + + CVE-2015-5224 +
      + Link +
      • + +
    • + + CVE-2016-2779 +
      + Link +
      • + +
    • + + CVE-2015-5218 +
      Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.
      + Link +
      • + +
    +
    • + +
  • +
    + gnutls28 3.3.8-6+deb8u3 - +
    +
      + +
    • + + CVE-2011-3389 +
      The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
      + Link +
      • + +
    +
    • + +
  • +
    + libidn 1.29-1 - +
    +
      + +
    • + + CVE-2015-2059 +
      The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.
      + Link +
      • + +
    +
    • + +
  • +
    + shadow 1:4.2-3 - +
    +
      + +
    • + + CVE-2013-4235 +
      + Link +
      • + +
    • + + CVE-2007-5686 +
      initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.
      + Link +
      • + +
    +
    • + +
  • +
    + systemd 215-17+deb8u2 - +
    +
      + +
    • + + CVE-2013-4392 +
      systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.
      + Link +
      • + +
    • + + CVE-2015-8842 +
      + Link +
      • + +
    +
    • + +
  • +
    + audit 1:2.4-1 - +
    +
      + +
    • + + CVE-2015-5186 +
      + Link +
      • + +
    +
    • + +
  • +
    + libbsd 0.7.0-2 - +
    +
      + +
    • + + CVE-2016-2090 +
      + Link +
      • + +
    +
    • + +
  • +
    + python2.7 2.7.9-2 - +
    +
      + +
    • + + CVE-2013-7040 +
      Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.
      + Link +
      • + +
    +
    • + +
  • +
    + expat 2.1.0-6+deb8u1 - +
    +
      + +
    • + + CVE-2013-0340 +
      expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + tar 1.27.1-2 - +
    +
      + +
    • + + CVE-2005-2541 +
      Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
      + Link +
      • + +
    +
    • + +
  • +
    + python-defaults 2.7.9-1 - +
    +
      + +
    • + + CVE-2008-4108 +
      Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory.
      + Link +
      • + +
    +
    • + +
  • +
    + wget 1.16-1 - +
    +
      + +
    • + + CVE-2006-6719 +
      The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.
      + Link +
      • + +
    +
    • + +
  • +
    + openldap 2.4.40+dfsg-1+deb8u1 - +
    +
      + +
    • + + CVE-2015-3276 +
      The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + ca-certificates 20141019 - +
    +
      + +
    +
    • + +
  • +
    + mpclib3 1.0.2-1 - +
    +
      + +
    +
    • + +
  • +
    + keyutils 1.5.9-5 - +
    +
      + +
    +
    • + +
  • +
    + libsemanage 2.3-1 - +
    +
      + +
    +
    • + +
  • +
    + adduser 3.113+nmu3 - +
    +
      + +
    +
    • + +
  • +
    + lsb 4.1+Debian13+nmu1 - +
    +
      + +
    +
    • + +
  • +
    + ncurses 5.9+20140913-1 - +
    +
      + +
    +
    • + +
  • +
    + insserv 1.14.0-5 - +
    +
      + +
    +
    • + +
  • +
    + p11-kit 0.20.7-1 - +
    +
      + +
    +
    • + +
  • +
    + liblocale-gettext-perl 1.05-8 - +
    +
      + +
    +
    • + +
  • +
    + db5.3 5.3.28-9 - +
    +
      + +
    +
    • + +
  • +
    + readline6 6.3-8 - +
    +
      + +
    +
    • + +
  • +
    + netbase 5.3 - +
    +
      + +
    +
    • + +
  • +
    + rtmpdump 2.4+20150115.gita107cef-1 - +
    +
      + +
    +
    • + +
  • +
    + libssh2 1.4.3-4.1 - +
    +
      + +
    • + + CVE-2016-0787 +
      + Link +
      • + +
    +
    • + +
  • +
    + libedit 3.1-20140620-2 - +
    +
      + +
    +
    • + +
  • +
    + libgcrypt20 1.6.3-2 - +
    +
      + +
    • + + CVE-2015-7511 +
      + Link +
      • + +
    +
    • + +
  • +
    + base-files 8+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + explorercanvas 0.r3-3 - +
    +
      + +
    +
    • + +
  • +
    + libselinux 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + mpfr4 3.1.2-2 - +
    +
      + +
    +
    • + +
  • +
    + libtext-charwidth-perl 0.04-7 - +
    +
      + +
    +
    • + +
  • +
    + dash 0.5.7-4 - +
    +
      + +
    +
    • + +
  • +
    + debian-archive-keyring 2014.3 - +
    +
      + +
    +
    • + +
  • +
    + lvm2 2.02.111-2.2 - +
    +
      + +
    +
    • + +
  • +
    + libtasn1-6 4.2-3+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + ucf 3.0030 - +
    +
      + +
    +
    • + +
  • +
    + kmod 18-3 - +
    +
      + +
    +
    • + +
  • +
    + subversion 1.8.10-6+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + apr 1.5.1-3 - +
    +
      + +
    +
    • + +
  • +
    + sqlite3 3.8.7.1-1+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + binutils 2.25-5 - +
    +
      + +
    +
    • + +
  • +
    + base-passwd 3.5.37 - +
    +
      + +
    +
    • + +
  • +
    + cloog 0.18.2-1 - +
    +
      + +
    +
    • + +
  • +
    + iproute2 3.16.0-2 - +
    +
      + +
    +
    • + +
  • +
    + grep 2.20-4.1 - +
    +
      + +
    +
    • + +
  • +
    + libtext-iconv-perl 1.7-5 - +
    +
      + +
    +
    • + +
  • +
    + hostname 3.15 - +
    +
      + +
    +
    • + +
  • +
    + liberror-perl 0.17-1.1 - +
    +
      + +
    +
    • + +
  • +
    + mawk 1.3.3-17 - +
    +
      + +
    +
    • + +
  • +
    + ustr 1.0.4-3 - +
    +
      + +
    +
    • + +
  • +
    + cdebconf 0.192 - +
    +
      + +
    +
    • + +
  • +
    + configobj 5.0.6-1 - +
    +
      + +
    +
    • + +
  • +
    + isl 0.12.2-2 - +
    +
      + +
    +
    • + +
  • +
    + slang2 2.3.0-2 - +
    +
      + +
    +
    • + +
  • +
    + inetutils 2:1.9.2.39.3a460-3 - +
    +
      + +
    +
    • + +
  • +
    + libusb 2:0.1.12-25 - +
    +
      + +
    +
    • + +
  • +
    + libffi 3.1-2 - +
    +
      + +
    +
    • + +
  • +
    + gdbm 1.8.3-13.1 - +
    +
      + +
    +
    • + +
  • +
    + gzip 1.6-4 - +
    +
      + +
    +
    • + +
  • +
    + sysvinit 2.88dsf-59 - +
    +
      + +
    +
    • + +
  • +
    + gnupg 1.4.18-7 - +
    +
      + +
    +
    • + +
  • +
    + bash 4.3-11 - +
    +
      + +
    +
    • + +
  • +
    + make-dfsg 4.0-8.1 - +
    +
      + +
    +
    • + +
  • +
    + sensible-utils 0.0.9 - +
    +
      + +
    +
    • + +
  • +
    + cryptsetup 2:1.6.6-5 - +
    +
      + +
    +
    • + +
  • +
    + tzdata 2015g-0+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + libsepol 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + serf 1.3.8-1 - +
    +
      + +
    +
    • + +
  • +
    + libcap2 1:2.24-8 - +
    +
      + +
    +
    • + +
  • +
    + bzip2 1.0.6-7 - +
    +
      + +
    +
    • + +
  • +
    + bzr 2.6.0+bzr6595-6 - +
    +
      + +
    +
    • + +
  • +
    + debconf 1.5.56 - +
    +
      + +
    +
    • + +
  • +
    + init-system-helpers 1.22 - +
    +
      + +
    +
    • + +
  • +
    + libpsl 0.5.1-1 - +
    +
      + +
    +
    • + +
  • +
    + dpkg 1.17.26 - +
    +
      + +
    +
    • + +
  • +
    + startpar 0.59-3 - +
    +
      + +
    +
    • + +
  • +
    + coreutils 8.23-4 - +
    +
      + +
    • + + CVE-2016-2781 +
      + Link +
      • + +
    +
    • + +
  • +
    + acl 2.2.52-2 - +
    +
      + +
    +
    • + +
  • +
    + gcc-4.8 4.8.4-1 - +
    +
      + +
    +
    • + +
  • +
    + diffutils 1:3.3-1 - +
    +
      + +
    +
    • + +
  • +
    + sed 4.2.2-4 - +
    +
      + +
    +
    • + +
  • +
    + procps 2:3.3.9-9 - +
    +
      + +
    +
    • + +
  • +
    + gcc-defaults 1.136 - +
    +
      + +
    +
    • + +
  • +
    + xz-utils 5.1.1alpha+20120614-2 - +
    +
      + +
    +
    • + +
  • +
    + gmp 2:6.0.0+dfsg-6 - +
    +
      + +
    +
    • + +
  • +
    + cyrus-sasl2 2.1.26.dfsg1-13+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + debianutils 4.4 - +
    +
      + +
    +
    • + +
  • +
    + apr-util 1.5.4-1 - +
    +
      + +
    +
    • + +
  • +
    + zlib 1:1.2.8.dfsg-2 - +
    +
      + +
    +
    • + +
  • +
    + e2fsprogs 1.42.12-1.1 - +
    +
      + +
    +
    • + +
  • +
    + mercurial 3.1.2-2+deb8u1 - +
    +
      + +
    • + + CVE-2016-3068 +
      + Link +
      • + +
    • + + CVE-2016-3069 +
      + Link +
      • + +
    • + + CVE-2016-3630 +
      + Link +
      • + +
    +
    • + +
  • +
    + libgpg-error 1.17-3 - +
    +
      + +
    +
    • + +
  • +
    + libtext-wrapi18n-perl 0.06-7 - +
    +
      + +
    +
    • + +
  • +
    + attr 1:2.4.47-2 - +
    +
      + +
    +
    • + +
  • +
    + mime-support 3.58 - +
    +
      + +
    +
    • + +
  • +
    + six 1.8.0-1 - +
    +
      + +
    +
    • + +
  • +
    + findutils 4.4.2-9 - +
    +
      + +
    +
    • + +
+
+
+ +
+

sha256:1b28184d5b69f8d98e8d4cffd6868f94cef053ac1efd8fc568084779c8463499

+
+
+
    + +
  • +
    + pcre3 2:8.35-3.3 - +
    +
      + +
    • + + CVE-2015-8380 +
      The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8390 +
      PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8395 +
      PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392.
      + Link +
      • + +
    • + + CVE-2015-8387 +
      PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-2328 +
      PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8384 +
      PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-8389 +
      PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8388 +
      PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8391 +
      The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8394 +
      PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8386 +
      PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8392 +
      PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-2327 +
      PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8385 +
      PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-3191 +
      The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
      + Link +
      • + +
    • + + CVE-2015-8383 +
      PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8381 +
      The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-1283 +
      The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2014-9769 +
      pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset.
      + Link +
      • + +
    • + + CVE-2015-8382 +
      The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.
      + Link +
      • + +
    • + + CVE-2015-8393 +
      pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
      + Link +
      • + +
    • + + CVE-2015-2326 +
      + Link +
      • + +
    • + + CVE-2015-3210 +
      + Link +
      • + +
    • + + CVE-2015-2325 +
      + Link +
      • + +
    • + + CVE-2015-5073 +
      + Link +
      • + +
    • + + CVE-2015-3217 +
      + Link +
      • + +
    +
    • + +
  • +
    + linux 3.16.7-ckt20-1+deb8u2 - +
    +
      + +
    • + + CVE-2013-7445 +
      The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.
      + Link +
      • + +
    • + + CVE-2016-0728 +
      The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
      + Link +
      • + +
    • + + CVE-2015-8785 +
      The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.
      + Link +
      • + +
    • + + CVE-2015-8767 +
      net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
      + Link +
      • + +
    • + + CVE-2015-7566 +
      The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.
      + Link +
      • + +
    • + + CVE-2013-4312 +
      The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.
      + Link +
      • + +
    • + + CVE-2016-0821 +
      The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.
      + Link +
      • + +
    • + + CVE-2016-0723 +
      Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call.
      + Link +
      • + +
    • + + CVE-2016-3136 +
      + Link +
      • + +
    • + + CVE-2014-9717 +
      + Link +
      • + +
    • + + CVE-2016-3140 +
      + Link +
      • + +
    • + + CVE-2016-3139 +
      + Link +
      • + +
    • + + CVE-2016-2184 +
      + Link +
      • + +
    • + + CVE-2016-3137 +
      + Link +
      • + +
    • + + CVE-2016-2185 +
      + Link +
      • + +
    • + + CVE-2016-3138 +
      + Link +
      • + +
    • + + CVE-2016-2186 +
      + Link +
      • + +
    • + + CVE-2015-8830 +
      + Link +
      • + +
    • + + CVE-2015-7885 +
      The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.
      + Link +
      • + +
    • + + CVE-2015-4003 +
      The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2008-4609 +
      The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
      + Link +
      • + +
    • + + CVE-2004-0230 +
      TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.
      + Link +
      • + +
    • + + CVE-2015-4002 +
      drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions.
      + Link +
      • + +
    • + + CVE-2005-3660 +
      Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference.
      + Link +
      • + +
    • + + CVE-2010-4563 +
      The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping.
      + Link +
      • + +
    • + + CVE-2007-3719 +
      The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
      + Link +
      • + +
    • + + CVE-2016-2053 +
      + Link +
      • + +
    • + + CVE-2011-4917 +
      + Link +
      • + +
    • + + CVE-2011-4915 +
      + Link +
      • + +
    • + + CVE-2012-4542 +
      block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes.
      + Link +
      • + +
    • + + CVE-2015-2877 +
      + Link +
      • + +
    • + + CVE-2015-4004 +
      The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2015-4001 +
      Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet.
      + Link +
      • + +
    • + + CVE-2016-2085 +
      + Link +
      • + +
    • + + CVE-2015-8812 +
      + Link +
      • + +
    • + + CVE-2016-2117 +
      + Link +
      • + +
    • + + CVE-2016-3157 +
      + Link +
      • + +
    • + + CVE-2016-2188 +
      + Link +
      • + +
    • + + CVE-2016-3156 +
      + Link +
      • + +
    • + + CVE-2016-3134 +
      + Link +
      • + +
    • + + CVE-2016-3689 +
      + Link +
      • + +
    • + + CVE-2016-2544 +
      + Link +
      • + +
    • + + CVE-2016-2069 +
      + Link +
      • + +
    • + + CVE-2016-2384 +
      + Link +
      • + +
    • + + CVE-2016-3951 +
      + Link +
      • + +
    • + + CVE-2016-2547 +
      + Link +
      • + +
    • + + CVE-2016-2853 +
      + Link +
      • + +
    • + + CVE-2016-2543 +
      + Link +
      • + +
    • + + CVE-2015-8816 +
      + Link +
      • + +
    • + + CVE-2016-2546 +
      + Link +
      • + +
    • + + CVE-2016-2548 +
      + Link +
      • + +
    • + + CVE-2016-2143 +
      + Link +
      • + +
    • + + CVE-2015-7515 +
      + Link +
      • + +
    • + + CVE-2016-3672 +
      + Link +
      • + +
    • + + CVE-2016-2545 +
      + Link +
      • + +
    • + + CVE-2016-2847 +
      + Link +
      • + +
    • + + CVE-2016-2854 +
      + Link +
      • + +
    • + + CVE-2016-2549 +
      + Link +
      • + +
    • + + CVE-2015-1350 +
      + Link +
      • + +
    • + + CVE-2015-8553 +
      + Link +
      • + +
    • + + CVE-2015-8839 +
      + Link +
      • + +
    • + + CVE-2016-2782 +
      + Link +
      • + +
    • + + CVE-2016-2550 +
      + Link +
      • + +
    +
    • + +
  • +
    + openssh 1:6.7p1-5 - +
    +
      + +
    • + + CVE-2015-5600 +
      The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.
      + Link +
      • + +
    • + + CVE-2015-5352 +
      The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.
      + Link +
      • + +
    • + + CVE-2016-3115 +
      Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
      + Link +
      • + +
    • + + CVE-2015-6564 +
      Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
      + Link +
      • + +
    • + + CVE-2016-0778 +
      The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
      + Link +
      • + +
    • + + CVE-2016-0777 +
      The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
      + Link +
      • + +
    • + + CVE-2015-6563 +
      The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
      + Link +
      • + +
    • + + CVE-2007-2243 +
      OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.
      + Link +
      • + +
    • + + CVE-2008-3234 +
      sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.
      + Link +
      • + +
    • + + CVE-2007-2768 +
      OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.
      + Link +
      • + +
    • + + CVE-2016-1908 +
      + Link +
      • + +
    • + + CVE-2015-8325 +
      + Link +
      • + +
    +
    • + +
  • +
    + glibc 2.19-18+deb8u1 - +
    +
      + +
    • + + CVE-2015-5277 +
      The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.
      + Link +
      • + +
    • + + CVE-2016-2856 +
      pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option.
      + Link +
      • + +
    • + + CVE-2014-8121 +
      DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.
      + Link +
      • + +
    • + + CVE-2015-7547 +
      Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
      + Link +
      • + +
    • + + CVE-2015-5180 +
      + Link +
      • + +
    • + + CVE-2013-2207 +
      pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
      + Link +
      • + +
    • + + CVE-2015-8777 +
      The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
      + Link +
      • + +
    • + + CVE-2010-4756 +
      The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
      + Link +
      • + +
    • + + CVE-2010-4052 +
      Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
      + Link +
      • + +
    • + + CVE-2010-4051 +
      The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
      + Link +
      • + +
    • + + CVE-2016-1234 +
      + Link +
      • + +
    • + + CVE-2015-8776 +
      + Link +
      • + +
    • + + CVE-2015-8778 +
      + Link +
      • + +
    • + + CVE-2014-9761 +
      + Link +
      • + +
    • + + CVE-2016-3075 +
      + Link +
      • + +
    • + + CVE-2015-8779 +
      + Link +
      • + +
    +
    • + +
  • +
    + openssl 1.0.1k-3+deb8u2 - +
    +
      + +
    • + + CVE-2016-2842 +
      The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.
      + Link +
      • + +
    • + + CVE-2016-0705 +
      Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
      + Link +
      • + +
    • + + CVE-2016-0799 +
      The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.
      + Link +
      • + +
    • + + CVE-2016-0798 +
      Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.
      + Link +
      • + +
    • + + CVE-2016-0797 +
      Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.
      + Link +
      • + +
    • + + CVE-2016-0702 +
      The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.
      + Link +
      • + +
    • + + CVE-2010-0928 +
      OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."
      + Link +
      • + +
    • + + CVE-2007-6755 +
      The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + krb5 1.12.1+dfsg-19+deb8u1 - +
    +
      + +
    • + + CVE-2015-8631 +
      Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.
      + Link +
      • + +
    • + + CVE-2015-2694 +
      The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.
      + Link +
      • + +
    • + + CVE-2015-8630 +
      The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.
      + Link +
      • + +
    • + + CVE-2016-3119 +
      The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
      + Link +
      • + +
    • + + CVE-2015-8629 +
      The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
      + Link +
      • + +
    • + + CVE-2004-0971 +
      The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
      + Link +
      • + +
    +
    • + +
  • +
    + nettle 2.7.1-5 - +
    +
      + +
    • + + CVE-2015-8803 +
      The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
      + Link +
      • + +
    • + + CVE-2015-8805 +
      The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.
      + Link +
      • + +
    • + + CVE-2015-8804 +
      x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + icu 52.1-8+deb8u3 - +
    +
      + +
    • + + CVE-2015-4844 +
      Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2016-0494 +
      Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2015-2632 +
      Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
      + Link +
      • + +
    +
    • + +
  • +
    + git 1:2.1.4-2.1+deb8u1 - +
    +
      + +
    • + + CVE-2016-2315 +
      revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
      + Link +
      • + +
    • + + CVE-2016-2324 +
      Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
      + Link +
      • + +
    +
    • + +
  • +
    + perl 5.20.2-3+deb8u1 - +
    +
      + +
    • + + CVE-2015-8607 +
      The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
      + Link +
      • + +
    • + + CVE-2011-4116 +
      + Link +
      • + +
    • + + CVE-2012-3878 +
      + Link +
      • + +
    • + + CVE-2016-2381 +
      Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
      + Link +
      • + +
    +
    • + +
  • +
    + util-linux 2.25.2-6 - +
    +
      + +
    • + + CVE-2015-5224 +
      + Link +
      • + +
    • + + CVE-2016-2779 +
      + Link +
      • + +
    • + + CVE-2015-5218 +
      Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.
      + Link +
      • + +
    +
    • + +
  • +
    + gcc-4.9 4.9.2-10 - +
    +
      + +
    • + + CVE-2015-5276 +
      The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + pam 1.1.8-3.1 - +
    +
      + +
    • + + CVE-2015-3238 +
      The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
      + Link +
      • + +
    +
    • + +
  • +
    + gnutls28 3.3.8-6+deb8u3 - +
    +
      + +
    • + + CVE-2011-3389 +
      The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
      + Link +
      • + +
    +
    • + +
  • +
    + libidn 1.29-1 - +
    +
      + +
    • + + CVE-2015-2059 +
      The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.
      + Link +
      • + +
    +
    • + +
  • +
    + curl 7.38.0-4+deb8u2 - +
    +
      + +
    • + + CVE-2016-0755 +
      The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
      + Link +
      • + +
    +
    • + +
  • +
    + apt 1.0.9.8.1 - +
    +
      + +
    • + + CVE-2011-3374 +
      + Link +
      • + +
    • + + CVE-2012-3587 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack.
      + Link +
      • + +
    • + + CVE-2012-0954 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587.
      + Link +
      • + +
    +
    • + +
  • +
    + shadow 1:4.2-3 - +
    +
      + +
    • + + CVE-2013-4235 +
      + Link +
      • + +
    • + + CVE-2007-5686 +
      initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.
      + Link +
      • + +
    +
    • + +
  • +
    + systemd 215-17+deb8u2 - +
    +
      + +
    • + + CVE-2013-4392 +
      systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.
      + Link +
      • + +
    • + + CVE-2015-8842 +
      + Link +
      • + +
    +
    • + +
  • +
    + python2.7 2.7.9-2 - +
    +
      + +
    • + + CVE-2013-7040 +
      Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.
      + Link +
      • + +
    +
    • + +
  • +
    + tar 1.27.1-2 - +
    +
      + +
    • + + CVE-2005-2541 +
      Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
      + Link +
      • + +
    +
    • + +
  • +
    + expat 2.1.0-6+deb8u1 - +
    +
      + +
    • + + CVE-2013-0340 +
      expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + audit 1:2.4-1 - +
    +
      + +
    • + + CVE-2015-5186 +
      + Link +
      • + +
    +
    • + +
  • +
    + libbsd 0.7.0-2 - +
    +
      + +
    • + + CVE-2016-2090 +
      + Link +
      • + +
    +
    • + +
  • +
    + wget 1.16-1 - +
    +
      + +
    • + + CVE-2006-6719 +
      The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.
      + Link +
      • + +
    +
    • + +
  • +
    + openldap 2.4.40+dfsg-1+deb8u1 - +
    +
      + +
    • + + CVE-2015-3276 +
      The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + python-defaults 2.7.9-1 - +
    +
      + +
    • + + CVE-2008-4108 +
      Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory.
      + Link +
      • + +
    +
    • + +
  • +
    + init-system-helpers 1.22 - +
    +
      + +
    +
    • + +
  • +
    + libtext-iconv-perl 1.7-5 - +
    +
      + +
    +
    • + +
  • +
    + insserv 1.14.0-5 - +
    +
      + +
    +
    • + +
  • +
    + keyutils 1.5.9-5 - +
    +
      + +
    +
    • + +
  • +
    + mpfr4 3.1.2-2 - +
    +
      + +
    +
    • + +
  • +
    + lvm2 2.02.111-2.2 - +
    +
      + +
    +
    • + +
  • +
    + dash 0.5.7-4 - +
    +
      + +
    +
    • + +
  • +
    + zlib 1:1.2.8.dfsg-2 - +
    +
      + +
    +
    • + +
  • +
    + debianutils 4.4 - +
    +
      + +
    +
    • + +
  • +
    + libpsl 0.5.1-1 - +
    +
      + +
    +
    • + +
  • +
    + explorercanvas 0.r3-3 - +
    +
      + +
    +
    • + +
  • +
    + attr 1:2.4.47-2 - +
    +
      + +
    +
    • + +
  • +
    + ncurses 5.9+20140913-1 - +
    +
      + +
    +
    • + +
  • +
    + xz-utils 5.1.1alpha+20120614-2 - +
    +
      + +
    +
    • + +
  • +
    + libffi 3.1-2 - +
    +
      + +
    +
    • + +
  • +
    + libtext-charwidth-perl 0.04-7 - +
    +
      + +
    +
    • + +
  • +
    + lsb 4.1+Debian13+nmu1 - +
    +
      + +
    +
    • + +
  • +
    + configobj 5.0.6-1 - +
    +
      + +
    +
    • + +
  • +
    + gnupg 1.4.18-7 - +
    +
      + +
    +
    • + +
  • +
    + iproute2 3.16.0-2 - +
    +
      + +
    +
    • + +
  • +
    + gcc-4.8 4.8.4-1 - +
    +
      + +
    +
    • + +
  • +
    + liberror-perl 0.17-1.1 - +
    +
      + +
    +
    • + +
  • +
    + gzip 1.6-4 - +
    +
      + +
    +
    • + +
  • +
    + sed 4.2.2-4 - +
    +
      + +
    +
    • + +
  • +
    + gcc-defaults 1.136 - +
    +
      + +
    +
    • + +
  • +
    + bzr 2.6.0+bzr6595-6 - +
    +
      + +
    +
    • + +
  • +
    + base-passwd 3.5.37 - +
    +
      + +
    +
    • + +
  • +
    + six 1.8.0-1 - +
    +
      + +
    +
    • + +
  • +
    + netbase 5.3 - +
    +
      + +
    +
    • + +
  • +
    + readline6 6.3-8 - +
    +
      + +
    +
    • + +
  • +
    + gdbm 1.8.3-13.1 - +
    +
      + +
    +
    • + +
  • +
    + binutils 2.25-5 - +
    +
      + +
    +
    • + +
  • +
    + startpar 0.59-3 - +
    +
      + +
    +
    • + +
  • +
    + ca-certificates 20141019 - +
    +
      + +
    +
    • + +
  • +
    + cloog 0.18.2-1 - +
    +
      + +
    +
    • + +
  • +
    + libsemanage 2.3-1 - +
    +
      + +
    +
    • + +
  • +
    + debian-archive-keyring 2014.3 - +
    +
      + +
    +
    • + +
  • +
    + tzdata 2015g-0+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + inetutils 2:1.9.2.39.3a460-3 - +
    +
      + +
    +
    • + +
  • +
    + sensible-utils 0.0.9 - +
    +
      + +
    +
    • + +
  • +
    + cdebconf 0.192 - +
    +
      + +
    +
    • + +
  • +
    + grep 2.20-4.1 - +
    +
      + +
    +
    • + +
  • +
    + mawk 1.3.3-17 - +
    +
      + +
    +
    • + +
  • +
    + bzip2 1.0.6-7 - +
    +
      + +
    +
    • + +
  • +
    + cyrus-sasl2 2.1.26.dfsg1-13+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + subversion 1.8.10-6+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + findutils 4.4.2-9 - +
    +
      + +
    +
    • + +
  • +
    + mime-support 3.58 - +
    +
      + +
    +
    • + +
  • +
    + apr-util 1.5.4-1 - +
    +
      + +
    +
    • + +
  • +
    + liblocale-gettext-perl 1.05-8 - +
    +
      + +
    +
    • + +
  • +
    + debconf 1.5.56 - +
    +
      + +
    +
    • + +
  • +
    + slang2 2.3.0-2 - +
    +
      + +
    +
    • + +
  • +
    + libssh2 1.4.3-4.1 - +
    +
      + +
    • + + CVE-2016-0787 +
      + Link +
      • + +
    +
    • + +
  • +
    + serf 1.3.8-1 - +
    +
      + +
    +
    • + +
  • +
    + coreutils 8.23-4 - +
    +
      + +
    • + + CVE-2016-2781 +
      + Link +
      • + +
    +
    • + +
  • +
    + libsepol 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + isl 0.12.2-2 - +
    +
      + +
    +
    • + +
  • +
    + make-dfsg 4.0-8.1 - +
    +
      + +
    +
    • + +
  • +
    + libusb 2:0.1.12-25 - +
    +
      + +
    +
    • + +
  • +
    + sqlite3 3.8.7.1-1+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + gmp 2:6.0.0+dfsg-6 - +
    +
      + +
    +
    • + +
  • +
    + bash 4.3-11 - +
    +
      + +
    +
    • + +
  • +
    + libtext-wrapi18n-perl 0.06-7 - +
    +
      + +
    +
    • + +
  • +
    + libgcrypt20 1.6.3-2 - +
    +
      + +
    • + + CVE-2015-7511 +
      + Link +
      • + +
    +
    • + +
  • +
    + base-files 8+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + ucf 3.0030 - +
    +
      + +
    +
    • + +
  • +
    + procps 2:3.3.9-9 - +
    +
      + +
    +
    • + +
  • +
    + e2fsprogs 1.42.12-1.1 - +
    +
      + +
    +
    • + +
  • +
    + dpkg 1.17.26 - +
    +
      + +
    +
    • + +
  • +
    + p11-kit 0.20.7-1 - +
    +
      + +
    +
    • + +
  • +
    + libselinux 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + db5.3 5.3.28-9 - +
    +
      + +
    +
    • + +
  • +
    + kmod 18-3 - +
    +
      + +
    +
    • + +
  • +
    + mercurial 3.1.2-2+deb8u1 - +
    +
      + +
    • + + CVE-2016-3068 +
      + Link +
      • + +
    • + + CVE-2016-3069 +
      + Link +
      • + +
    • + + CVE-2016-3630 +
      + Link +
      • + +
    +
    • + +
  • +
    + libgpg-error 1.17-3 - +
    +
      + +
    +
    • + +
  • +
    + libtasn1-6 4.2-3+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + rtmpdump 2.4+20150115.gita107cef-1 - +
    +
      + +
    +
    • + +
  • +
    + sysvinit 2.88dsf-59 - +
    +
      + +
    +
    • + +
  • +
    + libcap2 1:2.24-8 - +
    +
      + +
    +
    • + +
  • +
    + apr 1.5.1-3 - +
    +
      + +
    +
    • + +
  • +
    + acl 2.2.52-2 - +
    +
      + +
    +
    • + +
  • +
    + cryptsetup 2:1.6.6-5 - +
    +
      + +
    +
    • + +
  • +
    + hostname 3.15 - +
    +
      + +
    +
    • + +
  • +
    + diffutils 1:3.3-1 - +
    +
      + +
    +
    • + +
  • +
    + adduser 3.113+nmu3 - +
    +
      + +
    +
    • + +
  • +
    + libedit 3.1-20140620-2 - +
    +
      + +
    +
    • + +
  • +
    + mpclib3 1.0.2-1 - +
    +
      + +
    +
    • + +
  • +
    + ustr 1.0.4-3 - +
    +
      + +
    +
    • + +
+
+
+ +
+

sha256:1f19472cfca06fbe1d07f3376688beeda792d9bbdaba42fd4bead26bb838eaba

+
+
+
    + +
  • +
    + pcre3 2:8.35-3.3 - +
    +
      + +
    • + + CVE-2015-8380 +
      The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8390 +
      PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8395 +
      PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392.
      + Link +
      • + +
    • + + CVE-2015-8387 +
      PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-2328 +
      PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8384 +
      PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-8389 +
      PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8388 +
      PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8391 +
      The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8394 +
      PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8386 +
      PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8392 +
      PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-2327 +
      PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8385 +
      PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-3191 +
      The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
      + Link +
      • + +
    • + + CVE-2015-8383 +
      PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8381 +
      The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-1283 +
      The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2014-9769 +
      pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset.
      + Link +
      • + +
    • + + CVE-2015-8382 +
      The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.
      + Link +
      • + +
    • + + CVE-2015-8393 +
      pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
      + Link +
      • + +
    • + + CVE-2015-2326 +
      + Link +
      • + +
    • + + CVE-2015-3210 +
      + Link +
      • + +
    • + + CVE-2015-2325 +
      + Link +
      • + +
    • + + CVE-2015-5073 +
      + Link +
      • + +
    • + + CVE-2015-3217 +
      + Link +
      • + +
    +
    • + +
  • +
    + linux 3.16.7-ckt20-1+deb8u2 - +
    +
      + +
    • + + CVE-2013-7445 +
      The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.
      + Link +
      • + +
    • + + CVE-2016-0728 +
      The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
      + Link +
      • + +
    • + + CVE-2015-8785 +
      The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.
      + Link +
      • + +
    • + + CVE-2015-8767 +
      net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
      + Link +
      • + +
    • + + CVE-2015-7566 +
      The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.
      + Link +
      • + +
    • + + CVE-2013-4312 +
      The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.
      + Link +
      • + +
    • + + CVE-2016-0821 +
      The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.
      + Link +
      • + +
    • + + CVE-2016-0723 +
      Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call.
      + Link +
      • + +
    • + + CVE-2016-3136 +
      + Link +
      • + +
    • + + CVE-2014-9717 +
      + Link +
      • + +
    • + + CVE-2016-3140 +
      + Link +
      • + +
    • + + CVE-2016-3139 +
      + Link +
      • + +
    • + + CVE-2016-2184 +
      + Link +
      • + +
    • + + CVE-2016-3137 +
      + Link +
      • + +
    • + + CVE-2016-2185 +
      + Link +
      • + +
    • + + CVE-2016-3138 +
      + Link +
      • + +
    • + + CVE-2016-2186 +
      + Link +
      • + +
    • + + CVE-2015-8830 +
      + Link +
      • + +
    • + + CVE-2015-7885 +
      The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.
      + Link +
      • + +
    • + + CVE-2015-4003 +
      The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2008-4609 +
      The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
      + Link +
      • + +
    • + + CVE-2004-0230 +
      TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.
      + Link +
      • + +
    • + + CVE-2015-4002 +
      drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions.
      + Link +
      • + +
    • + + CVE-2005-3660 +
      Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference.
      + Link +
      • + +
    • + + CVE-2010-4563 +
      The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping.
      + Link +
      • + +
    • + + CVE-2007-3719 +
      The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
      + Link +
      • + +
    • + + CVE-2016-2053 +
      + Link +
      • + +
    • + + CVE-2011-4917 +
      + Link +
      • + +
    • + + CVE-2011-4915 +
      + Link +
      • + +
    • + + CVE-2012-4542 +
      block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes.
      + Link +
      • + +
    • + + CVE-2015-2877 +
      + Link +
      • + +
    • + + CVE-2015-4004 +
      The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2015-4001 +
      Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet.
      + Link +
      • + +
    • + + CVE-2016-2085 +
      + Link +
      • + +
    • + + CVE-2015-8812 +
      + Link +
      • + +
    • + + CVE-2016-2117 +
      + Link +
      • + +
    • + + CVE-2016-3157 +
      + Link +
      • + +
    • + + CVE-2016-2188 +
      + Link +
      • + +
    • + + CVE-2016-3156 +
      + Link +
      • + +
    • + + CVE-2016-3134 +
      + Link +
      • + +
    • + + CVE-2016-3689 +
      + Link +
      • + +
    • + + CVE-2016-2544 +
      + Link +
      • + +
    • + + CVE-2016-2069 +
      + Link +
      • + +
    • + + CVE-2016-2384 +
      + Link +
      • + +
    • + + CVE-2016-3951 +
      + Link +
      • + +
    • + + CVE-2016-2547 +
      + Link +
      • + +
    • + + CVE-2016-2853 +
      + Link +
      • + +
    • + + CVE-2016-2543 +
      + Link +
      • + +
    • + + CVE-2015-8816 +
      + Link +
      • + +
    • + + CVE-2016-2546 +
      + Link +
      • + +
    • + + CVE-2016-2548 +
      + Link +
      • + +
    • + + CVE-2016-2143 +
      + Link +
      • + +
    • + + CVE-2015-7515 +
      + Link +
      • + +
    • + + CVE-2016-3672 +
      + Link +
      • + +
    • + + CVE-2016-2545 +
      + Link +
      • + +
    • + + CVE-2016-2847 +
      + Link +
      • + +
    • + + CVE-2016-2854 +
      + Link +
      • + +
    • + + CVE-2016-2549 +
      + Link +
      • + +
    • + + CVE-2015-1350 +
      + Link +
      • + +
    • + + CVE-2015-8553 +
      + Link +
      • + +
    • + + CVE-2015-8839 +
      + Link +
      • + +
    • + + CVE-2016-2782 +
      + Link +
      • + +
    • + + CVE-2016-2550 +
      + Link +
      • + +
    +
    • + +
  • +
    + openssh 1:6.7p1-5 - +
    +
      + +
    • + + CVE-2015-5600 +
      The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.
      + Link +
      • + +
    • + + CVE-2015-5352 +
      The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.
      + Link +
      • + +
    • + + CVE-2016-3115 +
      Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
      + Link +
      • + +
    • + + CVE-2015-6564 +
      Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
      + Link +
      • + +
    • + + CVE-2016-0778 +
      The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
      + Link +
      • + +
    • + + CVE-2016-0777 +
      The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
      + Link +
      • + +
    • + + CVE-2015-6563 +
      The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
      + Link +
      • + +
    • + + CVE-2007-2243 +
      OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.
      + Link +
      • + +
    • + + CVE-2008-3234 +
      sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.
      + Link +
      • + +
    • + + CVE-2007-2768 +
      OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.
      + Link +
      • + +
    • + + CVE-2016-1908 +
      + Link +
      • + +
    • + + CVE-2015-8325 +
      + Link +
      • + +
    +
    • + +
  • +
    + glibc 2.19-18+deb8u1 - +
    +
      + +
    • + + CVE-2015-5277 +
      The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.
      + Link +
      • + +
    • + + CVE-2016-2856 +
      pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option.
      + Link +
      • + +
    • + + CVE-2014-8121 +
      DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.
      + Link +
      • + +
    • + + CVE-2015-7547 +
      Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
      + Link +
      • + +
    • + + CVE-2015-5180 +
      + Link +
      • + +
    • + + CVE-2013-2207 +
      pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
      + Link +
      • + +
    • + + CVE-2015-8777 +
      The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
      + Link +
      • + +
    • + + CVE-2010-4756 +
      The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
      + Link +
      • + +
    • + + CVE-2010-4052 +
      Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
      + Link +
      • + +
    • + + CVE-2010-4051 +
      The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
      + Link +
      • + +
    • + + CVE-2016-1234 +
      + Link +
      • + +
    • + + CVE-2015-8776 +
      + Link +
      • + +
    • + + CVE-2015-8778 +
      + Link +
      • + +
    • + + CVE-2014-9761 +
      + Link +
      • + +
    • + + CVE-2016-3075 +
      + Link +
      • + +
    • + + CVE-2015-8779 +
      + Link +
      • + +
    +
    • + +
  • +
    + openssl 1.0.1k-3+deb8u2 - +
    +
      + +
    • + + CVE-2016-2842 +
      The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.
      + Link +
      • + +
    • + + CVE-2016-0705 +
      Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
      + Link +
      • + +
    • + + CVE-2016-0799 +
      The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.
      + Link +
      • + +
    • + + CVE-2016-0798 +
      Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.
      + Link +
      • + +
    • + + CVE-2016-0797 +
      Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.
      + Link +
      • + +
    • + + CVE-2016-0702 +
      The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.
      + Link +
      • + +
    • + + CVE-2010-0928 +
      OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."
      + Link +
      • + +
    • + + CVE-2007-6755 +
      The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + krb5 1.12.1+dfsg-19+deb8u1 - +
    +
      + +
    • + + CVE-2015-8631 +
      Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.
      + Link +
      • + +
    • + + CVE-2015-2694 +
      The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.
      + Link +
      • + +
    • + + CVE-2015-8630 +
      The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.
      + Link +
      • + +
    • + + CVE-2016-3119 +
      The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
      + Link +
      • + +
    • + + CVE-2015-8629 +
      The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
      + Link +
      • + +
    • + + CVE-2004-0971 +
      The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
      + Link +
      • + +
    +
    • + +
  • +
    + nettle 2.7.1-5 - +
    +
      + +
    • + + CVE-2015-8803 +
      The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
      + Link +
      • + +
    • + + CVE-2015-8805 +
      The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.
      + Link +
      • + +
    • + + CVE-2015-8804 +
      x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + icu 52.1-8+deb8u3 - +
    +
      + +
    • + + CVE-2015-4844 +
      Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2016-0494 +
      Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2015-2632 +
      Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
      + Link +
      • + +
    +
    • + +
  • +
    + git 1:2.1.4-2.1+deb8u1 - +
    +
      + +
    • + + CVE-2016-2315 +
      revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
      + Link +
      • + +
    • + + CVE-2016-2324 +
      Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
      + Link +
      • + +
    +
    • + +
  • +
    + perl 5.20.2-3+deb8u1 - +
    +
      + +
    • + + CVE-2015-8607 +
      The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
      + Link +
      • + +
    • + + CVE-2011-4116 +
      + Link +
      • + +
    • + + CVE-2012-3878 +
      + Link +
      • + +
    • + + CVE-2016-2381 +
      Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
      + Link +
      • + +
    +
    • + +
  • +
    + gcc-4.9 4.9.2-10 - +
    +
      + +
    • + + CVE-2015-5276 +
      The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + curl 7.38.0-4+deb8u2 - +
    +
      + +
    • + + CVE-2016-0755 +
      The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
      + Link +
      • + +
    +
    • + +
  • +
    + gnutls28 3.3.8-6+deb8u3 - +
    +
      + +
    • + + CVE-2011-3389 +
      The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
      + Link +
      • + +
    +
    • + +
  • +
    + util-linux 2.25.2-6 - +
    +
      + +
    • + + CVE-2015-5224 +
      + Link +
      • + +
    • + + CVE-2016-2779 +
      + Link +
      • + +
    • + + CVE-2015-5218 +
      Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.
      + Link +
      • + +
    +
    • + +
  • +
    + pam 1.1.8-3.1 - +
    +
      + +
    • + + CVE-2015-3238 +
      The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
      + Link +
      • + +
    +
    • + +
  • +
    + apt 1.0.9.8.1 - +
    +
      + +
    • + + CVE-2011-3374 +
      + Link +
      • + +
    • + + CVE-2012-3587 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack.
      + Link +
      • + +
    • + + CVE-2012-0954 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587.
      + Link +
      • + +
    +
    • + +
  • +
    + libidn 1.29-1 - +
    +
      + +
    • + + CVE-2015-2059 +
      The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.
      + Link +
      • + +
    +
    • + +
  • +
    + systemd 215-17+deb8u2 - +
    +
      + +
    • + + CVE-2013-4392 +
      systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.
      + Link +
      • + +
    • + + CVE-2015-8842 +
      + Link +
      • + +
    +
    • + +
  • +
    + shadow 1:4.2-3 - +
    +
      + +
    • + + CVE-2013-4235 +
      + Link +
      • + +
    • + + CVE-2007-5686 +
      initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.
      + Link +
      • + +
    +
    • + +
  • +
    + wget 1.16-1 - +
    +
      + +
    • + + CVE-2006-6719 +
      The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.
      + Link +
      • + +
    +
    • + +
  • +
    + expat 2.1.0-6+deb8u1 - +
    +
      + +
    • + + CVE-2013-0340 +
      expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + audit 1:2.4-1 - +
    +
      + +
    • + + CVE-2015-5186 +
      + Link +
      • + +
    +
    • + +
  • +
    + libbsd 0.7.0-2 - +
    +
      + +
    • + + CVE-2016-2090 +
      + Link +
      • + +
    +
    • + +
  • +
    + python-defaults 2.7.9-1 - +
    +
      + +
    • + + CVE-2008-4108 +
      Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory.
      + Link +
      • + +
    +
    • + +
  • +
    + tar 1.27.1-2 - +
    +
      + +
    • + + CVE-2005-2541 +
      Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
      + Link +
      • + +
    +
    • + +
  • +
    + openldap 2.4.40+dfsg-1+deb8u1 - +
    +
      + +
    • + + CVE-2015-3276 +
      The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + python2.7 2.7.9-2 - +
    +
      + +
    • + + CVE-2013-7040 +
      Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.
      + Link +
      • + +
    +
    • + +
  • +
    + slang2 2.3.0-2 - +
    +
      + +
    +
    • + +
  • +
    + libtasn1-6 4.2-3+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + ucf 3.0030 - +
    +
      + +
    +
    • + +
  • +
    + insserv 1.14.0-5 - +
    +
      + +
    +
    • + +
  • +
    + inetutils 2:1.9.2.39.3a460-3 - +
    +
      + +
    +
    • + +
  • +
    + sed 4.2.2-4 - +
    +
      + +
    +
    • + +
  • +
    + liblocale-gettext-perl 1.05-8 - +
    +
      + +
    +
    • + +
  • +
    + lsb 4.1+Debian13+nmu1 - +
    +
      + +
    +
    • + +
  • +
    + rtmpdump 2.4+20150115.gita107cef-1 - +
    +
      + +
    +
    • + +
  • +
    + kmod 18-3 - +
    +
      + +
    +
    • + +
  • +
    + gcc-4.8 4.8.4-1 - +
    +
      + +
    +
    • + +
  • +
    + liberror-perl 0.17-1.1 - +
    +
      + +
    +
    • + +
  • +
    + cdebconf 0.192 - +
    +
      + +
    +
    • + +
  • +
    + ustr 1.0.4-3 - +
    +
      + +
    +
    • + +
  • +
    + readline6 6.3-8 - +
    +
      + +
    +
    • + +
  • +
    + apr 1.5.1-3 - +
    +
      + +
    +
    • + +
  • +
    + six 1.8.0-1 - +
    +
      + +
    +
    • + +
  • +
    + libsemanage 2.3-1 - +
    +
      + +
    +
    • + +
  • +
    + mercurial 3.1.2-2+deb8u1 - +
    +
      + +
    • + + CVE-2016-3068 +
      + Link +
      • + +
    • + + CVE-2016-3069 +
      + Link +
      • + +
    • + + CVE-2016-3630 +
      + Link +
      • + +
    +
    • + +
  • +
    + e2fsprogs 1.42.12-1.1 - +
    +
      + +
    +
    • + +
  • +
    + libsepol 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + db5.3 5.3.28-9 - +
    +
      + +
    +
    • + +
  • +
    + libselinux 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + serf 1.3.8-1 - +
    +
      + +
    +
    • + +
  • +
    + acl 2.2.52-2 - +
    +
      + +
    +
    • + +
  • +
    + libgpg-error 1.17-3 - +
    +
      + +
    +
    • + +
  • +
    + gzip 1.6-4 - +
    +
      + +
    +
    • + +
  • +
    + ncurses 5.9+20140913-1 - +
    +
      + +
    +
    • + +
  • +
    + cyrus-sasl2 2.1.26.dfsg1-13+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + cloog 0.18.2-1 - +
    +
      + +
    +
    • + +
  • +
    + apr-util 1.5.4-1 - +
    +
      + +
    +
    • + +
  • +
    + gcc-defaults 1.136 - +
    +
      + +
    +
    • + +
  • +
    + sysvinit 2.88dsf-59 - +
    +
      + +
    +
    • + +
  • +
    + make-dfsg 4.0-8.1 - +
    +
      + +
    +
    • + +
  • +
    + subversion 1.8.10-6+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + explorercanvas 0.r3-3 - +
    +
      + +
    +
    • + +
  • +
    + mpclib3 1.0.2-1 - +
    +
      + +
    +
    • + +
  • +
    + attr 1:2.4.47-2 - +
    +
      + +
    +
    • + +
  • +
    + bash 4.3-11 - +
    +
      + +
    +
    • + +
  • +
    + libedit 3.1-20140620-2 - +
    +
      + +
    +
    • + +
  • +
    + keyutils 1.5.9-5 - +
    +
      + +
    +
    • + +
  • +
    + libusb 2:0.1.12-25 - +
    +
      + +
    +
    • + +
  • +
    + libtext-iconv-perl 1.7-5 - +
    +
      + +
    +
    • + +
  • +
    + gnupg 1.4.18-7 - +
    +
      + +
    +
    • + +
  • +
    + tzdata 2015g-0+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + libffi 3.1-2 - +
    +
      + +
    +
    • + +
  • +
    + gdbm 1.8.3-13.1 - +
    +
      + +
    +
    • + +
  • +
    + lvm2 2.02.111-2.2 - +
    +
      + +
    +
    • + +
  • +
    + debianutils 4.4 - +
    +
      + +
    +
    • + +
  • +
    + iproute2 3.16.0-2 - +
    +
      + +
    +
    • + +
  • +
    + isl 0.12.2-2 - +
    +
      + +
    +
    • + +
  • +
    + libcap2 1:2.24-8 - +
    +
      + +
    +
    • + +
  • +
    + dash 0.5.7-4 - +
    +
      + +
    +
    • + +
  • +
    + startpar 0.59-3 - +
    +
      + +
    +
    • + +
  • +
    + base-passwd 3.5.37 - +
    +
      + +
    +
    • + +
  • +
    + coreutils 8.23-4 - +
    +
      + +
    • + + CVE-2016-2781 +
      + Link +
      • + +
    +
    • + +
  • +
    + init-system-helpers 1.22 - +
    +
      + +
    +
    • + +
  • +
    + diffutils 1:3.3-1 - +
    +
      + +
    +
    • + +
  • +
    + mawk 1.3.3-17 - +
    +
      + +
    +
    • + +
  • +
    + debian-archive-keyring 2014.3 - +
    +
      + +
    +
    • + +
  • +
    + zlib 1:1.2.8.dfsg-2 - +
    +
      + +
    +
    • + +
  • +
    + base-files 8+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + libpsl 0.5.1-1 - +
    +
      + +
    +
    • + +
  • +
    + findutils 4.4.2-9 - +
    +
      + +
    +
    • + +
  • +
    + mime-support 3.58 - +
    +
      + +
    +
    • + +
  • +
    + grep 2.20-4.1 - +
    +
      + +
    +
    • + +
  • +
    + adduser 3.113+nmu3 - +
    +
      + +
    +
    • + +
  • +
    + ca-certificates 20141019 - +
    +
      + +
    +
    • + +
  • +
    + hostname 3.15 - +
    +
      + +
    +
    • + +
  • +
    + bzip2 1.0.6-7 - +
    +
      + +
    +
    • + +
  • +
    + xz-utils 5.1.1alpha+20120614-2 - +
    +
      + +
    +
    • + +
  • +
    + cryptsetup 2:1.6.6-5 - +
    +
      + +
    +
    • + +
  • +
    + procps 2:3.3.9-9 - +
    +
      + +
    +
    • + +
  • +
    + libgcrypt20 1.6.3-2 - +
    +
      + +
    • + + CVE-2015-7511 +
      + Link +
      • + +
    +
    • + +
  • +
    + libtext-charwidth-perl 0.04-7 - +
    +
      + +
    +
    • + +
  • +
    + debconf 1.5.56 - +
    +
      + +
    +
    • + +
  • +
    + libtext-wrapi18n-perl 0.06-7 - +
    +
      + +
    +
    • + +
  • +
    + configobj 5.0.6-1 - +
    +
      + +
    +
    • + +
  • +
    + gmp 2:6.0.0+dfsg-6 - +
    +
      + +
    +
    • + +
  • +
    + sqlite3 3.8.7.1-1+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + sensible-utils 0.0.9 - +
    +
      + +
    +
    • + +
  • +
    + dpkg 1.17.26 - +
    +
      + +
    +
    • + +
  • +
    + libssh2 1.4.3-4.1 - +
    +
      + +
    • + + CVE-2016-0787 +
      + Link +
      • + +
    +
    • + +
  • +
    + binutils 2.25-5 - +
    +
      + +
    +
    • + +
  • +
    + p11-kit 0.20.7-1 - +
    +
      + +
    +
    • + +
  • +
    + netbase 5.3 - +
    +
      + +
    +
    • + +
  • +
    + bzr 2.6.0+bzr6595-6 - +
    +
      + +
    +
    • + +
  • +
    + mpfr4 3.1.2-2 - +
    +
      + +
    +
    • + +
+
+
+ +
+

sha256:685e6bc3c0cfae5498d9d040a2248198d3fbacf0807989e9fcd131de49a62eb1

+
+
+
    + +
  • +
    + pcre3 2:8.35-3.3 - +
    +
      + +
    • + + CVE-2015-8380 +
      The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8390 +
      PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8395 +
      PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392.
      + Link +
      • + +
    • + + CVE-2015-8387 +
      PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-2328 +
      PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8384 +
      PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-8389 +
      PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8388 +
      PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8391 +
      The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8394 +
      PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8386 +
      PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8392 +
      PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-2327 +
      PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8385 +
      PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-3191 +
      The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
      + Link +
      • + +
    • + + CVE-2015-8383 +
      PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8381 +
      The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-1283 +
      The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2014-9769 +
      pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset.
      + Link +
      • + +
    • + + CVE-2015-8382 +
      The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.
      + Link +
      • + +
    • + + CVE-2015-8393 +
      pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
      + Link +
      • + +
    • + + CVE-2015-2326 +
      + Link +
      • + +
    • + + CVE-2015-3210 +
      + Link +
      • + +
    • + + CVE-2015-2325 +
      + Link +
      • + +
    • + + CVE-2015-5073 +
      + Link +
      • + +
    • + + CVE-2015-3217 +
      + Link +
      • + +
    +
    • + +
  • +
    + linux 3.16.7-ckt20-1+deb8u2 - +
    +
      + +
    • + + CVE-2013-7445 +
      The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.
      + Link +
      • + +
    • + + CVE-2016-0728 +
      The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
      + Link +
      • + +
    • + + CVE-2015-8785 +
      The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.
      + Link +
      • + +
    • + + CVE-2015-8767 +
      net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
      + Link +
      • + +
    • + + CVE-2015-7566 +
      The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.
      + Link +
      • + +
    • + + CVE-2013-4312 +
      The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.
      + Link +
      • + +
    • + + CVE-2016-0821 +
      The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.
      + Link +
      • + +
    • + + CVE-2016-0723 +
      Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call.
      + Link +
      • + +
    • + + CVE-2016-3136 +
      + Link +
      • + +
    • + + CVE-2014-9717 +
      + Link +
      • + +
    • + + CVE-2016-3140 +
      + Link +
      • + +
    • + + CVE-2016-3139 +
      + Link +
      • + +
    • + + CVE-2016-2184 +
      + Link +
      • + +
    • + + CVE-2016-3137 +
      + Link +
      • + +
    • + + CVE-2016-2185 +
      + Link +
      • + +
    • + + CVE-2016-3138 +
      + Link +
      • + +
    • + + CVE-2016-2186 +
      + Link +
      • + +
    • + + CVE-2015-8830 +
      + Link +
      • + +
    • + + CVE-2015-7885 +
      The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.
      + Link +
      • + +
    • + + CVE-2015-4003 +
      The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2008-4609 +
      The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
      + Link +
      • + +
    • + + CVE-2004-0230 +
      TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.
      + Link +
      • + +
    • + + CVE-2015-4002 +
      drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions.
      + Link +
      • + +
    • + + CVE-2005-3660 +
      Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference.
      + Link +
      • + +
    • + + CVE-2010-4563 +
      The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping.
      + Link +
      • + +
    • + + CVE-2007-3719 +
      The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
      + Link +
      • + +
    • + + CVE-2016-2053 +
      + Link +
      • + +
    • + + CVE-2011-4917 +
      + Link +
      • + +
    • + + CVE-2011-4915 +
      + Link +
      • + +
    • + + CVE-2012-4542 +
      block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes.
      + Link +
      • + +
    • + + CVE-2015-2877 +
      + Link +
      • + +
    • + + CVE-2015-4004 +
      The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2015-4001 +
      Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet.
      + Link +
      • + +
    • + + CVE-2016-2085 +
      + Link +
      • + +
    • + + CVE-2015-8812 +
      + Link +
      • + +
    • + + CVE-2016-2117 +
      + Link +
      • + +
    • + + CVE-2016-3157 +
      + Link +
      • + +
    • + + CVE-2016-2188 +
      + Link +
      • + +
    • + + CVE-2016-3156 +
      + Link +
      • + +
    • + + CVE-2016-3134 +
      + Link +
      • + +
    • + + CVE-2016-3689 +
      + Link +
      • + +
    • + + CVE-2016-2544 +
      + Link +
      • + +
    • + + CVE-2016-2069 +
      + Link +
      • + +
    • + + CVE-2016-2384 +
      + Link +
      • + +
    • + + CVE-2016-3951 +
      + Link +
      • + +
    • + + CVE-2016-2547 +
      + Link +
      • + +
    • + + CVE-2016-2853 +
      + Link +
      • + +
    • + + CVE-2016-2543 +
      + Link +
      • + +
    • + + CVE-2015-8816 +
      + Link +
      • + +
    • + + CVE-2016-2546 +
      + Link +
      • + +
    • + + CVE-2016-2548 +
      + Link +
      • + +
    • + + CVE-2016-2143 +
      + Link +
      • + +
    • + + CVE-2015-7515 +
      + Link +
      • + +
    • + + CVE-2016-3672 +
      + Link +
      • + +
    • + + CVE-2016-2545 +
      + Link +
      • + +
    • + + CVE-2016-2847 +
      + Link +
      • + +
    • + + CVE-2016-2854 +
      + Link +
      • + +
    • + + CVE-2016-2549 +
      + Link +
      • + +
    • + + CVE-2015-1350 +
      + Link +
      • + +
    • + + CVE-2015-8553 +
      + Link +
      • + +
    • + + CVE-2015-8839 +
      + Link +
      • + +
    • + + CVE-2016-2782 +
      + Link +
      • + +
    • + + CVE-2016-2550 +
      + Link +
      • + +
    +
    • + +
  • +
    + openssh 1:6.7p1-5 - +
    +
      + +
    • + + CVE-2015-5600 +
      The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.
      + Link +
      • + +
    • + + CVE-2015-5352 +
      The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.
      + Link +
      • + +
    • + + CVE-2016-3115 +
      Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
      + Link +
      • + +
    • + + CVE-2015-6564 +
      Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
      + Link +
      • + +
    • + + CVE-2016-0778 +
      The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
      + Link +
      • + +
    • + + CVE-2016-0777 +
      The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
      + Link +
      • + +
    • + + CVE-2015-6563 +
      The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
      + Link +
      • + +
    • + + CVE-2007-2243 +
      OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.
      + Link +
      • + +
    • + + CVE-2008-3234 +
      sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.
      + Link +
      • + +
    • + + CVE-2007-2768 +
      OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.
      + Link +
      • + +
    • + + CVE-2016-1908 +
      + Link +
      • + +
    • + + CVE-2015-8325 +
      + Link +
      • + +
    +
    • + +
  • +
    + glibc 2.19-18+deb8u1 - +
    +
      + +
    • + + CVE-2015-5277 +
      The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.
      + Link +
      • + +
    • + + CVE-2016-2856 +
      pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option.
      + Link +
      • + +
    • + + CVE-2014-8121 +
      DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.
      + Link +
      • + +
    • + + CVE-2015-7547 +
      Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
      + Link +
      • + +
    • + + CVE-2015-5180 +
      + Link +
      • + +
    • + + CVE-2013-2207 +
      pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
      + Link +
      • + +
    • + + CVE-2015-8777 +
      The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
      + Link +
      • + +
    • + + CVE-2010-4756 +
      The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
      + Link +
      • + +
    • + + CVE-2010-4052 +
      Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
      + Link +
      • + +
    • + + CVE-2010-4051 +
      The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
      + Link +
      • + +
    • + + CVE-2016-1234 +
      + Link +
      • + +
    • + + CVE-2015-8776 +
      + Link +
      • + +
    • + + CVE-2015-8778 +
      + Link +
      • + +
    • + + CVE-2014-9761 +
      + Link +
      • + +
    • + + CVE-2016-3075 +
      + Link +
      • + +
    • + + CVE-2015-8779 +
      + Link +
      • + +
    +
    • + +
  • +
    + openssl 1.0.1k-3+deb8u2 - +
    +
      + +
    • + + CVE-2016-2842 +
      The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.
      + Link +
      • + +
    • + + CVE-2016-0705 +
      Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
      + Link +
      • + +
    • + + CVE-2016-0799 +
      The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.
      + Link +
      • + +
    • + + CVE-2016-0798 +
      Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.
      + Link +
      • + +
    • + + CVE-2016-0797 +
      Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.
      + Link +
      • + +
    • + + CVE-2016-0702 +
      The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.
      + Link +
      • + +
    • + + CVE-2010-0928 +
      OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."
      + Link +
      • + +
    • + + CVE-2007-6755 +
      The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + krb5 1.12.1+dfsg-19+deb8u1 - +
    +
      + +
    • + + CVE-2015-8631 +
      Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.
      + Link +
      • + +
    • + + CVE-2015-2694 +
      The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.
      + Link +
      • + +
    • + + CVE-2015-8630 +
      The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.
      + Link +
      • + +
    • + + CVE-2016-3119 +
      The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
      + Link +
      • + +
    • + + CVE-2015-8629 +
      The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
      + Link +
      • + +
    • + + CVE-2004-0971 +
      The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
      + Link +
      • + +
    +
    • + +
  • +
    + nettle 2.7.1-5 - +
    +
      + +
    • + + CVE-2015-8803 +
      The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
      + Link +
      • + +
    • + + CVE-2015-8805 +
      The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.
      + Link +
      • + +
    • + + CVE-2015-8804 +
      x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + icu 52.1-8+deb8u3 - +
    +
      + +
    • + + CVE-2015-4844 +
      Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2016-0494 +
      Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2015-2632 +
      Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
      + Link +
      • + +
    +
    • + +
  • +
    + git 1:2.1.4-2.1+deb8u1 - +
    +
      + +
    • + + CVE-2016-2315 +
      revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
      + Link +
      • + +
    • + + CVE-2016-2324 +
      Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
      + Link +
      • + +
    +
    • + +
  • +
    + perl 5.20.2-3+deb8u1 - +
    +
      + +
    • + + CVE-2015-8607 +
      The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
      + Link +
      • + +
    • + + CVE-2011-4116 +
      + Link +
      • + +
    • + + CVE-2012-3878 +
      + Link +
      • + +
    • + + CVE-2016-2381 +
      Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
      + Link +
      • + +
    +
    • + +
  • +
    + apt 1.0.9.8.1 - +
    +
      + +
    • + + CVE-2011-3374 +
      + Link +
      • + +
    • + + CVE-2012-3587 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack.
      + Link +
      • + +
    • + + CVE-2012-0954 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587.
      + Link +
      • + +
    +
    • + +
  • +
    + curl 7.38.0-4+deb8u2 - +
    +
      + +
    • + + CVE-2016-0755 +
      The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
      + Link +
      • + +
    +
    • + +
  • +
    + libidn 1.29-1 - +
    +
      + +
    • + + CVE-2015-2059 +
      The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.
      + Link +
      • + +
    +
    • + +
  • +
    + util-linux 2.25.2-6 - +
    +
      + +
    • + + CVE-2015-5224 +
      + Link +
      • + +
    • + + CVE-2016-2779 +
      + Link +
      • + +
    • + + CVE-2015-5218 +
      Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.
      + Link +
      • + +
    +
    • + +
  • +
    + gnutls28 3.3.8-6+deb8u3 - +
    +
      + +
    • + + CVE-2011-3389 +
      The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
      + Link +
      • + +
    +
    • + +
  • +
    + gcc-4.9 4.9.2-10 - +
    +
      + +
    • + + CVE-2015-5276 +
      The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + pam 1.1.8-3.1 - +
    +
      + +
    • + + CVE-2015-3238 +
      The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
      + Link +
      • + +
    +
    • + +
  • +
    + systemd 215-17+deb8u2 - +
    +
      + +
    • + + CVE-2013-4392 +
      systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.
      + Link +
      • + +
    • + + CVE-2015-8842 +
      + Link +
      • + +
    +
    • + +
  • +
    + shadow 1:4.2-3 - +
    +
      + +
    • + + CVE-2013-4235 +
      + Link +
      • + +
    • + + CVE-2007-5686 +
      initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.
      + Link +
      • + +
    +
    • + +
  • +
    + openldap 2.4.40+dfsg-1+deb8u1 - +
    +
      + +
    • + + CVE-2015-3276 +
      The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + wget 1.16-1 - +
    +
      + +
    • + + CVE-2006-6719 +
      The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.
      + Link +
      • + +
    +
    • + +
  • +
    + expat 2.1.0-6+deb8u1 - +
    +
      + +
    • + + CVE-2013-0340 +
      expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + tar 1.27.1-2 - +
    +
      + +
    • + + CVE-2005-2541 +
      Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
      + Link +
      • + +
    +
    • + +
  • +
    + audit 1:2.4-1 - +
    +
      + +
    • + + CVE-2015-5186 +
      + Link +
      • + +
    +
    • + +
  • +
    + libbsd 0.7.0-2 - +
    +
      + +
    • + + CVE-2016-2090 +
      + Link +
      • + +
    +
    • + +
  • +
    + python-defaults 2.7.9-1 - +
    +
      + +
    • + + CVE-2008-4108 +
      Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory.
      + Link +
      • + +
    +
    • + +
  • +
    + python2.7 2.7.9-2 - +
    +
      + +
    • + + CVE-2013-7040 +
      Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.
      + Link +
      • + +
    +
    • + +
  • +
    + mercurial 3.1.2-2+deb8u1 - +
    +
      + +
    • + + CVE-2016-3068 +
      + Link +
      • + +
    • + + CVE-2016-3069 +
      + Link +
      • + +
    • + + CVE-2016-3630 +
      + Link +
      • + +
    +
    • + +
  • +
    + coreutils 8.23-4 - +
    +
      + +
    • + + CVE-2016-2781 +
      + Link +
      • + +
    +
    • + +
  • +
    + liblocale-gettext-perl 1.05-8 - +
    +
      + +
    +
    • + +
  • +
    + gcc-4.8 4.8.4-1 - +
    +
      + +
    +
    • + +
  • +
    + serf 1.3.8-1 - +
    +
      + +
    +
    • + +
  • +
    + attr 1:2.4.47-2 - +
    +
      + +
    +
    • + +
  • +
    + sed 4.2.2-4 - +
    +
      + +
    +
    • + +
  • +
    + mpclib3 1.0.2-1 - +
    +
      + +
    +
    • + +
  • +
    + debconf 1.5.56 - +
    +
      + +
    +
    • + +
  • +
    + e2fsprogs 1.42.12-1.1 - +
    +
      + +
    +
    • + +
  • +
    + procps 2:3.3.9-9 - +
    +
      + +
    +
    • + +
  • +
    + apr 1.5.1-3 - +
    +
      + +
    +
    • + +
  • +
    + binutils 2.25-5 - +
    +
      + +
    +
    • + +
  • +
    + mime-support 3.58 - +
    +
      + +
    +
    • + +
  • +
    + findutils 4.4.2-9 - +
    +
      + +
    +
    • + +
  • +
    + debianutils 4.4 - +
    +
      + +
    +
    • + +
  • +
    + libtasn1-6 4.2-3+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + keyutils 1.5.9-5 - +
    +
      + +
    +
    • + +
  • +
    + diffutils 1:3.3-1 - +
    +
      + +
    +
    • + +
  • +
    + libcap2 1:2.24-8 - +
    +
      + +
    +
    • + +
  • +
    + netbase 5.3 - +
    +
      + +
    +
    • + +
  • +
    + cyrus-sasl2 2.1.26.dfsg1-13+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + explorercanvas 0.r3-3 - +
    +
      + +
    +
    • + +
  • +
    + base-passwd 3.5.37 - +
    +
      + +
    +
    • + +
  • +
    + inetutils 2:1.9.2.39.3a460-3 - +
    +
      + +
    +
    • + +
  • +
    + kmod 18-3 - +
    +
      + +
    +
    • + +
  • +
    + ucf 3.0030 - +
    +
      + +
    +
    • + +
  • +
    + lsb 4.1+Debian13+nmu1 - +
    +
      + +
    +
    • + +
  • +
    + libselinux 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + zlib 1:1.2.8.dfsg-2 - +
    +
      + +
    +
    • + +
  • +
    + libssh2 1.4.3-4.1 - +
    +
      + +
    • + + CVE-2016-0787 +
      + Link +
      • + +
    +
    • + +
  • +
    + gdbm 1.8.3-13.1 - +
    +
      + +
    +
    • + +
  • +
    + libsepol 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + iproute2 3.16.0-2 - +
    +
      + +
    +
    • + +
  • +
    + dash 0.5.7-4 - +
    +
      + +
    +
    • + +
  • +
    + make-dfsg 4.0-8.1 - +
    +
      + +
    +
    • + +
  • +
    + ustr 1.0.4-3 - +
    +
      + +
    +
    • + +
  • +
    + hostname 3.15 - +
    +
      + +
    +
    • + +
  • +
    + acl 2.2.52-2 - +
    +
      + +
    +
    • + +
  • +
    + debian-archive-keyring 2014.3 - +
    +
      + +
    +
    • + +
  • +
    + isl 0.12.2-2 - +
    +
      + +
    +
    • + +
  • +
    + cryptsetup 2:1.6.6-5 - +
    +
      + +
    +
    • + +
  • +
    + ncurses 5.9+20140913-1 - +
    +
      + +
    +
    • + +
  • +
    + grep 2.20-4.1 - +
    +
      + +
    +
    • + +
  • +
    + bzr 2.6.0+bzr6595-6 - +
    +
      + +
    +
    • + +
  • +
    + sensible-utils 0.0.9 - +
    +
      + +
    +
    • + +
  • +
    + mawk 1.3.3-17 - +
    +
      + +
    +
    • + +
  • +
    + sysvinit 2.88dsf-59 - +
    +
      + +
    +
    • + +
  • +
    + gmp 2:6.0.0+dfsg-6 - +
    +
      + +
    +
    • + +
  • +
    + libpsl 0.5.1-1 - +
    +
      + +
    +
    • + +
  • +
    + subversion 1.8.10-6+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + libtext-wrapi18n-perl 0.06-7 - +
    +
      + +
    +
    • + +
  • +
    + insserv 1.14.0-5 - +
    +
      + +
    +
    • + +
  • +
    + dpkg 1.17.26 - +
    +
      + +
    +
    • + +
  • +
    + configobj 5.0.6-1 - +
    +
      + +
    +
    • + +
  • +
    + rtmpdump 2.4+20150115.gita107cef-1 - +
    +
      + +
    +
    • + +
  • +
    + ca-certificates 20141019 - +
    +
      + +
    +
    • + +
  • +
    + lvm2 2.02.111-2.2 - +
    +
      + +
    +
    • + +
  • +
    + libtext-iconv-perl 1.7-5 - +
    +
      + +
    +
    • + +
  • +
    + six 1.8.0-1 - +
    +
      + +
    +
    • + +
  • +
    + liberror-perl 0.17-1.1 - +
    +
      + +
    +
    • + +
  • +
    + mpfr4 3.1.2-2 - +
    +
      + +
    +
    • + +
  • +
    + sqlite3 3.8.7.1-1+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + xz-utils 5.1.1alpha+20120614-2 - +
    +
      + +
    +
    • + +
  • +
    + cloog 0.18.2-1 - +
    +
      + +
    +
    • + +
  • +
    + libtext-charwidth-perl 0.04-7 - +
    +
      + +
    +
    • + +
  • +
    + init-system-helpers 1.22 - +
    +
      + +
    +
    • + +
  • +
    + libgpg-error 1.17-3 - +
    +
      + +
    +
    • + +
  • +
    + bzip2 1.0.6-7 - +
    +
      + +
    +
    • + +
  • +
    + libedit 3.1-20140620-2 - +
    +
      + +
    +
    • + +
  • +
    + libsemanage 2.3-1 - +
    +
      + +
    +
    • + +
  • +
    + gnupg 1.4.18-7 - +
    +
      + +
    +
    • + +
  • +
    + tzdata 2015g-0+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + libffi 3.1-2 - +
    +
      + +
    +
    • + +
  • +
    + startpar 0.59-3 - +
    +
      + +
    +
    • + +
  • +
    + slang2 2.3.0-2 - +
    +
      + +
    +
    • + +
  • +
    + libgcrypt20 1.6.3-2 - +
    +
      + +
    • + + CVE-2015-7511 +
      + Link +
      • + +
    +
    • + +
  • +
    + db5.3 5.3.28-9 - +
    +
      + +
    +
    • + +
  • +
    + adduser 3.113+nmu3 - +
    +
      + +
    +
    • + +
  • +
    + p11-kit 0.20.7-1 - +
    +
      + +
    +
    • + +
  • +
    + base-files 8+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + apr-util 1.5.4-1 - +
    +
      + +
    +
    • + +
  • +
    + gcc-defaults 1.136 - +
    +
      + +
    +
    • + +
  • +
    + gzip 1.6-4 - +
    +
      + +
    +
    • + +
  • +
    + libusb 2:0.1.12-25 - +
    +
      + +
    +
    • + +
  • +
    + readline6 6.3-8 - +
    +
      + +
    +
    • + +
  • +
    + cdebconf 0.192 - +
    +
      + +
    +
    • + +
  • +
    + bash 4.3-11 - +
    +
      + +
    +
    • + +
+
+
+ +
+

sha256:099ca01b81b831a7c24c755904abf8d76b8ded3b56bd0b4941fa71a990c49b1b

+
+
+
    + +
  • +
    + pcre3 2:8.35-3.3 - +
    +
      + +
    • + + CVE-2015-8380 +
      The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8390 +
      PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8395 +
      PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392.
      + Link +
      • + +
    • + + CVE-2015-8387 +
      PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-2328 +
      PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8384 +
      PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-8389 +
      PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8388 +
      PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8391 +
      The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8394 +
      PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8386 +
      PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8392 +
      PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-2327 +
      PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8385 +
      PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-3191 +
      The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
      + Link +
      • + +
    • + + CVE-2015-8383 +
      PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8381 +
      The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-1283 +
      The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2014-9769 +
      pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset.
      + Link +
      • + +
    • + + CVE-2015-8382 +
      The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.
      + Link +
      • + +
    • + + CVE-2015-8393 +
      pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
      + Link +
      • + +
    • + + CVE-2015-2326 +
      + Link +
      • + +
    • + + CVE-2015-3210 +
      + Link +
      • + +
    • + + CVE-2015-2325 +
      + Link +
      • + +
    • + + CVE-2015-5073 +
      + Link +
      • + +
    • + + CVE-2015-3217 +
      + Link +
      • + +
    +
    • + +
  • +
    + linux 3.16.7-ckt20-1+deb8u2 - +
    +
      + +
    • + + CVE-2013-7445 +
      The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.
      + Link +
      • + +
    • + + CVE-2016-0728 +
      The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
      + Link +
      • + +
    • + + CVE-2015-8785 +
      The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.
      + Link +
      • + +
    • + + CVE-2015-8767 +
      net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
      + Link +
      • + +
    • + + CVE-2015-7566 +
      The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.
      + Link +
      • + +
    • + + CVE-2013-4312 +
      The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.
      + Link +
      • + +
    • + + CVE-2016-0821 +
      The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.
      + Link +
      • + +
    • + + CVE-2016-0723 +
      Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call.
      + Link +
      • + +
    • + + CVE-2016-3136 +
      + Link +
      • + +
    • + + CVE-2014-9717 +
      + Link +
      • + +
    • + + CVE-2016-3140 +
      + Link +
      • + +
    • + + CVE-2016-3139 +
      + Link +
      • + +
    • + + CVE-2016-2184 +
      + Link +
      • + +
    • + + CVE-2016-3137 +
      + Link +
      • + +
    • + + CVE-2016-2185 +
      + Link +
      • + +
    • + + CVE-2016-3138 +
      + Link +
      • + +
    • + + CVE-2016-2186 +
      + Link +
      • + +
    • + + CVE-2015-8830 +
      + Link +
      • + +
    • + + CVE-2015-7885 +
      The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.
      + Link +
      • + +
    • + + CVE-2015-4003 +
      The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2008-4609 +
      The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
      + Link +
      • + +
    • + + CVE-2004-0230 +
      TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.
      + Link +
      • + +
    • + + CVE-2015-4002 +
      drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions.
      + Link +
      • + +
    • + + CVE-2005-3660 +
      Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference.
      + Link +
      • + +
    • + + CVE-2010-4563 +
      The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping.
      + Link +
      • + +
    • + + CVE-2007-3719 +
      The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
      + Link +
      • + +
    • + + CVE-2016-2053 +
      + Link +
      • + +
    • + + CVE-2011-4917 +
      + Link +
      • + +
    • + + CVE-2011-4915 +
      + Link +
      • + +
    • + + CVE-2012-4542 +
      block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes.
      + Link +
      • + +
    • + + CVE-2015-2877 +
      + Link +
      • + +
    • + + CVE-2015-4004 +
      The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2015-4001 +
      Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet.
      + Link +
      • + +
    • + + CVE-2016-2085 +
      + Link +
      • + +
    • + + CVE-2015-8812 +
      + Link +
      • + +
    • + + CVE-2016-2117 +
      + Link +
      • + +
    • + + CVE-2016-3157 +
      + Link +
      • + +
    • + + CVE-2016-2188 +
      + Link +
      • + +
    • + + CVE-2016-3156 +
      + Link +
      • + +
    • + + CVE-2016-3134 +
      + Link +
      • + +
    • + + CVE-2016-3689 +
      + Link +
      • + +
    • + + CVE-2016-2544 +
      + Link +
      • + +
    • + + CVE-2016-2069 +
      + Link +
      • + +
    • + + CVE-2016-2384 +
      + Link +
      • + +
    • + + CVE-2016-3951 +
      + Link +
      • + +
    • + + CVE-2016-2547 +
      + Link +
      • + +
    • + + CVE-2016-2853 +
      + Link +
      • + +
    • + + CVE-2016-2543 +
      + Link +
      • + +
    • + + CVE-2015-8816 +
      + Link +
      • + +
    • + + CVE-2016-2546 +
      + Link +
      • + +
    • + + CVE-2016-2548 +
      + Link +
      • + +
    • + + CVE-2016-2143 +
      + Link +
      • + +
    • + + CVE-2015-7515 +
      + Link +
      • + +
    • + + CVE-2016-3672 +
      + Link +
      • + +
    • + + CVE-2016-2545 +
      + Link +
      • + +
    • + + CVE-2016-2847 +
      + Link +
      • + +
    • + + CVE-2016-2854 +
      + Link +
      • + +
    • + + CVE-2016-2549 +
      + Link +
      • + +
    • + + CVE-2015-1350 +
      + Link +
      • + +
    • + + CVE-2015-8553 +
      + Link +
      • + +
    • + + CVE-2015-8839 +
      + Link +
      • + +
    • + + CVE-2016-2782 +
      + Link +
      • + +
    • + + CVE-2016-2550 +
      + Link +
      • + +
    +
    • + +
  • +
    + openssh 1:6.7p1-5 - +
    +
      + +
    • + + CVE-2015-5600 +
      The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.
      + Link +
      • + +
    • + + CVE-2015-5352 +
      The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.
      + Link +
      • + +
    • + + CVE-2016-3115 +
      Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
      + Link +
      • + +
    • + + CVE-2015-6564 +
      Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
      + Link +
      • + +
    • + + CVE-2016-0778 +
      The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
      + Link +
      • + +
    • + + CVE-2016-0777 +
      The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
      + Link +
      • + +
    • + + CVE-2015-6563 +
      The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
      + Link +
      • + +
    • + + CVE-2007-2243 +
      OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.
      + Link +
      • + +
    • + + CVE-2008-3234 +
      sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.
      + Link +
      • + +
    • + + CVE-2007-2768 +
      OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.
      + Link +
      • + +
    • + + CVE-2016-1908 +
      + Link +
      • + +
    • + + CVE-2015-8325 +
      + Link +
      • + +
    +
    • + +
  • +
    + glibc 2.19-18+deb8u1 - +
    +
      + +
    • + + CVE-2015-5277 +
      The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.
      + Link +
      • + +
    • + + CVE-2016-2856 +
      pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option.
      + Link +
      • + +
    • + + CVE-2014-8121 +
      DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.
      + Link +
      • + +
    • + + CVE-2015-7547 +
      Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
      + Link +
      • + +
    • + + CVE-2015-5180 +
      + Link +
      • + +
    • + + CVE-2013-2207 +
      pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
      + Link +
      • + +
    • + + CVE-2015-8777 +
      The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
      + Link +
      • + +
    • + + CVE-2010-4756 +
      The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
      + Link +
      • + +
    • + + CVE-2010-4052 +
      Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
      + Link +
      • + +
    • + + CVE-2010-4051 +
      The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
      + Link +
      • + +
    • + + CVE-2016-1234 +
      + Link +
      • + +
    • + + CVE-2015-8776 +
      + Link +
      • + +
    • + + CVE-2015-8778 +
      + Link +
      • + +
    • + + CVE-2014-9761 +
      + Link +
      • + +
    • + + CVE-2016-3075 +
      + Link +
      • + +
    • + + CVE-2015-8779 +
      + Link +
      • + +
    +
    • + +
  • +
    + openssl 1.0.1k-3+deb8u2 - +
    +
      + +
    • + + CVE-2016-2842 +
      The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.
      + Link +
      • + +
    • + + CVE-2016-0705 +
      Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
      + Link +
      • + +
    • + + CVE-2016-0799 +
      The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.
      + Link +
      • + +
    • + + CVE-2016-0798 +
      Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.
      + Link +
      • + +
    • + + CVE-2016-0797 +
      Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.
      + Link +
      • + +
    • + + CVE-2016-0702 +
      The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.
      + Link +
      • + +
    • + + CVE-2010-0928 +
      OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."
      + Link +
      • + +
    • + + CVE-2007-6755 +
      The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + krb5 1.12.1+dfsg-19+deb8u1 - +
    +
      + +
    • + + CVE-2015-8631 +
      Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.
      + Link +
      • + +
    • + + CVE-2015-2694 +
      The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.
      + Link +
      • + +
    • + + CVE-2015-8630 +
      The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.
      + Link +
      • + +
    • + + CVE-2016-3119 +
      The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
      + Link +
      • + +
    • + + CVE-2015-8629 +
      The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
      + Link +
      • + +
    • + + CVE-2004-0971 +
      The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
      + Link +
      • + +
    +
    • + +
  • +
    + nettle 2.7.1-5 - +
    +
      + +
    • + + CVE-2015-8803 +
      The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
      + Link +
      • + +
    • + + CVE-2015-8805 +
      The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.
      + Link +
      • + +
    • + + CVE-2015-8804 +
      x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + icu 52.1-8+deb8u3 - +
    +
      + +
    • + + CVE-2015-4844 +
      Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2016-0494 +
      Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2015-2632 +
      Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
      + Link +
      • + +
    +
    • + +
  • +
    + git 1:2.1.4-2.1+deb8u1 - +
    +
      + +
    • + + CVE-2016-2315 +
      revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
      + Link +
      • + +
    • + + CVE-2016-2324 +
      Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
      + Link +
      • + +
    +
    • + +
  • +
    + perl 5.20.2-3+deb8u1 - +
    +
      + +
    • + + CVE-2015-8607 +
      The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
      + Link +
      • + +
    • + + CVE-2011-4116 +
      + Link +
      • + +
    • + + CVE-2012-3878 +
      + Link +
      • + +
    • + + CVE-2016-2381 +
      Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
      + Link +
      • + +
    +
    • + +
  • +
    + gcc-4.9 4.9.2-10 - +
    +
      + +
    • + + CVE-2015-5276 +
      The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + libidn 1.29-1 - +
    +
      + +
    • + + CVE-2015-2059 +
      The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.
      + Link +
      • + +
    +
    • + +
  • +
    + pam 1.1.8-3.1 - +
    +
      + +
    • + + CVE-2015-3238 +
      The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
      + Link +
      • + +
    +
    • + +
  • +
    + apt 1.0.9.8.1 - +
    +
      + +
    • + + CVE-2011-3374 +
      + Link +
      • + +
    • + + CVE-2012-3587 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack.
      + Link +
      • + +
    • + + CVE-2012-0954 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587.
      + Link +
      • + +
    +
    • + +
  • +
    + util-linux 2.25.2-6 - +
    +
      + +
    • + + CVE-2015-5224 +
      + Link +
      • + +
    • + + CVE-2016-2779 +
      + Link +
      • + +
    • + + CVE-2015-5218 +
      Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.
      + Link +
      • + +
    +
    • + +
  • +
    + curl 7.38.0-4+deb8u2 - +
    +
      + +
    • + + CVE-2016-0755 +
      The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
      + Link +
      • + +
    +
    • + +
  • +
    + gnutls28 3.3.8-6+deb8u3 - +
    +
      + +
    • + + CVE-2011-3389 +
      The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
      + Link +
      • + +
    +
    • + +
  • +
    + shadow 1:4.2-3 - +
    +
      + +
    • + + CVE-2013-4235 +
      + Link +
      • + +
    • + + CVE-2007-5686 +
      initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.
      + Link +
      • + +
    +
    • + +
  • +
    + systemd 215-17+deb8u2 - +
    +
      + +
    • + + CVE-2013-4392 +
      systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.
      + Link +
      • + +
    • + + CVE-2015-8842 +
      + Link +
      • + +
    +
    • + +
  • +
    + tar 1.27.1-2 - +
    +
      + +
    • + + CVE-2005-2541 +
      Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
      + Link +
      • + +
    +
    • + +
  • +
    + openldap 2.4.40+dfsg-1+deb8u1 - +
    +
      + +
    • + + CVE-2015-3276 +
      The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + libbsd 0.7.0-2 - +
    +
      + +
    • + + CVE-2016-2090 +
      + Link +
      • + +
    +
    • + +
  • +
    + wget 1.16-1 - +
    +
      + +
    • + + CVE-2006-6719 +
      The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.
      + Link +
      • + +
    +
    • + +
  • +
    + python-defaults 2.7.9-1 - +
    +
      + +
    • + + CVE-2008-4108 +
      Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory.
      + Link +
      • + +
    +
    • + +
  • +
    + expat 2.1.0-6+deb8u1 - +
    +
      + +
    • + + CVE-2013-0340 +
      expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + audit 1:2.4-1 - +
    +
      + +
    • + + CVE-2015-5186 +
      + Link +
      • + +
    +
    • + +
  • +
    + python2.7 2.7.9-2 - +
    +
      + +
    • + + CVE-2013-7040 +
      Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.
      + Link +
      • + +
    +
    • + +
  • +
    + gzip 1.6-4 - +
    +
      + +
    +
    • + +
  • +
    + slang2 2.3.0-2 - +
    +
      + +
    +
    • + +
  • +
    + libselinux 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + grep 2.20-4.1 - +
    +
      + +
    +
    • + +
  • +
    + libgcrypt20 1.6.3-2 - +
    +
      + +
    • + + CVE-2015-7511 +
      + Link +
      • + +
    +
    • + +
  • +
    + six 1.8.0-1 - +
    +
      + +
    +
    • + +
  • +
    + insserv 1.14.0-5 - +
    +
      + +
    +
    • + +
  • +
    + cloog 0.18.2-1 - +
    +
      + +
    +
    • + +
  • +
    + coreutils 8.23-4 - +
    +
      + +
    • + + CVE-2016-2781 +
      + Link +
      • + +
    +
    • + +
  • +
    + e2fsprogs 1.42.12-1.1 - +
    +
      + +
    +
    • + +
  • +
    + isl 0.12.2-2 - +
    +
      + +
    +
    • + +
  • +
    + attr 1:2.4.47-2 - +
    +
      + +
    +
    • + +
  • +
    + liblocale-gettext-perl 1.05-8 - +
    +
      + +
    +
    • + +
  • +
    + cyrus-sasl2 2.1.26.dfsg1-13+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + acl 2.2.52-2 - +
    +
      + +
    +
    • + +
  • +
    + debconf 1.5.56 - +
    +
      + +
    +
    • + +
  • +
    + zlib 1:1.2.8.dfsg-2 - +
    +
      + +
    +
    • + +
  • +
    + libssh2 1.4.3-4.1 - +
    +
      + +
    • + + CVE-2016-0787 +
      + Link +
      • + +
    +
    • + +
  • +
    + libffi 3.1-2 - +
    +
      + +
    +
    • + +
  • +
    + lsb 4.1+Debian13+nmu1 - +
    +
      + +
    +
    • + +
  • +
    + ca-certificates 20141019 - +
    +
      + +
    +
    • + +
  • +
    + dash 0.5.7-4 - +
    +
      + +
    +
    • + +
  • +
    + p11-kit 0.20.7-1 - +
    +
      + +
    +
    • + +
  • +
    + readline6 6.3-8 - +
    +
      + +
    +
    • + +
  • +
    + tzdata 2015g-0+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + mawk 1.3.3-17 - +
    +
      + +
    +
    • + +
  • +
    + startpar 0.59-3 - +
    +
      + +
    +
    • + +
  • +
    + liberror-perl 0.17-1.1 - +
    +
      + +
    +
    • + +
  • +
    + sed 4.2.2-4 - +
    +
      + +
    +
    • + +
  • +
    + mpclib3 1.0.2-1 - +
    +
      + +
    +
    • + +
  • +
    + debian-archive-keyring 2014.3 - +
    +
      + +
    +
    • + +
  • +
    + procps 2:3.3.9-9 - +
    +
      + +
    +
    • + +
  • +
    + base-files 8+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + xz-utils 5.1.1alpha+20120614-2 - +
    +
      + +
    +
    • + +
  • +
    + libedit 3.1-20140620-2 - +
    +
      + +
    +
    • + +
  • +
    + adduser 3.113+nmu3 - +
    +
      + +
    +
    • + +
  • +
    + ncurses 5.9+20140913-1 - +
    +
      + +
    +
    • + +
  • +
    + dpkg 1.17.26 - +
    +
      + +
    +
    • + +
  • +
    + libpsl 0.5.1-1 - +
    +
      + +
    +
    • + +
  • +
    + libtasn1-6 4.2-3+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + gmp 2:6.0.0+dfsg-6 - +
    +
      + +
    +
    • + +
  • +
    + libusb 2:0.1.12-25 - +
    +
      + +
    +
    • + +
  • +
    + sqlite3 3.8.7.1-1+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + explorercanvas 0.r3-3 - +
    +
      + +
    +
    • + +
  • +
    + libgpg-error 1.17-3 - +
    +
      + +
    +
    • + +
  • +
    + rtmpdump 2.4+20150115.gita107cef-1 - +
    +
      + +
    +
    • + +
  • +
    + gdbm 1.8.3-13.1 - +
    +
      + +
    +
    • + +
  • +
    + findutils 4.4.2-9 - +
    +
      + +
    +
    • + +
  • +
    + base-passwd 3.5.37 - +
    +
      + +
    +
    • + +
  • +
    + ustr 1.0.4-3 - +
    +
      + +
    +
    • + +
  • +
    + libcap2 1:2.24-8 - +
    +
      + +
    +
    • + +
  • +
    + apr 1.5.1-3 - +
    +
      + +
    +
    • + +
  • +
    + apr-util 1.5.4-1 - +
    +
      + +
    +
    • + +
  • +
    + libsepol 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + libtext-wrapi18n-perl 0.06-7 - +
    +
      + +
    +
    • + +
  • +
    + debianutils 4.4 - +
    +
      + +
    +
    • + +
  • +
    + init-system-helpers 1.22 - +
    +
      + +
    +
    • + +
  • +
    + diffutils 1:3.3-1 - +
    +
      + +
    +
    • + +
  • +
    + gcc-4.8 4.8.4-1 - +
    +
      + +
    +
    • + +
  • +
    + bzip2 1.0.6-7 - +
    +
      + +
    +
    • + +
  • +
    + keyutils 1.5.9-5 - +
    +
      + +
    +
    • + +
  • +
    + serf 1.3.8-1 - +
    +
      + +
    +
    • + +
  • +
    + gcc-defaults 1.136 - +
    +
      + +
    +
    • + +
  • +
    + libsemanage 2.3-1 - +
    +
      + +
    +
    • + +
  • +
    + cdebconf 0.192 - +
    +
      + +
    +
    • + +
  • +
    + ucf 3.0030 - +
    +
      + +
    +
    • + +
  • +
    + subversion 1.8.10-6+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + lvm2 2.02.111-2.2 - +
    +
      + +
    +
    • + +
  • +
    + iproute2 3.16.0-2 - +
    +
      + +
    +
    • + +
  • +
    + hostname 3.15 - +
    +
      + +
    +
    • + +
  • +
    + gnupg 1.4.18-7 - +
    +
      + +
    +
    • + +
  • +
    + bzr 2.6.0+bzr6595-6 - +
    +
      + +
    +
    • + +
  • +
    + binutils 2.25-5 - +
    +
      + +
    +
    • + +
  • +
    + inetutils 2:1.9.2.39.3a460-3 - +
    +
      + +
    +
    • + +
  • +
    + kmod 18-3 - +
    +
      + +
    +
    • + +
  • +
    + sysvinit 2.88dsf-59 - +
    +
      + +
    +
    • + +
  • +
    + make-dfsg 4.0-8.1 - +
    +
      + +
    +
    • + +
  • +
    + libtext-charwidth-perl 0.04-7 - +
    +
      + +
    +
    • + +
  • +
    + mime-support 3.58 - +
    +
      + +
    +
    • + +
  • +
    + mercurial 3.1.2-2+deb8u1 - +
    +
      + +
    • + + CVE-2016-3068 +
      + Link +
      • + +
    • + + CVE-2016-3069 +
      + Link +
      • + +
    • + + CVE-2016-3630 +
      + Link +
      • + +
    +
    • + +
  • +
    + configobj 5.0.6-1 - +
    +
      + +
    +
    • + +
  • +
    + sensible-utils 0.0.9 - +
    +
      + +
    +
    • + +
  • +
    + cryptsetup 2:1.6.6-5 - +
    +
      + +
    +
    • + +
  • +
    + netbase 5.3 - +
    +
      + +
    +
    • + +
  • +
    + db5.3 5.3.28-9 - +
    +
      + +
    +
    • + +
  • +
    + bash 4.3-11 - +
    +
      + +
    +
    • + +
  • +
    + mpfr4 3.1.2-2 - +
    +
      + +
    +
    • + +
  • +
    + libtext-iconv-perl 1.7-5 - +
    +
      + +
    +
    • + +
+
+
+ +
+

sha256:4323cfe4a34cafb6531b86b597f2088efe536e6f71056eda6687566875d84841

+
+
+
    + +
  • +
    + pcre3 2:8.35-3.3 - +
    +
      + +
    • + + CVE-2015-8380 +
      The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8390 +
      PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8395 +
      PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392.
      + Link +
      • + +
    • + + CVE-2015-8387 +
      PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-2328 +
      PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8384 +
      PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-8389 +
      PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8388 +
      PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8391 +
      The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8394 +
      PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8386 +
      PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8392 +
      PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-2327 +
      PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8385 +
      PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-3191 +
      The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
      + Link +
      • + +
    • + + CVE-2015-8383 +
      PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8381 +
      The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-1283 +
      The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2014-9769 +
      pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset.
      + Link +
      • + +
    • + + CVE-2015-8382 +
      The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.
      + Link +
      • + +
    • + + CVE-2015-8393 +
      pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
      + Link +
      • + +
    • + + CVE-2015-2326 +
      + Link +
      • + +
    • + + CVE-2015-3210 +
      + Link +
      • + +
    • + + CVE-2015-2325 +
      + Link +
      • + +
    • + + CVE-2015-5073 +
      + Link +
      • + +
    • + + CVE-2015-3217 +
      + Link +
      • + +
    +
    • + +
  • +
    + linux 3.16.7-ckt20-1+deb8u2 - +
    +
      + +
    • + + CVE-2013-7445 +
      The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.
      + Link +
      • + +
    • + + CVE-2016-0728 +
      The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
      + Link +
      • + +
    • + + CVE-2015-8785 +
      The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.
      + Link +
      • + +
    • + + CVE-2015-8767 +
      net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
      + Link +
      • + +
    • + + CVE-2015-7566 +
      The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.
      + Link +
      • + +
    • + + CVE-2013-4312 +
      The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.
      + Link +
      • + +
    • + + CVE-2016-0821 +
      The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.
      + Link +
      • + +
    • + + CVE-2016-0723 +
      Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call.
      + Link +
      • + +
    • + + CVE-2016-3136 +
      + Link +
      • + +
    • + + CVE-2014-9717 +
      + Link +
      • + +
    • + + CVE-2016-3140 +
      + Link +
      • + +
    • + + CVE-2016-3139 +
      + Link +
      • + +
    • + + CVE-2016-2184 +
      + Link +
      • + +
    • + + CVE-2016-3137 +
      + Link +
      • + +
    • + + CVE-2016-2185 +
      + Link +
      • + +
    • + + CVE-2016-3138 +
      + Link +
      • + +
    • + + CVE-2016-2186 +
      + Link +
      • + +
    • + + CVE-2015-8830 +
      + Link +
      • + +
    • + + CVE-2015-7885 +
      The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.
      + Link +
      • + +
    • + + CVE-2015-4003 +
      The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2008-4609 +
      The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
      + Link +
      • + +
    • + + CVE-2004-0230 +
      TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.
      + Link +
      • + +
    • + + CVE-2015-4002 +
      drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions.
      + Link +
      • + +
    • + + CVE-2005-3660 +
      Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference.
      + Link +
      • + +
    • + + CVE-2010-4563 +
      The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping.
      + Link +
      • + +
    • + + CVE-2007-3719 +
      The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
      + Link +
      • + +
    • + + CVE-2016-2053 +
      + Link +
      • + +
    • + + CVE-2011-4917 +
      + Link +
      • + +
    • + + CVE-2011-4915 +
      + Link +
      • + +
    • + + CVE-2012-4542 +
      block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes.
      + Link +
      • + +
    • + + CVE-2015-2877 +
      + Link +
      • + +
    • + + CVE-2015-4004 +
      The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2015-4001 +
      Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet.
      + Link +
      • + +
    • + + CVE-2016-2085 +
      + Link +
      • + +
    • + + CVE-2015-8812 +
      + Link +
      • + +
    • + + CVE-2016-2117 +
      + Link +
      • + +
    • + + CVE-2016-3157 +
      + Link +
      • + +
    • + + CVE-2016-2188 +
      + Link +
      • + +
    • + + CVE-2016-3156 +
      + Link +
      • + +
    • + + CVE-2016-3134 +
      + Link +
      • + +
    • + + CVE-2016-3689 +
      + Link +
      • + +
    • + + CVE-2016-2544 +
      + Link +
      • + +
    • + + CVE-2016-2069 +
      + Link +
      • + +
    • + + CVE-2016-2384 +
      + Link +
      • + +
    • + + CVE-2016-3951 +
      + Link +
      • + +
    • + + CVE-2016-2547 +
      + Link +
      • + +
    • + + CVE-2016-2853 +
      + Link +
      • + +
    • + + CVE-2016-2543 +
      + Link +
      • + +
    • + + CVE-2015-8816 +
      + Link +
      • + +
    • + + CVE-2016-2546 +
      + Link +
      • + +
    • + + CVE-2016-2548 +
      + Link +
      • + +
    • + + CVE-2016-2143 +
      + Link +
      • + +
    • + + CVE-2015-7515 +
      + Link +
      • + +
    • + + CVE-2016-3672 +
      + Link +
      • + +
    • + + CVE-2016-2545 +
      + Link +
      • + +
    • + + CVE-2016-2847 +
      + Link +
      • + +
    • + + CVE-2016-2854 +
      + Link +
      • + +
    • + + CVE-2016-2549 +
      + Link +
      • + +
    • + + CVE-2015-1350 +
      + Link +
      • + +
    • + + CVE-2015-8553 +
      + Link +
      • + +
    • + + CVE-2015-8839 +
      + Link +
      • + +
    • + + CVE-2016-2782 +
      + Link +
      • + +
    • + + CVE-2016-2550 +
      + Link +
      • + +
    +
    • + +
  • +
    + openssh 1:6.7p1-5 - +
    +
      + +
    • + + CVE-2015-5600 +
      The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.
      + Link +
      • + +
    • + + CVE-2015-5352 +
      The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.
      + Link +
      • + +
    • + + CVE-2016-3115 +
      Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
      + Link +
      • + +
    • + + CVE-2015-6564 +
      Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
      + Link +
      • + +
    • + + CVE-2016-0778 +
      The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
      + Link +
      • + +
    • + + CVE-2016-0777 +
      The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
      + Link +
      • + +
    • + + CVE-2015-6563 +
      The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
      + Link +
      • + +
    • + + CVE-2007-2243 +
      OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.
      + Link +
      • + +
    • + + CVE-2008-3234 +
      sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.
      + Link +
      • + +
    • + + CVE-2007-2768 +
      OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.
      + Link +
      • + +
    • + + CVE-2016-1908 +
      + Link +
      • + +
    • + + CVE-2015-8325 +
      + Link +
      • + +
    +
    • + +
  • +
    + openssl 1.0.1k-3+deb8u2 - +
    +
      + +
    • + + CVE-2016-2842 +
      The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.
      + Link +
      • + +
    • + + CVE-2016-0705 +
      Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
      + Link +
      • + +
    • + + CVE-2016-0799 +
      The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.
      + Link +
      • + +
    • + + CVE-2016-0798 +
      Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.
      + Link +
      • + +
    • + + CVE-2016-0797 +
      Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.
      + Link +
      • + +
    • + + CVE-2016-0702 +
      The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.
      + Link +
      • + +
    • + + CVE-2010-0928 +
      OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."
      + Link +
      • + +
    • + + CVE-2007-6755 +
      The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + glibc 2.19-18+deb8u1 - +
    +
      + +
    • + + CVE-2015-5277 +
      The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.
      + Link +
      • + +
    • + + CVE-2016-2856 +
      pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option.
      + Link +
      • + +
    • + + CVE-2014-8121 +
      DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.
      + Link +
      • + +
    • + + CVE-2015-7547 +
      Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
      + Link +
      • + +
    • + + CVE-2015-5180 +
      + Link +
      • + +
    • + + CVE-2013-2207 +
      pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
      + Link +
      • + +
    • + + CVE-2015-8777 +
      The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
      + Link +
      • + +
    • + + CVE-2010-4756 +
      The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
      + Link +
      • + +
    • + + CVE-2010-4052 +
      Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
      + Link +
      • + +
    • + + CVE-2010-4051 +
      The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
      + Link +
      • + +
    • + + CVE-2016-1234 +
      + Link +
      • + +
    • + + CVE-2015-8776 +
      + Link +
      • + +
    • + + CVE-2015-8778 +
      + Link +
      • + +
    • + + CVE-2014-9761 +
      + Link +
      • + +
    • + + CVE-2016-3075 +
      + Link +
      • + +
    • + + CVE-2015-8779 +
      + Link +
      • + +
    +
    • + +
  • +
    + krb5 1.12.1+dfsg-19+deb8u1 - +
    +
      + +
    • + + CVE-2015-8631 +
      Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.
      + Link +
      • + +
    • + + CVE-2015-2694 +
      The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.
      + Link +
      • + +
    • + + CVE-2015-8630 +
      The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.
      + Link +
      • + +
    • + + CVE-2016-3119 +
      The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
      + Link +
      • + +
    • + + CVE-2015-8629 +
      The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
      + Link +
      • + +
    • + + CVE-2004-0971 +
      The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
      + Link +
      • + +
    +
    • + +
  • +
    + nettle 2.7.1-5 - +
    +
      + +
    • + + CVE-2015-8803 +
      The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
      + Link +
      • + +
    • + + CVE-2015-8805 +
      The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.
      + Link +
      • + +
    • + + CVE-2015-8804 +
      x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + icu 52.1-8+deb8u3 - +
    +
      + +
    • + + CVE-2015-4844 +
      Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2016-0494 +
      Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2015-2632 +
      Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
      + Link +
      • + +
    +
    • + +
  • +
    + git 1:2.1.4-2.1+deb8u1 - +
    +
      + +
    • + + CVE-2016-2315 +
      revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
      + Link +
      • + +
    • + + CVE-2016-2324 +
      Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
      + Link +
      • + +
    +
    • + +
  • +
    + perl 5.20.2-3+deb8u1 - +
    +
      + +
    • + + CVE-2015-8607 +
      The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
      + Link +
      • + +
    • + + CVE-2011-4116 +
      + Link +
      • + +
    • + + CVE-2012-3878 +
      + Link +
      • + +
    • + + CVE-2016-2381 +
      Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
      + Link +
      • + +
    +
    • + +
  • +
    + libidn 1.29-1 - +
    +
      + +
    • + + CVE-2015-2059 +
      The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.
      + Link +
      • + +
    +
    • + +
  • +
    + gcc-4.9 4.9.2-10 - +
    +
      + +
    • + + CVE-2015-5276 +
      The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + pam 1.1.8-3.1 - +
    +
      + +
    • + + CVE-2015-3238 +
      The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
      + Link +
      • + +
    +
    • + +
  • +
    + util-linux 2.25.2-6 - +
    +
      + +
    • + + CVE-2015-5224 +
      + Link +
      • + +
    • + + CVE-2016-2779 +
      + Link +
      • + +
    • + + CVE-2015-5218 +
      Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.
      + Link +
      • + +
    +
    • + +
  • +
    + apt 1.0.9.8.1 - +
    +
      + +
    • + + CVE-2011-3374 +
      + Link +
      • + +
    • + + CVE-2012-3587 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack.
      + Link +
      • + +
    • + + CVE-2012-0954 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587.
      + Link +
      • + +
    +
    • + +
  • +
    + curl 7.38.0-4+deb8u2 - +
    +
      + +
    • + + CVE-2016-0755 +
      The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
      + Link +
      • + +
    +
    • + +
  • +
    + gnutls28 3.3.8-6+deb8u3 - +
    +
      + +
    • + + CVE-2011-3389 +
      The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
      + Link +
      • + +
    +
    • + +
  • +
    + systemd 215-17+deb8u2 - +
    +
      + +
    • + + CVE-2013-4392 +
      systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.
      + Link +
      • + +
    • + + CVE-2015-8842 +
      + Link +
      • + +
    +
    • + +
  • +
    + shadow 1:4.2-3 - +
    +
      + +
    • + + CVE-2013-4235 +
      + Link +
      • + +
    • + + CVE-2007-5686 +
      initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.
      + Link +
      • + +
    +
    • + +
  • +
    + python-defaults 2.7.9-1 - +
    +
      + +
    • + + CVE-2008-4108 +
      Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory.
      + Link +
      • + +
    +
    • + +
  • +
    + tar 1.27.1-2 - +
    +
      + +
    • + + CVE-2005-2541 +
      Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
      + Link +
      • + +
    +
    • + +
  • +
    + python2.7 2.7.9-2 - +
    +
      + +
    • + + CVE-2013-7040 +
      Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.
      + Link +
      • + +
    +
    • + +
  • +
    + audit 1:2.4-1 - +
    +
      + +
    • + + CVE-2015-5186 +
      + Link +
      • + +
    +
    • + +
  • +
    + openldap 2.4.40+dfsg-1+deb8u1 - +
    +
      + +
    • + + CVE-2015-3276 +
      The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + expat 2.1.0-6+deb8u1 - +
    +
      + +
    • + + CVE-2013-0340 +
      expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + wget 1.16-1 - +
    +
      + +
    • + + CVE-2006-6719 +
      The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.
      + Link +
      • + +
    +
    • + +
  • +
    + libbsd 0.7.0-2 - +
    +
      + +
    • + + CVE-2016-2090 +
      + Link +
      • + +
    +
    • + +
  • +
    + mawk 1.3.3-17 - +
    +
      + +
    +
    • + +
  • +
    + libssh2 1.4.3-4.1 - +
    +
      + +
    • + + CVE-2016-0787 +
      + Link +
      • + +
    +
    • + +
  • +
    + iproute2 3.16.0-2 - +
    +
      + +
    +
    • + +
  • +
    + libffi 3.1-2 - +
    +
      + +
    +
    • + +
  • +
    + rtmpdump 2.4+20150115.gita107cef-1 - +
    +
      + +
    +
    • + +
  • +
    + libcap2 1:2.24-8 - +
    +
      + +
    +
    • + +
  • +
    + zlib 1:1.2.8.dfsg-2 - +
    +
      + +
    +
    • + +
  • +
    + base-passwd 3.5.37 - +
    +
      + +
    +
    • + +
  • +
    + cdebconf 0.192 - +
    +
      + +
    +
    • + +
  • +
    + e2fsprogs 1.42.12-1.1 - +
    +
      + +
    +
    • + +
  • +
    + configobj 5.0.6-1 - +
    +
      + +
    +
    • + +
  • +
    + kmod 18-3 - +
    +
      + +
    +
    • + +
  • +
    + explorercanvas 0.r3-3 - +
    +
      + +
    +
    • + +
  • +
    + dpkg 1.17.26 - +
    +
      + +
    +
    • + +
  • +
    + libgcrypt20 1.6.3-2 - +
    +
      + +
    • + + CVE-2015-7511 +
      + Link +
      • + +
    +
    • + +
  • +
    + libselinux 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + subversion 1.8.10-6+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + bzr 2.6.0+bzr6595-6 - +
    +
      + +
    +
    • + +
  • +
    + libsepol 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + p11-kit 0.20.7-1 - +
    +
      + +
    +
    • + +
  • +
    + sqlite3 3.8.7.1-1+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + apr-util 1.5.4-1 - +
    +
      + +
    +
    • + +
  • +
    + diffutils 1:3.3-1 - +
    +
      + +
    +
    • + +
  • +
    + libpsl 0.5.1-1 - +
    +
      + +
    +
    • + +
  • +
    + ustr 1.0.4-3 - +
    +
      + +
    +
    • + +
  • +
    + libtasn1-6 4.2-3+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + libsemanage 2.3-1 - +
    +
      + +
    +
    • + +
  • +
    + bash 4.3-11 - +
    +
      + +
    +
    • + +
  • +
    + debconf 1.5.56 - +
    +
      + +
    +
    • + +
  • +
    + libtext-iconv-perl 1.7-5 - +
    +
      + +
    +
    • + +
  • +
    + slang2 2.3.0-2 - +
    +
      + +
    +
    • + +
  • +
    + lvm2 2.02.111-2.2 - +
    +
      + +
    +
    • + +
  • +
    + mpfr4 3.1.2-2 - +
    +
      + +
    +
    • + +
  • +
    + netbase 5.3 - +
    +
      + +
    +
    • + +
  • +
    + gzip 1.6-4 - +
    +
      + +
    +
    • + +
  • +
    + coreutils 8.23-4 - +
    +
      + +
    • + + CVE-2016-2781 +
      + Link +
      • + +
    +
    • + +
  • +
    + serf 1.3.8-1 - +
    +
      + +
    +
    • + +
  • +
    + keyutils 1.5.9-5 - +
    +
      + +
    +
    • + +
  • +
    + libtext-wrapi18n-perl 0.06-7 - +
    +
      + +
    +
    • + +
  • +
    + sysvinit 2.88dsf-59 - +
    +
      + +
    +
    • + +
  • +
    + libusb 2:0.1.12-25 - +
    +
      + +
    +
    • + +
  • +
    + inetutils 2:1.9.2.39.3a460-3 - +
    +
      + +
    +
    • + +
  • +
    + bzip2 1.0.6-7 - +
    +
      + +
    +
    • + +
  • +
    + acl 2.2.52-2 - +
    +
      + +
    +
    • + +
  • +
    + libgpg-error 1.17-3 - +
    +
      + +
    +
    • + +
  • +
    + libtext-charwidth-perl 0.04-7 - +
    +
      + +
    +
    • + +
  • +
    + ncurses 5.9+20140913-1 - +
    +
      + +
    +
    • + +
  • +
    + debian-archive-keyring 2014.3 - +
    +
      + +
    +
    • + +
  • +
    + six 1.8.0-1 - +
    +
      + +
    +
    • + +
  • +
    + liberror-perl 0.17-1.1 - +
    +
      + +
    +
    • + +
  • +
    + attr 1:2.4.47-2 - +
    +
      + +
    +
    • + +
  • +
    + mpclib3 1.0.2-1 - +
    +
      + +
    +
    • + +
  • +
    + libedit 3.1-20140620-2 - +
    +
      + +
    +
    • + +
  • +
    + gcc-defaults 1.136 - +
    +
      + +
    +
    • + +
  • +
    + readline6 6.3-8 - +
    +
      + +
    +
    • + +
  • +
    + insserv 1.14.0-5 - +
    +
      + +
    +
    • + +
  • +
    + lsb 4.1+Debian13+nmu1 - +
    +
      + +
    +
    • + +
  • +
    + gdbm 1.8.3-13.1 - +
    +
      + +
    +
    • + +
  • +
    + gnupg 1.4.18-7 - +
    +
      + +
    +
    • + +
  • +
    + xz-utils 5.1.1alpha+20120614-2 - +
    +
      + +
    +
    • + +
  • +
    + ca-certificates 20141019 - +
    +
      + +
    +
    • + +
  • +
    + cyrus-sasl2 2.1.26.dfsg1-13+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + binutils 2.25-5 - +
    +
      + +
    +
    • + +
  • +
    + cryptsetup 2:1.6.6-5 - +
    +
      + +
    +
    • + +
  • +
    + adduser 3.113+nmu3 - +
    +
      + +
    +
    • + +
  • +
    + tzdata 2015g-0+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + gcc-4.8 4.8.4-1 - +
    +
      + +
    +
    • + +
  • +
    + dash 0.5.7-4 - +
    +
      + +
    +
    • + +
  • +
    + db5.3 5.3.28-9 - +
    +
      + +
    +
    • + +
  • +
    + mercurial 3.1.2-2+deb8u1 - +
    +
      + +
    • + + CVE-2016-3068 +
      + Link +
      • + +
    • + + CVE-2016-3069 +
      + Link +
      • + +
    • + + CVE-2016-3630 +
      + Link +
      • + +
    +
    • + +
  • +
    + findutils 4.4.2-9 - +
    +
      + +
    +
    • + +
  • +
    + grep 2.20-4.1 - +
    +
      + +
    +
    • + +
  • +
    + liblocale-gettext-perl 1.05-8 - +
    +
      + +
    +
    • + +
  • +
    + hostname 3.15 - +
    +
      + +
    +
    • + +
  • +
    + sed 4.2.2-4 - +
    +
      + +
    +
    • + +
  • +
    + sensible-utils 0.0.9 - +
    +
      + +
    +
    • + +
  • +
    + ucf 3.0030 - +
    +
      + +
    +
    • + +
  • +
    + debianutils 4.4 - +
    +
      + +
    +
    • + +
  • +
    + procps 2:3.3.9-9 - +
    +
      + +
    +
    • + +
  • +
    + isl 0.12.2-2 - +
    +
      + +
    +
    • + +
  • +
    + make-dfsg 4.0-8.1 - +
    +
      + +
    +
    • + +
  • +
    + cloog 0.18.2-1 - +
    +
      + +
    +
    • + +
  • +
    + init-system-helpers 1.22 - +
    +
      + +
    +
    • + +
  • +
    + startpar 0.59-3 - +
    +
      + +
    +
    • + +
  • +
    + gmp 2:6.0.0+dfsg-6 - +
    +
      + +
    +
    • + +
  • +
    + apr 1.5.1-3 - +
    +
      + +
    +
    • + +
  • +
    + mime-support 3.58 - +
    +
      + +
    +
    • + +
  • +
    + base-files 8+deb8u2 - +
    +
      + +
    +
    • + +
+
+
+ +
+

sha256:c14dc11f457de7a2edf0b1a770ef8ce115b937e651c5e53a8a854d177c5e5a1b

+
+
+
    + +
  • +
    + pcre3 2:8.35-3.3 - +
    +
      + +
    • + + CVE-2015-8380 +
      The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8390 +
      PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8395 +
      PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392.
      + Link +
      • + +
    • + + CVE-2015-8387 +
      PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-2328 +
      PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8384 +
      PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-8389 +
      PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8388 +
      PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8391 +
      The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8394 +
      PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8386 +
      PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8392 +
      PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-2327 +
      PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8385 +
      PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-3191 +
      The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
      + Link +
      • + +
    • + + CVE-2015-8383 +
      PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8381 +
      The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-1283 +
      The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2014-9769 +
      pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset.
      + Link +
      • + +
    • + + CVE-2015-8382 +
      The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.
      + Link +
      • + +
    • + + CVE-2015-8393 +
      pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
      + Link +
      • + +
    • + + CVE-2015-2326 +
      + Link +
      • + +
    • + + CVE-2015-3210 +
      + Link +
      • + +
    • + + CVE-2015-2325 +
      + Link +
      • + +
    • + + CVE-2015-5073 +
      + Link +
      • + +
    • + + CVE-2015-3217 +
      + Link +
      • + +
    +
    • + +
  • +
    + linux 3.16.7-ckt20-1+deb8u2 - +
    +
      + +
    • + + CVE-2013-7445 +
      The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.
      + Link +
      • + +
    • + + CVE-2016-0728 +
      The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
      + Link +
      • + +
    • + + CVE-2015-8785 +
      The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.
      + Link +
      • + +
    • + + CVE-2015-8767 +
      net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
      + Link +
      • + +
    • + + CVE-2015-7566 +
      The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.
      + Link +
      • + +
    • + + CVE-2013-4312 +
      The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.
      + Link +
      • + +
    • + + CVE-2016-0821 +
      The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.
      + Link +
      • + +
    • + + CVE-2016-0723 +
      Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call.
      + Link +
      • + +
    • + + CVE-2016-3136 +
      + Link +
      • + +
    • + + CVE-2014-9717 +
      + Link +
      • + +
    • + + CVE-2016-3140 +
      + Link +
      • + +
    • + + CVE-2016-3139 +
      + Link +
      • + +
    • + + CVE-2016-2184 +
      + Link +
      • + +
    • + + CVE-2016-3137 +
      + Link +
      • + +
    • + + CVE-2016-2185 +
      + Link +
      • + +
    • + + CVE-2016-3138 +
      + Link +
      • + +
    • + + CVE-2016-2186 +
      + Link +
      • + +
    • + + CVE-2015-8830 +
      + Link +
      • + +
    • + + CVE-2015-7885 +
      The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.
      + Link +
      • + +
    • + + CVE-2015-4003 +
      The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2008-4609 +
      The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
      + Link +
      • + +
    • + + CVE-2004-0230 +
      TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.
      + Link +
      • + +
    • + + CVE-2015-4002 +
      drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions.
      + Link +
      • + +
    • + + CVE-2005-3660 +
      Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference.
      + Link +
      • + +
    • + + CVE-2010-4563 +
      The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping.
      + Link +
      • + +
    • + + CVE-2007-3719 +
      The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
      + Link +
      • + +
    • + + CVE-2016-2053 +
      + Link +
      • + +
    • + + CVE-2011-4917 +
      + Link +
      • + +
    • + + CVE-2011-4915 +
      + Link +
      • + +
    • + + CVE-2012-4542 +
      block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes.
      + Link +
      • + +
    • + + CVE-2015-2877 +
      + Link +
      • + +
    • + + CVE-2015-4004 +
      The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2015-4001 +
      Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet.
      + Link +
      • + +
    • + + CVE-2016-2085 +
      + Link +
      • + +
    • + + CVE-2015-8812 +
      + Link +
      • + +
    • + + CVE-2016-2117 +
      + Link +
      • + +
    • + + CVE-2016-3157 +
      + Link +
      • + +
    • + + CVE-2016-2188 +
      + Link +
      • + +
    • + + CVE-2016-3156 +
      + Link +
      • + +
    • + + CVE-2016-3134 +
      + Link +
      • + +
    • + + CVE-2016-3689 +
      + Link +
      • + +
    • + + CVE-2016-2544 +
      + Link +
      • + +
    • + + CVE-2016-2069 +
      + Link +
      • + +
    • + + CVE-2016-2384 +
      + Link +
      • + +
    • + + CVE-2016-3951 +
      + Link +
      • + +
    • + + CVE-2016-2547 +
      + Link +
      • + +
    • + + CVE-2016-2853 +
      + Link +
      • + +
    • + + CVE-2016-2543 +
      + Link +
      • + +
    • + + CVE-2015-8816 +
      + Link +
      • + +
    • + + CVE-2016-2546 +
      + Link +
      • + +
    • + + CVE-2016-2548 +
      + Link +
      • + +
    • + + CVE-2016-2143 +
      + Link +
      • + +
    • + + CVE-2015-7515 +
      + Link +
      • + +
    • + + CVE-2016-3672 +
      + Link +
      • + +
    • + + CVE-2016-2545 +
      + Link +
      • + +
    • + + CVE-2016-2847 +
      + Link +
      • + +
    • + + CVE-2016-2854 +
      + Link +
      • + +
    • + + CVE-2016-2549 +
      + Link +
      • + +
    • + + CVE-2015-1350 +
      + Link +
      • + +
    • + + CVE-2015-8553 +
      + Link +
      • + +
    • + + CVE-2015-8839 +
      + Link +
      • + +
    • + + CVE-2016-2782 +
      + Link +
      • + +
    • + + CVE-2016-2550 +
      + Link +
      • + +
    +
    • + +
  • +
    + openssh 1:6.7p1-5 - +
    +
      + +
    • + + CVE-2015-5600 +
      The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.
      + Link +
      • + +
    • + + CVE-2015-5352 +
      The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.
      + Link +
      • + +
    • + + CVE-2016-3115 +
      Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
      + Link +
      • + +
    • + + CVE-2015-6564 +
      Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
      + Link +
      • + +
    • + + CVE-2016-0778 +
      The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
      + Link +
      • + +
    • + + CVE-2016-0777 +
      The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
      + Link +
      • + +
    • + + CVE-2015-6563 +
      The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
      + Link +
      • + +
    • + + CVE-2007-2243 +
      OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.
      + Link +
      • + +
    • + + CVE-2008-3234 +
      sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.
      + Link +
      • + +
    • + + CVE-2007-2768 +
      OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.
      + Link +
      • + +
    • + + CVE-2016-1908 +
      + Link +
      • + +
    • + + CVE-2015-8325 +
      + Link +
      • + +
    +
    • + +
  • +
    + glibc 2.19-18+deb8u1 - +
    +
      + +
    • + + CVE-2015-5277 +
      The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.
      + Link +
      • + +
    • + + CVE-2016-2856 +
      pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option.
      + Link +
      • + +
    • + + CVE-2014-8121 +
      DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.
      + Link +
      • + +
    • + + CVE-2015-7547 +
      Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
      + Link +
      • + +
    • + + CVE-2015-5180 +
      + Link +
      • + +
    • + + CVE-2013-2207 +
      pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
      + Link +
      • + +
    • + + CVE-2015-8777 +
      The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
      + Link +
      • + +
    • + + CVE-2010-4756 +
      The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
      + Link +
      • + +
    • + + CVE-2010-4052 +
      Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
      + Link +
      • + +
    • + + CVE-2010-4051 +
      The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
      + Link +
      • + +
    • + + CVE-2016-1234 +
      + Link +
      • + +
    • + + CVE-2015-8776 +
      + Link +
      • + +
    • + + CVE-2015-8778 +
      + Link +
      • + +
    • + + CVE-2014-9761 +
      + Link +
      • + +
    • + + CVE-2016-3075 +
      + Link +
      • + +
    • + + CVE-2015-8779 +
      + Link +
      • + +
    +
    • + +
  • +
    + openssl 1.0.1k-3+deb8u2 - +
    +
      + +
    • + + CVE-2016-2842 +
      The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.
      + Link +
      • + +
    • + + CVE-2016-0705 +
      Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
      + Link +
      • + +
    • + + CVE-2016-0799 +
      The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.
      + Link +
      • + +
    • + + CVE-2016-0798 +
      Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.
      + Link +
      • + +
    • + + CVE-2016-0797 +
      Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.
      + Link +
      • + +
    • + + CVE-2016-0702 +
      The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.
      + Link +
      • + +
    • + + CVE-2010-0928 +
      OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."
      + Link +
      • + +
    • + + CVE-2007-6755 +
      The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + krb5 1.12.1+dfsg-19+deb8u1 - +
    +
      + +
    • + + CVE-2015-8631 +
      Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.
      + Link +
      • + +
    • + + CVE-2015-2694 +
      The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.
      + Link +
      • + +
    • + + CVE-2015-8630 +
      The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.
      + Link +
      • + +
    • + + CVE-2016-3119 +
      The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
      + Link +
      • + +
    • + + CVE-2015-8629 +
      The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
      + Link +
      • + +
    • + + CVE-2004-0971 +
      The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
      + Link +
      • + +
    +
    • + +
  • +
    + nettle 2.7.1-5 - +
    +
      + +
    • + + CVE-2015-8803 +
      The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
      + Link +
      • + +
    • + + CVE-2015-8805 +
      The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.
      + Link +
      • + +
    • + + CVE-2015-8804 +
      x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + icu 52.1-8+deb8u3 - +
    +
      + +
    • + + CVE-2015-4844 +
      Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2016-0494 +
      Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2015-2632 +
      Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
      + Link +
      • + +
    +
    • + +
  • +
    + git 1:2.1.4-2.1+deb8u1 - +
    +
      + +
    • + + CVE-2016-2315 +
      revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
      + Link +
      • + +
    • + + CVE-2016-2324 +
      Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
      + Link +
      • + +
    +
    • + +
  • +
    + perl 5.20.2-3+deb8u1 - +
    +
      + +
    • + + CVE-2015-8607 +
      The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
      + Link +
      • + +
    • + + CVE-2011-4116 +
      + Link +
      • + +
    • + + CVE-2012-3878 +
      + Link +
      • + +
    • + + CVE-2016-2381 +
      Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
      + Link +
      • + +
    +
    • + +
  • +
    + curl 7.38.0-4+deb8u2 - +
    +
      + +
    • + + CVE-2016-0755 +
      The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
      + Link +
      • + +
    +
    • + +
  • +
    + pam 1.1.8-3.1 - +
    +
      + +
    • + + CVE-2015-3238 +
      The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
      + Link +
      • + +
    +
    • + +
  • +
    + libidn 1.29-1 - +
    +
      + +
    • + + CVE-2015-2059 +
      The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.
      + Link +
      • + +
    +
    • + +
  • +
    + apt 1.0.9.8.1 - +
    +
      + +
    • + + CVE-2011-3374 +
      + Link +
      • + +
    • + + CVE-2012-3587 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack.
      + Link +
      • + +
    • + + CVE-2012-0954 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587.
      + Link +
      • + +
    +
    • + +
  • +
    + gcc-4.9 4.9.2-10 - +
    +
      + +
    • + + CVE-2015-5276 +
      The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + util-linux 2.25.2-6 - +
    +
      + +
    • + + CVE-2015-5224 +
      + Link +
      • + +
    • + + CVE-2016-2779 +
      + Link +
      • + +
    • + + CVE-2015-5218 +
      Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.
      + Link +
      • + +
    +
    • + +
  • +
    + gnutls28 3.3.8-6+deb8u3 - +
    +
      + +
    • + + CVE-2011-3389 +
      The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
      + Link +
      • + +
    +
    • + +
  • +
    + shadow 1:4.2-3 - +
    +
      + +
    • + + CVE-2013-4235 +
      + Link +
      • + +
    • + + CVE-2007-5686 +
      initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.
      + Link +
      • + +
    +
    • + +
  • +
    + systemd 215-17+deb8u2 - +
    +
      + +
    • + + CVE-2013-4392 +
      systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.
      + Link +
      • + +
    • + + CVE-2015-8842 +
      + Link +
      • + +
    +
    • + +
  • +
    + tar 1.27.1-2 - +
    +
      + +
    • + + CVE-2005-2541 +
      Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
      + Link +
      • + +
    +
    • + +
  • +
    + expat 2.1.0-6+deb8u1 - +
    +
      + +
    • + + CVE-2013-0340 +
      expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + libbsd 0.7.0-2 - +
    +
      + +
    • + + CVE-2016-2090 +
      + Link +
      • + +
    +
    • + +
  • +
    + python2.7 2.7.9-2 - +
    +
      + +
    • + + CVE-2013-7040 +
      Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.
      + Link +
      • + +
    +
    • + +
  • +
    + openldap 2.4.40+dfsg-1+deb8u1 - +
    +
      + +
    • + + CVE-2015-3276 +
      The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + audit 1:2.4-1 - +
    +
      + +
    • + + CVE-2015-5186 +
      + Link +
      • + +
    +
    • + +
  • +
    + wget 1.16-1 - +
    +
      + +
    • + + CVE-2006-6719 +
      The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.
      + Link +
      • + +
    +
    • + +
  • +
    + python-defaults 2.7.9-1 - +
    +
      + +
    • + + CVE-2008-4108 +
      Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory.
      + Link +
      • + +
    +
    • + +
  • +
    + gdbm 1.8.3-13.1 - +
    +
      + +
    +
    • + +
  • +
    + debian-archive-keyring 2014.3 - +
    +
      + +
    +
    • + +
  • +
    + keyutils 1.5.9-5 - +
    +
      + +
    +
    • + +
  • +
    + p11-kit 0.20.7-1 - +
    +
      + +
    +
    • + +
  • +
    + libtext-wrapi18n-perl 0.06-7 - +
    +
      + +
    +
    • + +
  • +
    + dash 0.5.7-4 - +
    +
      + +
    +
    • + +
  • +
    + ncurses 5.9+20140913-1 - +
    +
      + +
    +
    • + +
  • +
    + mime-support 3.58 - +
    +
      + +
    +
    • + +
  • +
    + zlib 1:1.2.8.dfsg-2 - +
    +
      + +
    +
    • + +
  • +
    + gnupg 1.4.18-7 - +
    +
      + +
    +
    • + +
  • +
    + kmod 18-3 - +
    +
      + +
    +
    • + +
  • +
    + mpclib3 1.0.2-1 - +
    +
      + +
    +
    • + +
  • +
    + base-passwd 3.5.37 - +
    +
      + +
    +
    • + +
  • +
    + slang2 2.3.0-2 - +
    +
      + +
    +
    • + +
  • +
    + grep 2.20-4.1 - +
    +
      + +
    +
    • + +
  • +
    + bzip2 1.0.6-7 - +
    +
      + +
    +
    • + +
  • +
    + isl 0.12.2-2 - +
    +
      + +
    +
    • + +
  • +
    + libpsl 0.5.1-1 - +
    +
      + +
    +
    • + +
  • +
    + base-files 8+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + libcap2 1:2.24-8 - +
    +
      + +
    +
    • + +
  • +
    + findutils 4.4.2-9 - +
    +
      + +
    +
    • + +
  • +
    + attr 1:2.4.47-2 - +
    +
      + +
    +
    • + +
  • +
    + hostname 3.15 - +
    +
      + +
    +
    • + +
  • +
    + init-system-helpers 1.22 - +
    +
      + +
    +
    • + +
  • +
    + insserv 1.14.0-5 - +
    +
      + +
    +
    • + +
  • +
    + xz-utils 5.1.1alpha+20120614-2 - +
    +
      + +
    +
    • + +
  • +
    + debianutils 4.4 - +
    +
      + +
    +
    • + +
  • +
    + libedit 3.1-20140620-2 - +
    +
      + +
    +
    • + +
  • +
    + apr 1.5.1-3 - +
    +
      + +
    +
    • + +
  • +
    + libffi 3.1-2 - +
    +
      + +
    +
    • + +
  • +
    + libsemanage 2.3-1 - +
    +
      + +
    +
    • + +
  • +
    + gmp 2:6.0.0+dfsg-6 - +
    +
      + +
    +
    • + +
  • +
    + inetutils 2:1.9.2.39.3a460-3 - +
    +
      + +
    +
    • + +
  • +
    + tzdata 2015g-0+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + db5.3 5.3.28-9 - +
    +
      + +
    +
    • + +
  • +
    + rtmpdump 2.4+20150115.gita107cef-1 - +
    +
      + +
    +
    • + +
  • +
    + libssh2 1.4.3-4.1 - +
    +
      + +
    • + + CVE-2016-0787 +
      + Link +
      • + +
    +
    • + +
  • +
    + configobj 5.0.6-1 - +
    +
      + +
    +
    • + +
  • +
    + ustr 1.0.4-3 - +
    +
      + +
    +
    • + +
  • +
    + libtext-iconv-perl 1.7-5 - +
    +
      + +
    +
    • + +
  • +
    + startpar 0.59-3 - +
    +
      + +
    +
    • + +
  • +
    + netbase 5.3 - +
    +
      + +
    +
    • + +
  • +
    + sqlite3 3.8.7.1-1+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + mpfr4 3.1.2-2 - +
    +
      + +
    +
    • + +
  • +
    + cloog 0.18.2-1 - +
    +
      + +
    +
    • + +
  • +
    + libusb 2:0.1.12-25 - +
    +
      + +
    +
    • + +
  • +
    + acl 2.2.52-2 - +
    +
      + +
    +
    • + +
  • +
    + libgcrypt20 1.6.3-2 - +
    +
      + +
    • + + CVE-2015-7511 +
      + Link +
      • + +
    +
    • + +
  • +
    + cyrus-sasl2 2.1.26.dfsg1-13+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + libtasn1-6 4.2-3+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + cryptsetup 2:1.6.6-5 - +
    +
      + +
    +
    • + +
  • +
    + gzip 1.6-4 - +
    +
      + +
    +
    • + +
  • +
    + lsb 4.1+Debian13+nmu1 - +
    +
      + +
    +
    • + +
  • +
    + libtext-charwidth-perl 0.04-7 - +
    +
      + +
    +
    • + +
  • +
    + libsepol 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + apr-util 1.5.4-1 - +
    +
      + +
    +
    • + +
  • +
    + gcc-defaults 1.136 - +
    +
      + +
    +
    • + +
  • +
    + bash 4.3-11 - +
    +
      + +
    +
    • + +
  • +
    + serf 1.3.8-1 - +
    +
      + +
    +
    • + +
  • +
    + binutils 2.25-5 - +
    +
      + +
    +
    • + +
  • +
    + liberror-perl 0.17-1.1 - +
    +
      + +
    +
    • + +
  • +
    + coreutils 8.23-4 - +
    +
      + +
    • + + CVE-2016-2781 +
      + Link +
      • + +
    +
    • + +
  • +
    + mawk 1.3.3-17 - +
    +
      + +
    +
    • + +
  • +
    + liblocale-gettext-perl 1.05-8 - +
    +
      + +
    +
    • + +
  • +
    + adduser 3.113+nmu3 - +
    +
      + +
    +
    • + +
  • +
    + make-dfsg 4.0-8.1 - +
    +
      + +
    +
    • + +
  • +
    + readline6 6.3-8 - +
    +
      + +
    +
    • + +
  • +
    + explorercanvas 0.r3-3 - +
    +
      + +
    +
    • + +
  • +
    + sensible-utils 0.0.9 - +
    +
      + +
    +
    • + +
  • +
    + six 1.8.0-1 - +
    +
      + +
    +
    • + +
  • +
    + debconf 1.5.56 - +
    +
      + +
    +
    • + +
  • +
    + libselinux 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + cdebconf 0.192 - +
    +
      + +
    +
    • + +
  • +
    + libgpg-error 1.17-3 - +
    +
      + +
    +
    • + +
  • +
    + sed 4.2.2-4 - +
    +
      + +
    +
    • + +
  • +
    + ca-certificates 20141019 - +
    +
      + +
    +
    • + +
  • +
    + e2fsprogs 1.42.12-1.1 - +
    +
      + +
    +
    • + +
  • +
    + dpkg 1.17.26 - +
    +
      + +
    +
    • + +
  • +
    + lvm2 2.02.111-2.2 - +
    +
      + +
    +
    • + +
  • +
    + procps 2:3.3.9-9 - +
    +
      + +
    +
    • + +
  • +
    + bzr 2.6.0+bzr6595-6 - +
    +
      + +
    +
    • + +
  • +
    + sysvinit 2.88dsf-59 - +
    +
      + +
    +
    • + +
  • +
    + subversion 1.8.10-6+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + ucf 3.0030 - +
    +
      + +
    +
    • + +
  • +
    + iproute2 3.16.0-2 - +
    +
      + +
    +
    • + +
  • +
    + gcc-4.8 4.8.4-1 - +
    +
      + +
    +
    • + +
  • +
    + mercurial 3.1.2-2+deb8u1 - +
    +
      + +
    • + + CVE-2016-3068 +
      + Link +
      • + +
    • + + CVE-2016-3069 +
      + Link +
      • + +
    • + + CVE-2016-3630 +
      + Link +
      • + +
    +
    • + +
  • +
    + diffutils 1:3.3-1 - +
    +
      + +
    +
    • + +
+
+
+ +
+

sha256:412879add0bfb870bca6a1319925e9c641981fae441c7a46df174c5adb73b4cc

+
+
+
    + +
  • +
    + pcre3 2:8.35-3.3 - +
    +
      + +
    • + + CVE-2015-8380 +
      The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8390 +
      PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8395 +
      PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392.
      + Link +
      • + +
    • + + CVE-2015-8387 +
      PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-2328 +
      PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8384 +
      PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-8389 +
      PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8388 +
      PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8391 +
      The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8394 +
      PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8386 +
      PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8392 +
      PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-2327 +
      PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8385 +
      PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-3191 +
      The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
      + Link +
      • + +
    • + + CVE-2015-8383 +
      PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8381 +
      The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-1283 +
      The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2014-9769 +
      pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset.
      + Link +
      • + +
    • + + CVE-2015-8382 +
      The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.
      + Link +
      • + +
    • + + CVE-2015-8393 +
      pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
      + Link +
      • + +
    • + + CVE-2015-2326 +
      + Link +
      • + +
    • + + CVE-2015-3210 +
      + Link +
      • + +
    • + + CVE-2015-2325 +
      + Link +
      • + +
    • + + CVE-2015-5073 +
      + Link +
      • + +
    • + + CVE-2015-3217 +
      + Link +
      • + +
    +
    • + +
  • +
    + linux 3.16.7-ckt20-1+deb8u2 - +
    +
      + +
    • + + CVE-2013-7445 +
      The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.
      + Link +
      • + +
    • + + CVE-2016-0728 +
      The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
      + Link +
      • + +
    • + + CVE-2015-8785 +
      The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.
      + Link +
      • + +
    • + + CVE-2015-8767 +
      net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
      + Link +
      • + +
    • + + CVE-2015-7566 +
      The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.
      + Link +
      • + +
    • + + CVE-2013-4312 +
      The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.
      + Link +
      • + +
    • + + CVE-2016-0821 +
      The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.
      + Link +
      • + +
    • + + CVE-2016-0723 +
      Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call.
      + Link +
      • + +
    • + + CVE-2016-3136 +
      + Link +
      • + +
    • + + CVE-2014-9717 +
      + Link +
      • + +
    • + + CVE-2016-3140 +
      + Link +
      • + +
    • + + CVE-2016-3139 +
      + Link +
      • + +
    • + + CVE-2016-2184 +
      + Link +
      • + +
    • + + CVE-2016-3137 +
      + Link +
      • + +
    • + + CVE-2016-2185 +
      + Link +
      • + +
    • + + CVE-2016-3138 +
      + Link +
      • + +
    • + + CVE-2016-2186 +
      + Link +
      • + +
    • + + CVE-2015-8830 +
      + Link +
      • + +
    • + + CVE-2015-7885 +
      The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.
      + Link +
      • + +
    • + + CVE-2015-4003 +
      The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2008-4609 +
      The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
      + Link +
      • + +
    • + + CVE-2004-0230 +
      TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.
      + Link +
      • + +
    • + + CVE-2015-4002 +
      drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions.
      + Link +
      • + +
    • + + CVE-2005-3660 +
      Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference.
      + Link +
      • + +
    • + + CVE-2010-4563 +
      The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping.
      + Link +
      • + +
    • + + CVE-2007-3719 +
      The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
      + Link +
      • + +
    • + + CVE-2016-2053 +
      + Link +
      • + +
    • + + CVE-2011-4917 +
      + Link +
      • + +
    • + + CVE-2011-4915 +
      + Link +
      • + +
    • + + CVE-2012-4542 +
      block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes.
      + Link +
      • + +
    • + + CVE-2015-2877 +
      + Link +
      • + +
    • + + CVE-2015-4004 +
      The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2015-4001 +
      Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet.
      + Link +
      • + +
    • + + CVE-2016-2085 +
      + Link +
      • + +
    • + + CVE-2015-8812 +
      + Link +
      • + +
    • + + CVE-2016-2117 +
      + Link +
      • + +
    • + + CVE-2016-3157 +
      + Link +
      • + +
    • + + CVE-2016-2188 +
      + Link +
      • + +
    • + + CVE-2016-3156 +
      + Link +
      • + +
    • + + CVE-2016-3134 +
      + Link +
      • + +
    • + + CVE-2016-3689 +
      + Link +
      • + +
    • + + CVE-2016-2544 +
      + Link +
      • + +
    • + + CVE-2016-2069 +
      + Link +
      • + +
    • + + CVE-2016-2384 +
      + Link +
      • + +
    • + + CVE-2016-3951 +
      + Link +
      • + +
    • + + CVE-2016-2547 +
      + Link +
      • + +
    • + + CVE-2016-2853 +
      + Link +
      • + +
    • + + CVE-2016-2543 +
      + Link +
      • + +
    • + + CVE-2015-8816 +
      + Link +
      • + +
    • + + CVE-2016-2546 +
      + Link +
      • + +
    • + + CVE-2016-2548 +
      + Link +
      • + +
    • + + CVE-2016-2143 +
      + Link +
      • + +
    • + + CVE-2015-7515 +
      + Link +
      • + +
    • + + CVE-2016-3672 +
      + Link +
      • + +
    • + + CVE-2016-2545 +
      + Link +
      • + +
    • + + CVE-2016-2847 +
      + Link +
      • + +
    • + + CVE-2016-2854 +
      + Link +
      • + +
    • + + CVE-2016-2549 +
      + Link +
      • + +
    • + + CVE-2015-1350 +
      + Link +
      • + +
    • + + CVE-2015-8553 +
      + Link +
      • + +
    • + + CVE-2015-8839 +
      + Link +
      • + +
    • + + CVE-2016-2782 +
      + Link +
      • + +
    • + + CVE-2016-2550 +
      + Link +
      • + +
    +
    • + +
  • +
    + openssh 1:6.7p1-5 - +
    +
      + +
    • + + CVE-2015-5600 +
      The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.
      + Link +
      • + +
    • + + CVE-2015-5352 +
      The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.
      + Link +
      • + +
    • + + CVE-2016-3115 +
      Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
      + Link +
      • + +
    • + + CVE-2015-6564 +
      Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
      + Link +
      • + +
    • + + CVE-2016-0778 +
      The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
      + Link +
      • + +
    • + + CVE-2016-0777 +
      The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
      + Link +
      • + +
    • + + CVE-2015-6563 +
      The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
      + Link +
      • + +
    • + + CVE-2007-2243 +
      OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.
      + Link +
      • + +
    • + + CVE-2008-3234 +
      sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.
      + Link +
      • + +
    • + + CVE-2007-2768 +
      OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.
      + Link +
      • + +
    • + + CVE-2016-1908 +
      + Link +
      • + +
    • + + CVE-2015-8325 +
      + Link +
      • + +
    +
    • + +
  • +
    + glibc 2.19-18+deb8u1 - +
    +
      + +
    • + + CVE-2015-5277 +
      The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.
      + Link +
      • + +
    • + + CVE-2016-2856 +
      pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option.
      + Link +
      • + +
    • + + CVE-2014-8121 +
      DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.
      + Link +
      • + +
    • + + CVE-2015-7547 +
      Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
      + Link +
      • + +
    • + + CVE-2015-5180 +
      + Link +
      • + +
    • + + CVE-2013-2207 +
      pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
      + Link +
      • + +
    • + + CVE-2015-8777 +
      The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
      + Link +
      • + +
    • + + CVE-2010-4756 +
      The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
      + Link +
      • + +
    • + + CVE-2010-4052 +
      Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
      + Link +
      • + +
    • + + CVE-2010-4051 +
      The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
      + Link +
      • + +
    • + + CVE-2016-1234 +
      + Link +
      • + +
    • + + CVE-2015-8776 +
      + Link +
      • + +
    • + + CVE-2015-8778 +
      + Link +
      • + +
    • + + CVE-2014-9761 +
      + Link +
      • + +
    • + + CVE-2016-3075 +
      + Link +
      • + +
    • + + CVE-2015-8779 +
      + Link +
      • + +
    +
    • + +
  • +
    + openssl 1.0.1k-3+deb8u2 - +
    +
      + +
    • + + CVE-2016-2842 +
      The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.
      + Link +
      • + +
    • + + CVE-2016-0705 +
      Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
      + Link +
      • + +
    • + + CVE-2016-0799 +
      The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.
      + Link +
      • + +
    • + + CVE-2016-0798 +
      Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.
      + Link +
      • + +
    • + + CVE-2016-0797 +
      Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.
      + Link +
      • + +
    • + + CVE-2016-0702 +
      The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.
      + Link +
      • + +
    • + + CVE-2010-0928 +
      OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."
      + Link +
      • + +
    • + + CVE-2007-6755 +
      The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + krb5 1.12.1+dfsg-19+deb8u1 - +
    +
      + +
    • + + CVE-2015-8631 +
      Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.
      + Link +
      • + +
    • + + CVE-2015-2694 +
      The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.
      + Link +
      • + +
    • + + CVE-2015-8630 +
      The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.
      + Link +
      • + +
    • + + CVE-2016-3119 +
      The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
      + Link +
      • + +
    • + + CVE-2015-8629 +
      The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
      + Link +
      • + +
    • + + CVE-2004-0971 +
      The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
      + Link +
      • + +
    +
    • + +
  • +
    + nettle 2.7.1-5 - +
    +
      + +
    • + + CVE-2015-8803 +
      The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
      + Link +
      • + +
    • + + CVE-2015-8805 +
      The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.
      + Link +
      • + +
    • + + CVE-2015-8804 +
      x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + icu 52.1-8+deb8u3 - +
    +
      + +
    • + + CVE-2015-4844 +
      Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2016-0494 +
      Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2015-2632 +
      Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
      + Link +
      • + +
    +
    • + +
  • +
    + git 1:2.1.4-2.1+deb8u1 - +
    +
      + +
    • + + CVE-2016-2315 +
      revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
      + Link +
      • + +
    • + + CVE-2016-2324 +
      Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
      + Link +
      • + +
    +
    • + +
  • +
    + perl 5.20.2-3+deb8u1 - +
    +
      + +
    • + + CVE-2015-8607 +
      The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
      + Link +
      • + +
    • + + CVE-2011-4116 +
      + Link +
      • + +
    • + + CVE-2012-3878 +
      + Link +
      • + +
    • + + CVE-2016-2381 +
      Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
      + Link +
      • + +
    +
    • + +
  • +
    + curl 7.38.0-4+deb8u2 - +
    +
      + +
    • + + CVE-2016-0755 +
      The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
      + Link +
      • + +
    +
    • + +
  • +
    + util-linux 2.25.2-6 - +
    +
      + +
    • + + CVE-2015-5224 +
      + Link +
      • + +
    • + + CVE-2016-2779 +
      + Link +
      • + +
    • + + CVE-2015-5218 +
      Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.
      + Link +
      • + +
    +
    • + +
  • +
    + gnutls28 3.3.8-6+deb8u3 - +
    +
      + +
    • + + CVE-2011-3389 +
      The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
      + Link +
      • + +
    +
    • + +
  • +
    + libidn 1.29-1 - +
    +
      + +
    • + + CVE-2015-2059 +
      The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.
      + Link +
      • + +
    +
    • + +
  • +
    + apt 1.0.9.8.1 - +
    +
      + +
    • + + CVE-2011-3374 +
      + Link +
      • + +
    • + + CVE-2012-3587 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack.
      + Link +
      • + +
    • + + CVE-2012-0954 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587.
      + Link +
      • + +
    +
    • + +
  • +
    + pam 1.1.8-3.1 - +
    +
      + +
    • + + CVE-2015-3238 +
      The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
      + Link +
      • + +
    +
    • + +
  • +
    + gcc-4.9 4.9.2-10 - +
    +
      + +
    • + + CVE-2015-5276 +
      The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + systemd 215-17+deb8u2 - +
    +
      + +
    • + + CVE-2013-4392 +
      systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.
      + Link +
      • + +
    • + + CVE-2015-8842 +
      + Link +
      • + +
    +
    • + +
  • +
    + shadow 1:4.2-3 - +
    +
      + +
    • + + CVE-2013-4235 +
      + Link +
      • + +
    • + + CVE-2007-5686 +
      initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.
      + Link +
      • + +
    +
    • + +
  • +
    + python-defaults 2.7.9-1 - +
    +
      + +
    • + + CVE-2008-4108 +
      Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory.
      + Link +
      • + +
    +
    • + +
  • +
    + libbsd 0.7.0-2 - +
    +
      + +
    • + + CVE-2016-2090 +
      + Link +
      • + +
    +
    • + +
  • +
    + tar 1.27.1-2 - +
    +
      + +
    • + + CVE-2005-2541 +
      Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
      + Link +
      • + +
    +
    • + +
  • +
    + python2.7 2.7.9-2 - +
    +
      + +
    • + + CVE-2013-7040 +
      Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.
      + Link +
      • + +
    +
    • + +
  • +
    + wget 1.16-1 - +
    +
      + +
    • + + CVE-2006-6719 +
      The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.
      + Link +
      • + +
    +
    • + +
  • +
    + audit 1:2.4-1 - +
    +
      + +
    • + + CVE-2015-5186 +
      + Link +
      • + +
    +
    • + +
  • +
    + expat 2.1.0-6+deb8u1 - +
    +
      + +
    • + + CVE-2013-0340 +
      expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + openldap 2.4.40+dfsg-1+deb8u1 - +
    +
      + +
    • + + CVE-2015-3276 +
      The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + cdebconf 0.192 - +
    +
      + +
    +
    • + +
  • +
    + zlib 1:1.2.8.dfsg-2 - +
    +
      + +
    +
    • + +
  • +
    + libgcrypt20 1.6.3-2 - +
    +
      + +
    • + + CVE-2015-7511 +
      + Link +
      • + +
    +
    • + +
  • +
    + sensible-utils 0.0.9 - +
    +
      + +
    +
    • + +
  • +
    + cyrus-sasl2 2.1.26.dfsg1-13+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + gzip 1.6-4 - +
    +
      + +
    +
    • + +
  • +
    + libselinux 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + libsemanage 2.3-1 - +
    +
      + +
    +
    • + +
  • +
    + subversion 1.8.10-6+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + e2fsprogs 1.42.12-1.1 - +
    +
      + +
    +
    • + +
  • +
    + procps 2:3.3.9-9 - +
    +
      + +
    +
    • + +
  • +
    + grep 2.20-4.1 - +
    +
      + +
    +
    • + +
  • +
    + findutils 4.4.2-9 - +
    +
      + +
    +
    • + +
  • +
    + slang2 2.3.0-2 - +
    +
      + +
    +
    • + +
  • +
    + keyutils 1.5.9-5 - +
    +
      + +
    +
    • + +
  • +
    + p11-kit 0.20.7-1 - +
    +
      + +
    +
    • + +
  • +
    + mawk 1.3.3-17 - +
    +
      + +
    +
    • + +
  • +
    + bzr 2.6.0+bzr6595-6 - +
    +
      + +
    +
    • + +
  • +
    + iproute2 3.16.0-2 - +
    +
      + +
    +
    • + +
  • +
    + libtext-charwidth-perl 0.04-7 - +
    +
      + +
    +
    • + +
  • +
    + xz-utils 5.1.1alpha+20120614-2 - +
    +
      + +
    +
    • + +
  • +
    + libtext-wrapi18n-perl 0.06-7 - +
    +
      + +
    +
    • + +
  • +
    + netbase 5.3 - +
    +
      + +
    +
    • + +
  • +
    + libusb 2:0.1.12-25 - +
    +
      + +
    +
    • + +
  • +
    + init-system-helpers 1.22 - +
    +
      + +
    +
    • + +
  • +
    + libcap2 1:2.24-8 - +
    +
      + +
    +
    • + +
  • +
    + dash 0.5.7-4 - +
    +
      + +
    +
    • + +
  • +
    + cloog 0.18.2-1 - +
    +
      + +
    +
    • + +
  • +
    + lvm2 2.02.111-2.2 - +
    +
      + +
    +
    • + +
  • +
    + kmod 18-3 - +
    +
      + +
    +
    • + +
  • +
    + gnupg 1.4.18-7 - +
    +
      + +
    +
    • + +
  • +
    + lsb 4.1+Debian13+nmu1 - +
    +
      + +
    +
    • + +
  • +
    + apr-util 1.5.4-1 - +
    +
      + +
    +
    • + +
  • +
    + libssh2 1.4.3-4.1 - +
    +
      + +
    • + + CVE-2016-0787 +
      + Link +
      • + +
    +
    • + +
  • +
    + configobj 5.0.6-1 - +
    +
      + +
    +
    • + +
  • +
    + sed 4.2.2-4 - +
    +
      + +
    +
    • + +
  • +
    + gmp 2:6.0.0+dfsg-6 - +
    +
      + +
    +
    • + +
  • +
    + libgpg-error 1.17-3 - +
    +
      + +
    +
    • + +
  • +
    + mpclib3 1.0.2-1 - +
    +
      + +
    +
    • + +
  • +
    + tzdata 2015g-0+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + base-files 8+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + liblocale-gettext-perl 1.05-8 - +
    +
      + +
    +
    • + +
  • +
    + debian-archive-keyring 2014.3 - +
    +
      + +
    +
    • + +
  • +
    + make-dfsg 4.0-8.1 - +
    +
      + +
    +
    • + +
  • +
    + sqlite3 3.8.7.1-1+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + explorercanvas 0.r3-3 - +
    +
      + +
    +
    • + +
  • +
    + readline6 6.3-8 - +
    +
      + +
    +
    • + +
  • +
    + insserv 1.14.0-5 - +
    +
      + +
    +
    • + +
  • +
    + dpkg 1.17.26 - +
    +
      + +
    +
    • + +
  • +
    + liberror-perl 0.17-1.1 - +
    +
      + +
    +
    • + +
  • +
    + gcc-defaults 1.136 - +
    +
      + +
    +
    • + +
  • +
    + startpar 0.59-3 - +
    +
      + +
    +
    • + +
  • +
    + libpsl 0.5.1-1 - +
    +
      + +
    +
    • + +
  • +
    + binutils 2.25-5 - +
    +
      + +
    +
    • + +
  • +
    + mercurial 3.1.2-2+deb8u1 - +
    +
      + +
    • + + CVE-2016-3068 +
      + Link +
      • + +
    • + + CVE-2016-3069 +
      + Link +
      • + +
    • + + CVE-2016-3630 +
      + Link +
      • + +
    +
    • + +
  • +
    + bash 4.3-11 - +
    +
      + +
    +
    • + +
  • +
    + ncurses 5.9+20140913-1 - +
    +
      + +
    +
    • + +
  • +
    + coreutils 8.23-4 - +
    +
      + +
    • + + CVE-2016-2781 +
      + Link +
      • + +
    +
    • + +
  • +
    + six 1.8.0-1 - +
    +
      + +
    +
    • + +
  • +
    + mpfr4 3.1.2-2 - +
    +
      + +
    +
    • + +
  • +
    + gdbm 1.8.3-13.1 - +
    +
      + +
    +
    • + +
  • +
    + libtext-iconv-perl 1.7-5 - +
    +
      + +
    +
    • + +
  • +
    + adduser 3.113+nmu3 - +
    +
      + +
    +
    • + +
  • +
    + ca-certificates 20141019 - +
    +
      + +
    +
    • + +
  • +
    + libedit 3.1-20140620-2 - +
    +
      + +
    +
    • + +
  • +
    + db5.3 5.3.28-9 - +
    +
      + +
    +
    • + +
  • +
    + debconf 1.5.56 - +
    +
      + +
    +
    • + +
  • +
    + cryptsetup 2:1.6.6-5 - +
    +
      + +
    +
    • + +
  • +
    + sysvinit 2.88dsf-59 - +
    +
      + +
    +
    • + +
  • +
    + libffi 3.1-2 - +
    +
      + +
    +
    • + +
  • +
    + libsepol 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + debianutils 4.4 - +
    +
      + +
    +
    • + +
  • +
    + hostname 3.15 - +
    +
      + +
    +
    • + +
  • +
    + base-passwd 3.5.37 - +
    +
      + +
    +
    • + +
  • +
    + ustr 1.0.4-3 - +
    +
      + +
    +
    • + +
  • +
    + rtmpdump 2.4+20150115.gita107cef-1 - +
    +
      + +
    +
    • + +
  • +
    + inetutils 2:1.9.2.39.3a460-3 - +
    +
      + +
    +
    • + +
  • +
    + isl 0.12.2-2 - +
    +
      + +
    +
    • + +
  • +
    + apr 1.5.1-3 - +
    +
      + +
    +
    • + +
  • +
    + ucf 3.0030 - +
    +
      + +
    +
    • + +
  • +
    + attr 1:2.4.47-2 - +
    +
      + +
    +
    • + +
  • +
    + mime-support 3.58 - +
    +
      + +
    +
    • + +
  • +
    + acl 2.2.52-2 - +
    +
      + +
    +
    • + +
  • +
    + bzip2 1.0.6-7 - +
    +
      + +
    +
    • + +
  • +
    + serf 1.3.8-1 - +
    +
      + +
    +
    • + +
  • +
    + libtasn1-6 4.2-3+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + diffutils 1:3.3-1 - +
    +
      + +
    +
    • + +
  • +
    + gcc-4.8 4.8.4-1 - +
    +
      + +
    +
    • + +
+
+
+ +
+

sha256:f99481f284b54cdb60b2bd3a666a77c5ed31cf7fb98b665e3e7d28d7fe5dd1d5

+
+
+
    + +
  • +
    + pcre3 2:8.35-3.3 - +
    +
      + +
    • + + CVE-2015-8380 +
      The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8390 +
      PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8395 +
      PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392.
      + Link +
      • + +
    • + + CVE-2015-8387 +
      PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-2328 +
      PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8384 +
      PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-8389 +
      PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8388 +
      PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8391 +
      The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8394 +
      PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8386 +
      PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8392 +
      PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-2327 +
      PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8385 +
      PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-3191 +
      The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
      + Link +
      • + +
    • + + CVE-2015-8383 +
      PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8381 +
      The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-1283 +
      The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2014-9769 +
      pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset.
      + Link +
      • + +
    • + + CVE-2015-8382 +
      The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.
      + Link +
      • + +
    • + + CVE-2015-8393 +
      pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
      + Link +
      • + +
    • + + CVE-2015-2326 +
      + Link +
      • + +
    • + + CVE-2015-3210 +
      + Link +
      • + +
    • + + CVE-2015-2325 +
      + Link +
      • + +
    • + + CVE-2015-5073 +
      + Link +
      • + +
    • + + CVE-2015-3217 +
      + Link +
      • + +
    +
    • + +
  • +
    + linux 3.16.7-ckt20-1+deb8u2 - +
    +
      + +
    • + + CVE-2013-7445 +
      The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.
      + Link +
      • + +
    • + + CVE-2016-0728 +
      The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
      + Link +
      • + +
    • + + CVE-2015-8785 +
      The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.
      + Link +
      • + +
    • + + CVE-2015-8767 +
      net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
      + Link +
      • + +
    • + + CVE-2015-7566 +
      The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.
      + Link +
      • + +
    • + + CVE-2013-4312 +
      The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.
      + Link +
      • + +
    • + + CVE-2016-0821 +
      The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.
      + Link +
      • + +
    • + + CVE-2016-0723 +
      Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call.
      + Link +
      • + +
    • + + CVE-2016-3136 +
      + Link +
      • + +
    • + + CVE-2014-9717 +
      + Link +
      • + +
    • + + CVE-2016-3140 +
      + Link +
      • + +
    • + + CVE-2016-3139 +
      + Link +
      • + +
    • + + CVE-2016-2184 +
      + Link +
      • + +
    • + + CVE-2016-3137 +
      + Link +
      • + +
    • + + CVE-2016-2185 +
      + Link +
      • + +
    • + + CVE-2016-3138 +
      + Link +
      • + +
    • + + CVE-2016-2186 +
      + Link +
      • + +
    • + + CVE-2015-8830 +
      + Link +
      • + +
    • + + CVE-2015-7885 +
      The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.
      + Link +
      • + +
    • + + CVE-2015-4003 +
      The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2008-4609 +
      The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
      + Link +
      • + +
    • + + CVE-2004-0230 +
      TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.
      + Link +
      • + +
    • + + CVE-2015-4002 +
      drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions.
      + Link +
      • + +
    • + + CVE-2005-3660 +
      Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference.
      + Link +
      • + +
    • + + CVE-2010-4563 +
      The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping.
      + Link +
      • + +
    • + + CVE-2007-3719 +
      The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
      + Link +
      • + +
    • + + CVE-2016-2053 +
      + Link +
      • + +
    • + + CVE-2011-4917 +
      + Link +
      • + +
    • + + CVE-2011-4915 +
      + Link +
      • + +
    • + + CVE-2012-4542 +
      block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes.
      + Link +
      • + +
    • + + CVE-2015-2877 +
      + Link +
      • + +
    • + + CVE-2015-4004 +
      The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2015-4001 +
      Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet.
      + Link +
      • + +
    • + + CVE-2016-2085 +
      + Link +
      • + +
    • + + CVE-2015-8812 +
      + Link +
      • + +
    • + + CVE-2016-2117 +
      + Link +
      • + +
    • + + CVE-2016-3157 +
      + Link +
      • + +
    • + + CVE-2016-2188 +
      + Link +
      • + +
    • + + CVE-2016-3156 +
      + Link +
      • + +
    • + + CVE-2016-3134 +
      + Link +
      • + +
    • + + CVE-2016-3689 +
      + Link +
      • + +
    • + + CVE-2016-2544 +
      + Link +
      • + +
    • + + CVE-2016-2069 +
      + Link +
      • + +
    • + + CVE-2016-2384 +
      + Link +
      • + +
    • + + CVE-2016-3951 +
      + Link +
      • + +
    • + + CVE-2016-2547 +
      + Link +
      • + +
    • + + CVE-2016-2853 +
      + Link +
      • + +
    • + + CVE-2016-2543 +
      + Link +
      • + +
    • + + CVE-2015-8816 +
      + Link +
      • + +
    • + + CVE-2016-2546 +
      + Link +
      • + +
    • + + CVE-2016-2548 +
      + Link +
      • + +
    • + + CVE-2016-2143 +
      + Link +
      • + +
    • + + CVE-2015-7515 +
      + Link +
      • + +
    • + + CVE-2016-3672 +
      + Link +
      • + +
    • + + CVE-2016-2545 +
      + Link +
      • + +
    • + + CVE-2016-2847 +
      + Link +
      • + +
    • + + CVE-2016-2854 +
      + Link +
      • + +
    • + + CVE-2016-2549 +
      + Link +
      • + +
    • + + CVE-2015-1350 +
      + Link +
      • + +
    • + + CVE-2015-8553 +
      + Link +
      • + +
    • + + CVE-2015-8839 +
      + Link +
      • + +
    • + + CVE-2016-2782 +
      + Link +
      • + +
    • + + CVE-2016-2550 +
      + Link +
      • + +
    +
    • + +
  • +
    + openssh 1:6.7p1-5 - +
    +
      + +
    • + + CVE-2015-5600 +
      The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.
      + Link +
      • + +
    • + + CVE-2015-5352 +
      The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.
      + Link +
      • + +
    • + + CVE-2016-3115 +
      Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
      + Link +
      • + +
    • + + CVE-2015-6564 +
      Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
      + Link +
      • + +
    • + + CVE-2016-0778 +
      The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
      + Link +
      • + +
    • + + CVE-2016-0777 +
      The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
      + Link +
      • + +
    • + + CVE-2015-6563 +
      The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
      + Link +
      • + +
    • + + CVE-2007-2243 +
      OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.
      + Link +
      • + +
    • + + CVE-2008-3234 +
      sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.
      + Link +
      • + +
    • + + CVE-2007-2768 +
      OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.
      + Link +
      • + +
    • + + CVE-2016-1908 +
      + Link +
      • + +
    • + + CVE-2015-8325 +
      + Link +
      • + +
    +
    • + +
  • +
    + openssl 1.0.1k-3+deb8u2 - +
    +
      + +
    • + + CVE-2016-2842 +
      The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.
      + Link +
      • + +
    • + + CVE-2016-0705 +
      Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
      + Link +
      • + +
    • + + CVE-2016-0799 +
      The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.
      + Link +
      • + +
    • + + CVE-2016-0798 +
      Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.
      + Link +
      • + +
    • + + CVE-2016-0797 +
      Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.
      + Link +
      • + +
    • + + CVE-2016-0702 +
      The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.
      + Link +
      • + +
    • + + CVE-2010-0928 +
      OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."
      + Link +
      • + +
    • + + CVE-2007-6755 +
      The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + glibc 2.19-18+deb8u1 - +
    +
      + +
    • + + CVE-2015-5277 +
      The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.
      + Link +
      • + +
    • + + CVE-2016-2856 +
      pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option.
      + Link +
      • + +
    • + + CVE-2014-8121 +
      DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.
      + Link +
      • + +
    • + + CVE-2015-7547 +
      Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
      + Link +
      • + +
    • + + CVE-2015-5180 +
      + Link +
      • + +
    • + + CVE-2013-2207 +
      pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
      + Link +
      • + +
    • + + CVE-2015-8777 +
      The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
      + Link +
      • + +
    • + + CVE-2010-4756 +
      The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
      + Link +
      • + +
    • + + CVE-2010-4052 +
      Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
      + Link +
      • + +
    • + + CVE-2010-4051 +
      The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
      + Link +
      • + +
    • + + CVE-2016-1234 +
      + Link +
      • + +
    • + + CVE-2015-8776 +
      + Link +
      • + +
    • + + CVE-2015-8778 +
      + Link +
      • + +
    • + + CVE-2014-9761 +
      + Link +
      • + +
    • + + CVE-2016-3075 +
      + Link +
      • + +
    • + + CVE-2015-8779 +
      + Link +
      • + +
    +
    • + +
  • +
    + krb5 1.12.1+dfsg-19+deb8u1 - +
    +
      + +
    • + + CVE-2015-8631 +
      Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.
      + Link +
      • + +
    • + + CVE-2015-2694 +
      The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.
      + Link +
      • + +
    • + + CVE-2015-8630 +
      The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.
      + Link +
      • + +
    • + + CVE-2016-3119 +
      The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
      + Link +
      • + +
    • + + CVE-2015-8629 +
      The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
      + Link +
      • + +
    • + + CVE-2004-0971 +
      The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
      + Link +
      • + +
    +
    • + +
  • +
    + nettle 2.7.1-5 - +
    +
      + +
    • + + CVE-2015-8803 +
      The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
      + Link +
      • + +
    • + + CVE-2015-8805 +
      The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.
      + Link +
      • + +
    • + + CVE-2015-8804 +
      x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + icu 52.1-8+deb8u3 - +
    +
      + +
    • + + CVE-2015-4844 +
      Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2016-0494 +
      Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2015-2632 +
      Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
      + Link +
      • + +
    +
    • + +
  • +
    + git 1:2.1.4-2.1+deb8u1 - +
    +
      + +
    • + + CVE-2016-2315 +
      revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
      + Link +
      • + +
    • + + CVE-2016-2324 +
      Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
      + Link +
      • + +
    +
    • + +
  • +
    + perl 5.20.2-3+deb8u1 - +
    +
      + +
    • + + CVE-2015-8607 +
      The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
      + Link +
      • + +
    • + + CVE-2011-4116 +
      + Link +
      • + +
    • + + CVE-2012-3878 +
      + Link +
      • + +
    • + + CVE-2016-2381 +
      Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
      + Link +
      • + +
    +
    • + +
  • +
    + gcc-4.9 4.9.2-10 - +
    +
      + +
    • + + CVE-2015-5276 +
      The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + apt 1.0.9.8.1 - +
    +
      + +
    • + + CVE-2011-3374 +
      + Link +
      • + +
    • + + CVE-2012-3587 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack.
      + Link +
      • + +
    • + + CVE-2012-0954 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587.
      + Link +
      • + +
    +
    • + +
  • +
    + pam 1.1.8-3.1 - +
    +
      + +
    • + + CVE-2015-3238 +
      The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
      + Link +
      • + +
    +
    • + +
  • +
    + libidn 1.29-1 - +
    +
      + +
    • + + CVE-2015-2059 +
      The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.
      + Link +
      • + +
    +
    • + +
  • +
    + curl 7.38.0-4+deb8u2 - +
    +
      + +
    • + + CVE-2016-0755 +
      The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
      + Link +
      • + +
    +
    • + +
  • +
    + util-linux 2.25.2-6 - +
    +
      + +
    • + + CVE-2015-5224 +
      + Link +
      • + +
    • + + CVE-2016-2779 +
      + Link +
      • + +
    • + + CVE-2015-5218 +
      Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.
      + Link +
      • + +
    +
    • + +
  • +
    + gnutls28 3.3.8-6+deb8u3 - +
    +
      + +
    • + + CVE-2011-3389 +
      The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
      + Link +
      • + +
    +
    • + +
  • +
    + shadow 1:4.2-3 - +
    +
      + +
    • + + CVE-2013-4235 +
      + Link +
      • + +
    • + + CVE-2007-5686 +
      initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.
      + Link +
      • + +
    +
    • + +
  • +
    + systemd 215-17+deb8u2 - +
    +
      + +
    • + + CVE-2013-4392 +
      systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.
      + Link +
      • + +
    • + + CVE-2015-8842 +
      + Link +
      • + +
    +
    • + +
  • +
    + openldap 2.4.40+dfsg-1+deb8u1 - +
    +
      + +
    • + + CVE-2015-3276 +
      The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + python2.7 2.7.9-2 - +
    +
      + +
    • + + CVE-2013-7040 +
      Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.
      + Link +
      • + +
    +
    • + +
  • +
    + tar 1.27.1-2 - +
    +
      + +
    • + + CVE-2005-2541 +
      Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
      + Link +
      • + +
    +
    • + +
  • +
    + wget 1.16-1 - +
    +
      + +
    • + + CVE-2006-6719 +
      The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.
      + Link +
      • + +
    +
    • + +
  • +
    + python-defaults 2.7.9-1 - +
    +
      + +
    • + + CVE-2008-4108 +
      Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory.
      + Link +
      • + +
    +
    • + +
  • +
    + audit 1:2.4-1 - +
    +
      + +
    • + + CVE-2015-5186 +
      + Link +
      • + +
    +
    • + +
  • +
    + libbsd 0.7.0-2 - +
    +
      + +
    • + + CVE-2016-2090 +
      + Link +
      • + +
    +
    • + +
  • +
    + expat 2.1.0-6+deb8u1 - +
    +
      + +
    • + + CVE-2013-0340 +
      expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + libedit 3.1-20140620-2 - +
    +
      + +
    +
    • + +
  • +
    + libusb 2:0.1.12-25 - +
    +
      + +
    +
    • + +
  • +
    + sed 4.2.2-4 - +
    +
      + +
    +
    • + +
  • +
    + subversion 1.8.10-6+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + lsb 4.1+Debian13+nmu1 - +
    +
      + +
    +
    • + +
  • +
    + bzip2 1.0.6-7 - +
    +
      + +
    +
    • + +
  • +
    + libgcrypt20 1.6.3-2 - +
    +
      + +
    • + + CVE-2015-7511 +
      + Link +
      • + +
    +
    • + +
  • +
    + findutils 4.4.2-9 - +
    +
      + +
    +
    • + +
  • +
    + insserv 1.14.0-5 - +
    +
      + +
    +
    • + +
  • +
    + kmod 18-3 - +
    +
      + +
    +
    • + +
  • +
    + gcc-defaults 1.136 - +
    +
      + +
    +
    • + +
  • +
    + procps 2:3.3.9-9 - +
    +
      + +
    +
    • + +
  • +
    + zlib 1:1.2.8.dfsg-2 - +
    +
      + +
    +
    • + +
  • +
    + base-files 8+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + grep 2.20-4.1 - +
    +
      + +
    +
    • + +
  • +
    + coreutils 8.23-4 - +
    +
      + +
    • + + CVE-2016-2781 +
      + Link +
      • + +
    +
    • + +
  • +
    + liblocale-gettext-perl 1.05-8 - +
    +
      + +
    +
    • + +
  • +
    + ustr 1.0.4-3 - +
    +
      + +
    +
    • + +
  • +
    + libtext-wrapi18n-perl 0.06-7 - +
    +
      + +
    +
    • + +
  • +
    + db5.3 5.3.28-9 - +
    +
      + +
    +
    • + +
  • +
    + libtext-iconv-perl 1.7-5 - +
    +
      + +
    +
    • + +
  • +
    + iproute2 3.16.0-2 - +
    +
      + +
    +
    • + +
  • +
    + gcc-4.8 4.8.4-1 - +
    +
      + +
    +
    • + +
  • +
    + libcap2 1:2.24-8 - +
    +
      + +
    +
    • + +
  • +
    + gmp 2:6.0.0+dfsg-6 - +
    +
      + +
    +
    • + +
  • +
    + libpsl 0.5.1-1 - +
    +
      + +
    +
    • + +
  • +
    + six 1.8.0-1 - +
    +
      + +
    +
    • + +
  • +
    + debianutils 4.4 - +
    +
      + +
    +
    • + +
  • +
    + attr 1:2.4.47-2 - +
    +
      + +
    +
    • + +
  • +
    + base-passwd 3.5.37 - +
    +
      + +
    +
    • + +
  • +
    + debian-archive-keyring 2014.3 - +
    +
      + +
    +
    • + +
  • +
    + readline6 6.3-8 - +
    +
      + +
    +
    • + +
  • +
    + libsepol 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + acl 2.2.52-2 - +
    +
      + +
    +
    • + +
  • +
    + startpar 0.59-3 - +
    +
      + +
    +
    • + +
  • +
    + cryptsetup 2:1.6.6-5 - +
    +
      + +
    +
    • + +
  • +
    + ucf 3.0030 - +
    +
      + +
    +
    • + +
  • +
    + tzdata 2015g-0+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + xz-utils 5.1.1alpha+20120614-2 - +
    +
      + +
    +
    • + +
  • +
    + libtasn1-6 4.2-3+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + sqlite3 3.8.7.1-1+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + netbase 5.3 - +
    +
      + +
    +
    • + +
  • +
    + sysvinit 2.88dsf-59 - +
    +
      + +
    +
    • + +
  • +
    + configobj 5.0.6-1 - +
    +
      + +
    +
    • + +
  • +
    + hostname 3.15 - +
    +
      + +
    +
    • + +
  • +
    + libtext-charwidth-perl 0.04-7 - +
    +
      + +
    +
    • + +
  • +
    + rtmpdump 2.4+20150115.gita107cef-1 - +
    +
      + +
    +
    • + +
  • +
    + keyutils 1.5.9-5 - +
    +
      + +
    +
    • + +
  • +
    + serf 1.3.8-1 - +
    +
      + +
    +
    • + +
  • +
    + gzip 1.6-4 - +
    +
      + +
    +
    • + +
  • +
    + p11-kit 0.20.7-1 - +
    +
      + +
    +
    • + +
  • +
    + libffi 3.1-2 - +
    +
      + +
    +
    • + +
  • +
    + binutils 2.25-5 - +
    +
      + +
    +
    • + +
  • +
    + lvm2 2.02.111-2.2 - +
    +
      + +
    +
    • + +
  • +
    + mawk 1.3.3-17 - +
    +
      + +
    +
    • + +
  • +
    + dpkg 1.17.26 - +
    +
      + +
    +
    • + +
  • +
    + bzr 2.6.0+bzr6595-6 - +
    +
      + +
    +
    • + +
  • +
    + mpfr4 3.1.2-2 - +
    +
      + +
    +
    • + +
  • +
    + mpclib3 1.0.2-1 - +
    +
      + +
    +
    • + +
  • +
    + libgpg-error 1.17-3 - +
    +
      + +
    +
    • + +
  • +
    + inetutils 2:1.9.2.39.3a460-3 - +
    +
      + +
    +
    • + +
  • +
    + debconf 1.5.56 - +
    +
      + +
    +
    • + +
  • +
    + cdebconf 0.192 - +
    +
      + +
    +
    • + +
  • +
    + libssh2 1.4.3-4.1 - +
    +
      + +
    • + + CVE-2016-0787 +
      + Link +
      • + +
    +
    • + +
  • +
    + gdbm 1.8.3-13.1 - +
    +
      + +
    +
    • + +
  • +
    + mime-support 3.58 - +
    +
      + +
    +
    • + +
  • +
    + libsemanage 2.3-1 - +
    +
      + +
    +
    • + +
  • +
    + ncurses 5.9+20140913-1 - +
    +
      + +
    +
    • + +
  • +
    + gnupg 1.4.18-7 - +
    +
      + +
    +
    • + +
  • +
    + bash 4.3-11 - +
    +
      + +
    +
    • + +
  • +
    + e2fsprogs 1.42.12-1.1 - +
    +
      + +
    +
    • + +
  • +
    + apr-util 1.5.4-1 - +
    +
      + +
    +
    • + +
  • +
    + apr 1.5.1-3 - +
    +
      + +
    +
    • + +
  • +
    + diffutils 1:3.3-1 - +
    +
      + +
    +
    • + +
  • +
    + make-dfsg 4.0-8.1 - +
    +
      + +
    +
    • + +
  • +
    + sensible-utils 0.0.9 - +
    +
      + +
    +
    • + +
  • +
    + cyrus-sasl2 2.1.26.dfsg1-13+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + libselinux 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + slang2 2.3.0-2 - +
    +
      + +
    +
    • + +
  • +
    + init-system-helpers 1.22 - +
    +
      + +
    +
    • + +
  • +
    + mercurial 3.1.2-2+deb8u1 - +
    +
      + +
    • + + CVE-2016-3068 +
      + Link +
      • + +
    • + + CVE-2016-3069 +
      + Link +
      • + +
    • + + CVE-2016-3630 +
      + Link +
      • + +
    +
    • + +
  • +
    + isl 0.12.2-2 - +
    +
      + +
    +
    • + +
  • +
    + explorercanvas 0.r3-3 - +
    +
      + +
    +
    • + +
  • +
    + liberror-perl 0.17-1.1 - +
    +
      + +
    +
    • + +
  • +
    + cloog 0.18.2-1 - +
    +
      + +
    +
    • + +
  • +
    + dash 0.5.7-4 - +
    +
      + +
    +
    • + +
  • +
    + ca-certificates 20141019 - +
    +
      + +
    +
    • + +
  • +
    + adduser 3.113+nmu3 - +
    +
      + +
    +
    • + +
+
+
+ +
+

sha256:a39d28f32bec2ae87a064773fe9cd8e1399a6a25f2d8b99128353807a24b065d

+
+
+
    + +
  • +
    + pcre3 2:8.35-3.3 - +
    +
      + +
    • + + CVE-2015-8380 +
      The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8390 +
      PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8395 +
      PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392.
      + Link +
      • + +
    • + + CVE-2015-8387 +
      PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-2328 +
      PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8384 +
      PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-8389 +
      PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8388 +
      PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8391 +
      The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8394 +
      PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8386 +
      PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8392 +
      PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-2327 +
      PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8385 +
      PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-3191 +
      The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
      + Link +
      • + +
    • + + CVE-2015-8383 +
      PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8381 +
      The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-1283 +
      The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2014-9769 +
      pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset.
      + Link +
      • + +
    • + + CVE-2015-8382 +
      The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.
      + Link +
      • + +
    • + + CVE-2015-8393 +
      pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
      + Link +
      • + +
    • + + CVE-2015-2326 +
      + Link +
      • + +
    • + + CVE-2015-3210 +
      + Link +
      • + +
    • + + CVE-2015-2325 +
      + Link +
      • + +
    • + + CVE-2015-5073 +
      + Link +
      • + +
    • + + CVE-2015-3217 +
      + Link +
      • + +
    +
    • + +
  • +
    + linux 3.16.7-ckt20-1+deb8u2 - +
    +
      + +
    • + + CVE-2013-7445 +
      The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.
      + Link +
      • + +
    • + + CVE-2016-0728 +
      The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
      + Link +
      • + +
    • + + CVE-2015-8785 +
      The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.
      + Link +
      • + +
    • + + CVE-2015-8767 +
      net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
      + Link +
      • + +
    • + + CVE-2015-7566 +
      The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.
      + Link +
      • + +
    • + + CVE-2013-4312 +
      The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.
      + Link +
      • + +
    • + + CVE-2016-0821 +
      The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.
      + Link +
      • + +
    • + + CVE-2016-0723 +
      Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call.
      + Link +
      • + +
    • + + CVE-2016-3136 +
      + Link +
      • + +
    • + + CVE-2014-9717 +
      + Link +
      • + +
    • + + CVE-2016-3140 +
      + Link +
      • + +
    • + + CVE-2016-3139 +
      + Link +
      • + +
    • + + CVE-2016-2184 +
      + Link +
      • + +
    • + + CVE-2016-3137 +
      + Link +
      • + +
    • + + CVE-2016-2185 +
      + Link +
      • + +
    • + + CVE-2016-3138 +
      + Link +
      • + +
    • + + CVE-2016-2186 +
      + Link +
      • + +
    • + + CVE-2015-8830 +
      + Link +
      • + +
    • + + CVE-2015-7885 +
      The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.
      + Link +
      • + +
    • + + CVE-2015-4003 +
      The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2008-4609 +
      The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
      + Link +
      • + +
    • + + CVE-2004-0230 +
      TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.
      + Link +
      • + +
    • + + CVE-2015-4002 +
      drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions.
      + Link +
      • + +
    • + + CVE-2005-3660 +
      Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference.
      + Link +
      • + +
    • + + CVE-2010-4563 +
      The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping.
      + Link +
      • + +
    • + + CVE-2007-3719 +
      The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
      + Link +
      • + +
    • + + CVE-2016-2053 +
      + Link +
      • + +
    • + + CVE-2011-4917 +
      + Link +
      • + +
    • + + CVE-2011-4915 +
      + Link +
      • + +
    • + + CVE-2012-4542 +
      block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes.
      + Link +
      • + +
    • + + CVE-2015-2877 +
      + Link +
      • + +
    • + + CVE-2015-4004 +
      The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet.
      + Link +
      • + +
    • + + CVE-2015-4001 +
      Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet.
      + Link +
      • + +
    • + + CVE-2016-2085 +
      + Link +
      • + +
    • + + CVE-2015-8812 +
      + Link +
      • + +
    • + + CVE-2016-2117 +
      + Link +
      • + +
    • + + CVE-2016-3157 +
      + Link +
      • + +
    • + + CVE-2016-2188 +
      + Link +
      • + +
    • + + CVE-2016-3156 +
      + Link +
      • + +
    • + + CVE-2016-3134 +
      + Link +
      • + +
    • + + CVE-2016-3689 +
      + Link +
      • + +
    • + + CVE-2016-2544 +
      + Link +
      • + +
    • + + CVE-2016-2069 +
      + Link +
      • + +
    • + + CVE-2016-2384 +
      + Link +
      • + +
    • + + CVE-2016-3951 +
      + Link +
      • + +
    • + + CVE-2016-2547 +
      + Link +
      • + +
    • + + CVE-2016-2853 +
      + Link +
      • + +
    • + + CVE-2016-2543 +
      + Link +
      • + +
    • + + CVE-2015-8816 +
      + Link +
      • + +
    • + + CVE-2016-2546 +
      + Link +
      • + +
    • + + CVE-2016-2548 +
      + Link +
      • + +
    • + + CVE-2016-2143 +
      + Link +
      • + +
    • + + CVE-2015-7515 +
      + Link +
      • + +
    • + + CVE-2016-3672 +
      + Link +
      • + +
    • + + CVE-2016-2545 +
      + Link +
      • + +
    • + + CVE-2016-2847 +
      + Link +
      • + +
    • + + CVE-2016-2854 +
      + Link +
      • + +
    • + + CVE-2016-2549 +
      + Link +
      • + +
    • + + CVE-2015-1350 +
      + Link +
      • + +
    • + + CVE-2015-8553 +
      + Link +
      • + +
    • + + CVE-2015-8839 +
      + Link +
      • + +
    • + + CVE-2016-2782 +
      + Link +
      • + +
    • + + CVE-2016-2550 +
      + Link +
      • + +
    +
    • + +
  • +
    + openssh 1:6.7p1-5 - +
    +
      + +
    • + + CVE-2015-5600 +
      The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.
      + Link +
      • + +
    • + + CVE-2015-5352 +
      The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.
      + Link +
      • + +
    • + + CVE-2016-3115 +
      Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
      + Link +
      • + +
    • + + CVE-2015-6564 +
      Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
      + Link +
      • + +
    • + + CVE-2016-0778 +
      The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
      + Link +
      • + +
    • + + CVE-2016-0777 +
      The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
      + Link +
      • + +
    • + + CVE-2015-6563 +
      The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
      + Link +
      • + +
    • + + CVE-2007-2243 +
      OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.
      + Link +
      • + +
    • + + CVE-2008-3234 +
      sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.
      + Link +
      • + +
    • + + CVE-2007-2768 +
      OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.
      + Link +
      • + +
    • + + CVE-2016-1908 +
      + Link +
      • + +
    • + + CVE-2015-8325 +
      + Link +
      • + +
    +
    • + +
  • +
    + openssl 1.0.1k-3+deb8u2 - +
    +
      + +
    • + + CVE-2016-2842 +
      The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.
      + Link +
      • + +
    • + + CVE-2016-0705 +
      Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
      + Link +
      • + +
    • + + CVE-2016-0799 +
      The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.
      + Link +
      • + +
    • + + CVE-2016-0798 +
      Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.
      + Link +
      • + +
    • + + CVE-2016-0797 +
      Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.
      + Link +
      • + +
    • + + CVE-2016-0702 +
      The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.
      + Link +
      • + +
    • + + CVE-2010-0928 +
      OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."
      + Link +
      • + +
    • + + CVE-2007-6755 +
      The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + glibc 2.19-18+deb8u1 - +
    +
      + +
    • + + CVE-2015-5277 +
      The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.
      + Link +
      • + +
    • + + CVE-2016-2856 +
      pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option.
      + Link +
      • + +
    • + + CVE-2014-8121 +
      DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.
      + Link +
      • + +
    • + + CVE-2015-7547 +
      Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
      + Link +
      • + +
    • + + CVE-2015-5180 +
      + Link +
      • + +
    • + + CVE-2013-2207 +
      pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
      + Link +
      • + +
    • + + CVE-2015-8777 +
      The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
      + Link +
      • + +
    • + + CVE-2010-4756 +
      The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
      + Link +
      • + +
    • + + CVE-2010-4052 +
      Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
      + Link +
      • + +
    • + + CVE-2010-4051 +
      The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
      + Link +
      • + +
    • + + CVE-2016-1234 +
      + Link +
      • + +
    • + + CVE-2015-8776 +
      + Link +
      • + +
    • + + CVE-2015-8778 +
      + Link +
      • + +
    • + + CVE-2014-9761 +
      + Link +
      • + +
    • + + CVE-2016-3075 +
      + Link +
      • + +
    • + + CVE-2015-8779 +
      + Link +
      • + +
    +
    • + +
  • +
    + krb5 1.12.1+dfsg-19+deb8u1 - +
    +
      + +
    • + + CVE-2015-8631 +
      Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.
      + Link +
      • + +
    • + + CVE-2015-2694 +
      The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.
      + Link +
      • + +
    • + + CVE-2015-8630 +
      The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.
      + Link +
      • + +
    • + + CVE-2016-3119 +
      The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
      + Link +
      • + +
    • + + CVE-2015-8629 +
      The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
      + Link +
      • + +
    • + + CVE-2004-0971 +
      The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
      + Link +
      • + +
    +
    • + +
  • +
    + nettle 2.7.1-5 - +
    +
      + +
    • + + CVE-2015-8803 +
      The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
      + Link +
      • + +
    • + + CVE-2015-8805 +
      The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.
      + Link +
      • + +
    • + + CVE-2015-8804 +
      x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + icu 52.1-8+deb8u3 - +
    +
      + +
    • + + CVE-2015-4844 +
      Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2016-0494 +
      Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2015-2632 +
      Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
      + Link +
      • + +
    +
    • + +
  • +
    + git 1:2.1.4-2.1+deb8u1 - +
    +
      + +
    • + + CVE-2016-2315 +
      revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
      + Link +
      • + +
    • + + CVE-2016-2324 +
      Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
      + Link +
      • + +
    +
    • + +
  • +
    + perl 5.20.2-3+deb8u1 - +
    +
      + +
    • + + CVE-2015-8607 +
      The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
      + Link +
      • + +
    • + + CVE-2011-4116 +
      + Link +
      • + +
    • + + CVE-2012-3878 +
      + Link +
      • + +
    • + + CVE-2016-2381 +
      Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
      + Link +
      • + +
    +
    • + +
  • +
    + curl 7.38.0-4+deb8u2 - +
    +
      + +
    • + + CVE-2016-0755 +
      The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
      + Link +
      • + +
    +
    • + +
  • +
    + apt 1.0.9.8.1 - +
    +
      + +
    • + + CVE-2011-3374 +
      + Link +
      • + +
    • + + CVE-2012-3587 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack.
      + Link +
      • + +
    • + + CVE-2012-0954 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587.
      + Link +
      • + +
    +
    • + +
  • +
    + gcc-4.9 4.9.2-10 - +
    +
      + +
    • + + CVE-2015-5276 +
      The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + gnutls28 3.3.8-6+deb8u3 - +
    +
      + +
    • + + CVE-2011-3389 +
      The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
      + Link +
      • + +
    +
    • + +
  • +
    + pam 1.1.8-3.1 - +
    +
      + +
    • + + CVE-2015-3238 +
      The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
      + Link +
      • + +
    +
    • + +
  • +
    + util-linux 2.25.2-6 - +
    +
      + +
    • + + CVE-2015-5224 +
      + Link +
      • + +
    • + + CVE-2016-2779 +
      + Link +
      • + +
    • + + CVE-2015-5218 +
      Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.
      + Link +
      • + +
    +
    • + +
  • +
    + libidn 1.29-1 - +
    +
      + +
    • + + CVE-2015-2059 +
      The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.
      + Link +
      • + +
    +
    • + +
  • +
    + systemd 215-17+deb8u2 - +
    +
      + +
    • + + CVE-2013-4392 +
      systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.
      + Link +
      • + +
    • + + CVE-2015-8842 +
      + Link +
      • + +
    +
    • + +
  • +
    + shadow 1:4.2-3 - +
    +
      + +
    • + + CVE-2013-4235 +
      + Link +
      • + +
    • + + CVE-2007-5686 +
      initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.
      + Link +
      • + +
    +
    • + +
  • +
    + libbsd 0.7.0-2 - +
    +
      + +
    • + + CVE-2016-2090 +
      + Link +
      • + +
    +
    • + +
  • +
    + openldap 2.4.40+dfsg-1+deb8u1 - +
    +
      + +
    • + + CVE-2015-3276 +
      The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + python2.7 2.7.9-2 - +
    +
      + +
    • + + CVE-2013-7040 +
      Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.
      + Link +
      • + +
    +
    • + +
  • +
    + python-defaults 2.7.9-1 - +
    +
      + +
    • + + CVE-2008-4108 +
      Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory.
      + Link +
      • + +
    +
    • + +
  • +
    + wget 1.16-1 - +
    +
      + +
    • + + CVE-2006-6719 +
      The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.
      + Link +
      • + +
    +
    • + +
  • +
    + audit 1:2.4-1 - +
    +
      + +
    • + + CVE-2015-5186 +
      + Link +
      • + +
    +
    • + +
  • +
    + expat 2.1.0-6+deb8u1 - +
    +
      + +
    • + + CVE-2013-0340 +
      expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + tar 1.27.1-2 - +
    +
      + +
    • + + CVE-2005-2541 +
      Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
      + Link +
      • + +
    +
    • + +
  • +
    + bzr 2.6.0+bzr6595-6 - +
    +
      + +
    +
    • + +
  • +
    + ustr 1.0.4-3 - +
    +
      + +
    +
    • + +
  • +
    + gnupg 1.4.18-7 - +
    +
      + +
    +
    • + +
  • +
    + libffi 3.1-2 - +
    +
      + +
    +
    • + +
  • +
    + dpkg 1.17.26 - +
    +
      + +
    +
    • + +
  • +
    + libselinux 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + sed 4.2.2-4 - +
    +
      + +
    +
    • + +
  • +
    + ucf 3.0030 - +
    +
      + +
    +
    • + +
  • +
    + debconf 1.5.56 - +
    +
      + +
    +
    • + +
  • +
    + adduser 3.113+nmu3 - +
    +
      + +
    +
    • + +
  • +
    + hostname 3.15 - +
    +
      + +
    +
    • + +
  • +
    + slang2 2.3.0-2 - +
    +
      + +
    +
    • + +
  • +
    + bzip2 1.0.6-7 - +
    +
      + +
    +
    • + +
  • +
    + attr 1:2.4.47-2 - +
    +
      + +
    +
    • + +
  • +
    + base-files 8+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + coreutils 8.23-4 - +
    +
      + +
    • + + CVE-2016-2781 +
      + Link +
      • + +
    +
    • + +
  • +
    + sysvinit 2.88dsf-59 - +
    +
      + +
    +
    • + +
  • +
    + p11-kit 0.20.7-1 - +
    +
      + +
    +
    • + +
  • +
    + binutils 2.25-5 - +
    +
      + +
    +
    • + +
  • +
    + zlib 1:1.2.8.dfsg-2 - +
    +
      + +
    +
    • + +
  • +
    + gcc-4.8 4.8.4-1 - +
    +
      + +
    +
    • + +
  • +
    + keyutils 1.5.9-5 - +
    +
      + +
    +
    • + +
  • +
    + configobj 5.0.6-1 - +
    +
      + +
    +
    • + +
  • +
    + gmp 2:6.0.0+dfsg-6 - +
    +
      + +
    +
    • + +
  • +
    + make-dfsg 4.0-8.1 - +
    +
      + +
    +
    • + +
  • +
    + libsepol 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + procps 2:3.3.9-9 - +
    +
      + +
    +
    • + +
  • +
    + libgcrypt20 1.6.3-2 - +
    +
      + +
    • + + CVE-2015-7511 +
      + Link +
      • + +
    +
    • + +
  • +
    + gdbm 1.8.3-13.1 - +
    +
      + +
    +
    • + +
  • +
    + libusb 2:0.1.12-25 - +
    +
      + +
    +
    • + +
  • +
    + libtasn1-6 4.2-3+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + apr-util 1.5.4-1 - +
    +
      + +
    +
    • + +
  • +
    + iproute2 3.16.0-2 - +
    +
      + +
    +
    • + +
  • +
    + diffutils 1:3.3-1 - +
    +
      + +
    +
    • + +
  • +
    + startpar 0.59-3 - +
    +
      + +
    +
    • + +
  • +
    + ncurses 5.9+20140913-1 - +
    +
      + +
    +
    • + +
  • +
    + readline6 6.3-8 - +
    +
      + +
    +
    • + +
  • +
    + e2fsprogs 1.42.12-1.1 - +
    +
      + +
    +
    • + +
  • +
    + sensible-utils 0.0.9 - +
    +
      + +
    +
    • + +
  • +
    + rtmpdump 2.4+20150115.gita107cef-1 - +
    +
      + +
    +
    • + +
  • +
    + libedit 3.1-20140620-2 - +
    +
      + +
    +
    • + +
  • +
    + gzip 1.6-4 - +
    +
      + +
    +
    • + +
  • +
    + lvm2 2.02.111-2.2 - +
    +
      + +
    +
    • + +
  • +
    + libsemanage 2.3-1 - +
    +
      + +
    +
    • + +
  • +
    + isl 0.12.2-2 - +
    +
      + +
    +
    • + +
  • +
    + bash 4.3-11 - +
    +
      + +
    +
    • + +
  • +
    + mpclib3 1.0.2-1 - +
    +
      + +
    +
    • + +
  • +
    + liblocale-gettext-perl 1.05-8 - +
    +
      + +
    +
    • + +
  • +
    + libpsl 0.5.1-1 - +
    +
      + +
    +
    • + +
  • +
    + subversion 1.8.10-6+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + gcc-defaults 1.136 - +
    +
      + +
    +
    • + +
  • +
    + debian-archive-keyring 2014.3 - +
    +
      + +
    +
    • + +
  • +
    + cryptsetup 2:1.6.6-5 - +
    +
      + +
    +
    • + +
  • +
    + libtext-wrapi18n-perl 0.06-7 - +
    +
      + +
    +
    • + +
  • +
    + explorercanvas 0.r3-3 - +
    +
      + +
    +
    • + +
  • +
    + libcap2 1:2.24-8 - +
    +
      + +
    +
    • + +
  • +
    + liberror-perl 0.17-1.1 - +
    +
      + +
    +
    • + +
  • +
    + libtext-iconv-perl 1.7-5 - +
    +
      + +
    +
    • + +
  • +
    + sqlite3 3.8.7.1-1+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + findutils 4.4.2-9 - +
    +
      + +
    +
    • + +
  • +
    + inetutils 2:1.9.2.39.3a460-3 - +
    +
      + +
    +
    • + +
  • +
    + insserv 1.14.0-5 - +
    +
      + +
    +
    • + +
  • +
    + grep 2.20-4.1 - +
    +
      + +
    +
    • + +
  • +
    + db5.3 5.3.28-9 - +
    +
      + +
    +
    • + +
  • +
    + xz-utils 5.1.1alpha+20120614-2 - +
    +
      + +
    +
    • + +
  • +
    + cloog 0.18.2-1 - +
    +
      + +
    +
    • + +
  • +
    + acl 2.2.52-2 - +
    +
      + +
    +
    • + +
  • +
    + serf 1.3.8-1 - +
    +
      + +
    +
    • + +
  • +
    + init-system-helpers 1.22 - +
    +
      + +
    +
    • + +
  • +
    + ca-certificates 20141019 - +
    +
      + +
    +
    • + +
  • +
    + mercurial 3.1.2-2+deb8u1 - +
    +
      + +
    • + + CVE-2016-3068 +
      + Link +
      • + +
    • + + CVE-2016-3069 +
      + Link +
      • + +
    • + + CVE-2016-3630 +
      + Link +
      • + +
    +
    • + +
  • +
    + debianutils 4.4 - +
    +
      + +
    +
    • + +
  • +
    + netbase 5.3 - +
    +
      + +
    +
    • + +
  • +
    + mpfr4 3.1.2-2 - +
    +
      + +
    +
    • + +
  • +
    + libgpg-error 1.17-3 - +
    +
      + +
    +
    • + +
  • +
    + libssh2 1.4.3-4.1 - +
    +
      + +
    • + + CVE-2016-0787 +
      + Link +
      • + +
    +
    • + +
  • +
    + apr 1.5.1-3 - +
    +
      + +
    +
    • + +
  • +
    + cdebconf 0.192 - +
    +
      + +
    +
    • + +
  • +
    + dash 0.5.7-4 - +
    +
      + +
    +
    • + +
  • +
    + base-passwd 3.5.37 - +
    +
      + +
    +
    • + +
  • +
    + mime-support 3.58 - +
    +
      + +
    +
    • + +
  • +
    + libtext-charwidth-perl 0.04-7 - +
    +
      + +
    +
    • + +
  • +
    + tzdata 2015g-0+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + mawk 1.3.3-17 - +
    +
      + +
    +
    • + +
  • +
    + six 1.8.0-1 - +
    +
      + +
    +
    • + +
  • +
    + lsb 4.1+Debian13+nmu1 - +
    +
      + +
    +
    • + +
  • +
    + kmod 18-3 - +
    +
      + +
    +
    • + +
  • +
    + cyrus-sasl2 2.1.26.dfsg1-13+deb8u1 - +
    +
      + +
    +
    • + +
+
+
+ +
+

sha256:a58c4db729df8076e870544f91c997141bca59d6e182e9e1f0e2ce680b9418d4

+
+
+
    + +
  • +
    + pcre3 2:8.35-3.3 - +
    +
      + +
    • + + CVE-2015-8380 +
      The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8390 +
      PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8395 +
      PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392.
      + Link +
      • + +
    • + + CVE-2015-8387 +
      PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-2328 +
      PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8384 +
      PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-8389 +
      PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8388 +
      PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8391 +
      The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8394 +
      PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8386 +
      PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8392 +
      PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-2327 +
      PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8385 +
      PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-3191 +
      The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
      + Link +
      • + +
    • + + CVE-2015-8383 +
      PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8381 +
      The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-1283 +
      The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2014-9769 +
      pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset.
      + Link +
      • + +
    • + + CVE-2015-8382 +
      The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.
      + Link +
      • + +
    • + + CVE-2015-8393 +
      pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
      + Link +
      • + +
    • + + CVE-2015-2326 +
      + Link +
      • + +
    • + + CVE-2015-3210 +
      + Link +
      • + +
    • + + CVE-2015-2325 +
      + Link +
      • + +
    • + + CVE-2015-5073 +
      + Link +
      • + +
    • + + CVE-2015-3217 +
      + Link +
      • + +
    +
    • + +
  • +
    + openssh 1:6.7p1-5 - +
    +
      + +
    • + + CVE-2015-5600 +
      The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.
      + Link +
      • + +
    • + + CVE-2015-5352 +
      The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.
      + Link +
      • + +
    • + + CVE-2016-3115 +
      Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
      + Link +
      • + +
    • + + CVE-2015-6564 +
      Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
      + Link +
      • + +
    • + + CVE-2016-0778 +
      The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
      + Link +
      • + +
    • + + CVE-2016-0777 +
      The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
      + Link +
      • + +
    • + + CVE-2015-6563 +
      The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
      + Link +
      • + +
    • + + CVE-2007-2243 +
      OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.
      + Link +
      • + +
    • + + CVE-2008-3234 +
      sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.
      + Link +
      • + +
    • + + CVE-2007-2768 +
      OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.
      + Link +
      • + +
    • + + CVE-2016-1908 +
      + Link +
      • + +
    • + + CVE-2015-8325 +
      + Link +
      • + +
    +
    • + +
  • +
    + openssl 1.0.1k-3+deb8u2 - +
    +
      + +
    • + + CVE-2016-2842 +
      The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.
      + Link +
      • + +
    • + + CVE-2016-0705 +
      Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
      + Link +
      • + +
    • + + CVE-2016-0799 +
      The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.
      + Link +
      • + +
    • + + CVE-2016-0798 +
      Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.
      + Link +
      • + +
    • + + CVE-2016-0797 +
      Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.
      + Link +
      • + +
    • + + CVE-2016-0702 +
      The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.
      + Link +
      • + +
    • + + CVE-2010-0928 +
      OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."
      + Link +
      • + +
    • + + CVE-2007-6755 +
      The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + glibc 2.19-18+deb8u1 - +
    +
      + +
    • + + CVE-2015-5277 +
      The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.
      + Link +
      • + +
    • + + CVE-2016-2856 +
      pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option.
      + Link +
      • + +
    • + + CVE-2014-8121 +
      DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.
      + Link +
      • + +
    • + + CVE-2015-7547 +
      Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
      + Link +
      • + +
    • + + CVE-2015-5180 +
      + Link +
      • + +
    • + + CVE-2013-2207 +
      pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
      + Link +
      • + +
    • + + CVE-2015-8777 +
      The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
      + Link +
      • + +
    • + + CVE-2010-4756 +
      The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
      + Link +
      • + +
    • + + CVE-2010-4052 +
      Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
      + Link +
      • + +
    • + + CVE-2010-4051 +
      The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
      + Link +
      • + +
    • + + CVE-2016-1234 +
      + Link +
      • + +
    • + + CVE-2015-8776 +
      + Link +
      • + +
    • + + CVE-2015-8778 +
      + Link +
      • + +
    • + + CVE-2014-9761 +
      + Link +
      • + +
    • + + CVE-2016-3075 +
      + Link +
      • + +
    • + + CVE-2015-8779 +
      + Link +
      • + +
    +
    • + +
  • +
    + krb5 1.12.1+dfsg-19+deb8u1 - +
    +
      + +
    • + + CVE-2015-8631 +
      Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.
      + Link +
      • + +
    • + + CVE-2015-2694 +
      The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.
      + Link +
      • + +
    • + + CVE-2015-8630 +
      The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.
      + Link +
      • + +
    • + + CVE-2016-3119 +
      The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
      + Link +
      • + +
    • + + CVE-2015-8629 +
      The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
      + Link +
      • + +
    • + + CVE-2004-0971 +
      The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
      + Link +
      • + +
    +
    • + +
  • +
    + nettle 2.7.1-5 - +
    +
      + +
    • + + CVE-2015-8803 +
      The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
      + Link +
      • + +
    • + + CVE-2015-8805 +
      The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.
      + Link +
      • + +
    • + + CVE-2015-8804 +
      x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + icu 52.1-8+deb8u3 - +
    +
      + +
    • + + CVE-2015-4844 +
      Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2016-0494 +
      Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2015-2632 +
      Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
      + Link +
      • + +
    +
    • + +
  • +
    + git 1:2.1.4-2.1+deb8u1 - +
    +
      + +
    • + + CVE-2016-2315 +
      revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
      + Link +
      • + +
    • + + CVE-2016-2324 +
      Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
      + Link +
      • + +
    +
    • + +
  • +
    + perl 5.20.2-3+deb8u1 - +
    +
      + +
    • + + CVE-2015-8607 +
      The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
      + Link +
      • + +
    • + + CVE-2011-4116 +
      + Link +
      • + +
    • + + CVE-2012-3878 +
      + Link +
      • + +
    • + + CVE-2016-2381 +
      Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
      + Link +
      • + +
    +
    • + +
  • +
    + apt 1.0.9.8.1 - +
    +
      + +
    • + + CVE-2011-3374 +
      + Link +
      • + +
    • + + CVE-2012-3587 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack.
      + Link +
      • + +
    • + + CVE-2012-0954 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587.
      + Link +
      • + +
    +
    • + +
  • +
    + libidn 1.29-1 - +
    +
      + +
    • + + CVE-2015-2059 +
      The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.
      + Link +
      • + +
    +
    • + +
  • +
    + gnutls28 3.3.8-6+deb8u3 - +
    +
      + +
    • + + CVE-2011-3389 +
      The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
      + Link +
      • + +
    +
    • + +
  • +
    + pam 1.1.8-3.1 - +
    +
      + +
    • + + CVE-2015-3238 +
      The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
      + Link +
      • + +
    +
    • + +
  • +
    + curl 7.38.0-4+deb8u2 - +
    +
      + +
    • + + CVE-2016-0755 +
      The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
      + Link +
      • + +
    +
    • + +
  • +
    + util-linux 2.25.2-6 - +
    +
      + +
    • + + CVE-2015-5224 +
      + Link +
      • + +
    • + + CVE-2016-2779 +
      + Link +
      • + +
    • + + CVE-2015-5218 +
      Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.
      + Link +
      • + +
    +
    • + +
  • +
    + gcc-4.9 4.9.2-10 - +
    +
      + +
    • + + CVE-2015-5276 +
      The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + shadow 1:4.2-3 - +
    +
      + +
    • + + CVE-2013-4235 +
      + Link +
      • + +
    • + + CVE-2007-5686 +
      initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.
      + Link +
      • + +
    +
    • + +
  • +
    + systemd 215-17+deb8u2 - +
    +
      + +
    • + + CVE-2013-4392 +
      systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.
      + Link +
      • + +
    • + + CVE-2015-8842 +
      + Link +
      • + +
    +
    • + +
  • +
    + python-defaults 2.7.9-1 - +
    +
      + +
    • + + CVE-2008-4108 +
      Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory.
      + Link +
      • + +
    +
    • + +
  • +
    + expat 2.1.0-6+deb8u1 - +
    +
      + +
    • + + CVE-2013-0340 +
      expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + wget 1.16-1 - +
    +
      + +
    • + + CVE-2006-6719 +
      The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.
      + Link +
      • + +
    +
    • + +
  • +
    + openldap 2.4.40+dfsg-1+deb8u1 - +
    +
      + +
    • + + CVE-2015-3276 +
      The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + python2.7 2.7.9-2 - +
    +
      + +
    • + + CVE-2013-7040 +
      Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.
      + Link +
      • + +
    +
    • + +
  • +
    + audit 1:2.4-1 - +
    +
      + +
    • + + CVE-2015-5186 +
      + Link +
      • + +
    +
    • + +
  • +
    + libbsd 0.7.0-2 - +
    +
      + +
    • + + CVE-2016-2090 +
      + Link +
      • + +
    +
    • + +
  • +
    + tar 1.27.1-2 - +
    +
      + +
    • + + CVE-2005-2541 +
      Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
      + Link +
      • + +
    +
    • + +
  • +
    + sensible-utils 0.0.9 - +
    +
      + +
    +
    • + +
  • +
    + sysvinit 2.88dsf-59 - +
    +
      + +
    +
    • + +
  • +
    + rtmpdump 2.4+20150115.gita107cef-1 - +
    +
      + +
    +
    • + +
  • +
    + cryptsetup 2:1.6.6-5 - +
    +
      + +
    +
    • + +
  • +
    + findutils 4.4.2-9 - +
    +
      + +
    +
    • + +
  • +
    + gzip 1.6-4 - +
    +
      + +
    +
    • + +
  • +
    + libtext-iconv-perl 1.7-5 - +
    +
      + +
    +
    • + +
  • +
    + coreutils 8.23-4 - +
    +
      + +
    • + + CVE-2016-2781 +
      + Link +
      • + +
    +
    • + +
  • +
    + gnupg 1.4.18-7 - +
    +
      + +
    +
    • + +
  • +
    + adduser 3.113+nmu3 - +
    +
      + +
    +
    • + +
  • +
    + mercurial 3.1.2-2+deb8u1 - +
    +
      + +
    • + + CVE-2016-3068 +
      + Link +
      • + +
    • + + CVE-2016-3069 +
      + Link +
      • + +
    • + + CVE-2016-3630 +
      + Link +
      • + +
    +
    • + +
  • +
    + mawk 1.3.3-17 - +
    +
      + +
    +
    • + +
  • +
    + subversion 1.8.10-6+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + serf 1.3.8-1 - +
    +
      + +
    +
    • + +
  • +
    + libtasn1-6 4.2-3+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + hostname 3.15 - +
    +
      + +
    +
    • + +
  • +
    + libssh2 1.4.3-4.1 - +
    +
      + +
    • + + CVE-2016-0787 +
      + Link +
      • + +
    +
    • + +
  • +
    + base-passwd 3.5.37 - +
    +
      + +
    +
    • + +
  • +
    + lsb 4.1+Debian13+nmu1 - +
    +
      + +
    +
    • + +
  • +
    + db5.3 5.3.28-9 - +
    +
      + +
    +
    • + +
  • +
    + libcap2 1:2.24-8 - +
    +
      + +
    +
    • + +
  • +
    + libpsl 0.5.1-1 - +
    +
      + +
    +
    • + +
  • +
    + mime-support 3.58 - +
    +
      + +
    +
    • + +
  • +
    + debian-archive-keyring 2014.3 - +
    +
      + +
    +
    • + +
  • +
    + attr 1:2.4.47-2 - +
    +
      + +
    +
    • + +
  • +
    + explorercanvas 0.r3-3 - +
    +
      + +
    +
    • + +
  • +
    + lvm2 2.02.111-2.2 - +
    +
      + +
    +
    • + +
  • +
    + libgpg-error 1.17-3 - +
    +
      + +
    +
    • + +
  • +
    + netbase 5.3 - +
    +
      + +
    +
    • + +
  • +
    + keyutils 1.5.9-5 - +
    +
      + +
    +
    • + +
  • +
    + startpar 0.59-3 - +
    +
      + +
    +
    • + +
  • +
    + cyrus-sasl2 2.1.26.dfsg1-13+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + ucf 3.0030 - +
    +
      + +
    +
    • + +
  • +
    + bzip2 1.0.6-7 - +
    +
      + +
    +
    • + +
  • +
    + iproute2 3.16.0-2 - +
    +
      + +
    +
    • + +
  • +
    + kmod 18-3 - +
    +
      + +
    +
    • + +
  • +
    + libselinux 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + liblocale-gettext-perl 1.05-8 - +
    +
      + +
    +
    • + +
  • +
    + e2fsprogs 1.42.12-1.1 - +
    +
      + +
    +
    • + +
  • +
    + slang2 2.3.0-2 - +
    +
      + +
    +
    • + +
  • +
    + libtext-charwidth-perl 0.04-7 - +
    +
      + +
    +
    • + +
  • +
    + procps 2:3.3.9-9 - +
    +
      + +
    +
    • + +
  • +
    + debianutils 4.4 - +
    +
      + +
    +
    • + +
  • +
    + sqlite3 3.8.7.1-1+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + apr 1.5.1-3 - +
    +
      + +
    +
    • + +
  • +
    + apr-util 1.5.4-1 - +
    +
      + +
    +
    • + +
  • +
    + ustr 1.0.4-3 - +
    +
      + +
    +
    • + +
  • +
    + dpkg 1.17.26 - +
    +
      + +
    +
    • + +
  • +
    + gcc-4.8 4.8.4-1 - +
    +
      + +
    +
    • + +
  • +
    + bzr 2.6.0+bzr6595-6 - +
    +
      + +
    +
    • + +
  • +
    + ncurses 5.9+20140913-1 - +
    +
      + +
    +
    • + +
  • +
    + cdebconf 0.192 - +
    +
      + +
    +
    • + +
  • +
    + bash 4.3-11 - +
    +
      + +
    +
    • + +
  • +
    + ca-certificates 20141019 - +
    +
      + +
    +
    • + +
  • +
    + p11-kit 0.20.7-1 - +
    +
      + +
    +
    • + +
  • +
    + zlib 1:1.2.8.dfsg-2 - +
    +
      + +
    +
    • + +
  • +
    + insserv 1.14.0-5 - +
    +
      + +
    +
    • + +
  • +
    + liberror-perl 0.17-1.1 - +
    +
      + +
    +
    • + +
  • +
    + configobj 5.0.6-1 - +
    +
      + +
    +
    • + +
  • +
    + gmp 2:6.0.0+dfsg-6 - +
    +
      + +
    +
    • + +
  • +
    + xz-utils 5.1.1alpha+20120614-2 - +
    +
      + +
    +
    • + +
  • +
    + libtext-wrapi18n-perl 0.06-7 - +
    +
      + +
    +
    • + +
  • +
    + acl 2.2.52-2 - +
    +
      + +
    +
    • + +
  • +
    + libsemanage 2.3-1 - +
    +
      + +
    +
    • + +
  • +
    + base-files 8+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + libusb 2:0.1.12-25 - +
    +
      + +
    +
    • + +
  • +
    + diffutils 1:3.3-1 - +
    +
      + +
    +
    • + +
  • +
    + sed 4.2.2-4 - +
    +
      + +
    +
    • + +
  • +
    + libgcrypt20 1.6.3-2 - +
    +
      + +
    • + + CVE-2015-7511 +
      + Link +
      • + +
    +
    • + +
  • +
    + dash 0.5.7-4 - +
    +
      + +
    +
    • + +
  • +
    + readline6 6.3-8 - +
    +
      + +
    +
    • + +
  • +
    + libffi 3.1-2 - +
    +
      + +
    +
    • + +
  • +
    + gdbm 1.8.3-13.1 - +
    +
      + +
    +
    • + +
  • +
    + inetutils 2:1.9.2.39.3a460-3 - +
    +
      + +
    +
    • + +
  • +
    + libedit 3.1-20140620-2 - +
    +
      + +
    +
    • + +
  • +
    + six 1.8.0-1 - +
    +
      + +
    +
    • + +
  • +
    + debconf 1.5.56 - +
    +
      + +
    +
    • + +
  • +
    + libsepol 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + tzdata 2015g-0+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + init-system-helpers 1.22 - +
    +
      + +
    +
    • + +
  • +
    + grep 2.20-4.1 - +
    +
      + +
    +
    • + +
+
+
+ +
+

sha256:dea600df515e324cc6ba3bf597932b425b8183ccd832963ef79abf7140d61d62

+
+
+
    + +
  • +
    + pcre3 2:8.35-3.3 - +
    +
      + +
    • + + CVE-2015-8380 +
      The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8390 +
      PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8395 +
      PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392.
      + Link +
      • + +
    • + + CVE-2015-8387 +
      PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-2328 +
      PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8384 +
      PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-8389 +
      PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8388 +
      PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8391 +
      The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8394 +
      PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8386 +
      PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8392 +
      PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-2327 +
      PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8385 +
      PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-3191 +
      The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
      + Link +
      • + +
    • + + CVE-2015-8383 +
      PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8381 +
      The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-1283 +
      The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2014-9769 +
      pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset.
      + Link +
      • + +
    • + + CVE-2015-8382 +
      The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.
      + Link +
      • + +
    • + + CVE-2015-8393 +
      pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
      + Link +
      • + +
    • + + CVE-2015-2326 +
      + Link +
      • + +
    • + + CVE-2015-3210 +
      + Link +
      • + +
    • + + CVE-2015-2325 +
      + Link +
      • + +
    • + + CVE-2015-5073 +
      + Link +
      • + +
    • + + CVE-2015-3217 +
      + Link +
      • + +
    +
    • + +
  • +
    + openssl 1.0.1k-3+deb8u2 - +
    +
      + +
    • + + CVE-2016-2842 +
      The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.
      + Link +
      • + +
    • + + CVE-2016-0705 +
      Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
      + Link +
      • + +
    • + + CVE-2016-0799 +
      The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.
      + Link +
      • + +
    • + + CVE-2016-0798 +
      Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.
      + Link +
      • + +
    • + + CVE-2016-0797 +
      Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.
      + Link +
      • + +
    • + + CVE-2016-0702 +
      The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.
      + Link +
      • + +
    • + + CVE-2010-0928 +
      OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."
      + Link +
      • + +
    • + + CVE-2007-6755 +
      The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.
      + Link +
      • + +
    +
    • + +
  • +
    + glibc 2.19-18+deb8u1 - +
    +
      + +
    • + + CVE-2015-5277 +
      The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.
      + Link +
      • + +
    • + + CVE-2016-2856 +
      pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option.
      + Link +
      • + +
    • + + CVE-2014-8121 +
      DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.
      + Link +
      • + +
    • + + CVE-2015-7547 +
      Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
      + Link +
      • + +
    • + + CVE-2015-5180 +
      + Link +
      • + +
    • + + CVE-2013-2207 +
      pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
      + Link +
      • + +
    • + + CVE-2015-8777 +
      The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
      + Link +
      • + +
    • + + CVE-2010-4756 +
      The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
      + Link +
      • + +
    • + + CVE-2010-4052 +
      Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
      + Link +
      • + +
    • + + CVE-2010-4051 +
      The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
      + Link +
      • + +
    • + + CVE-2016-1234 +
      + Link +
      • + +
    • + + CVE-2015-8776 +
      + Link +
      • + +
    • + + CVE-2015-8778 +
      + Link +
      • + +
    • + + CVE-2014-9761 +
      + Link +
      • + +
    • + + CVE-2016-3075 +
      + Link +
      • + +
    • + + CVE-2015-8779 +
      + Link +
      • + +
    +
    • + +
  • +
    + krb5 1.12.1+dfsg-19+deb8u1 - +
    +
      + +
    • + + CVE-2015-8631 +
      Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.
      + Link +
      • + +
    • + + CVE-2015-2694 +
      The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.
      + Link +
      • + +
    • + + CVE-2015-8630 +
      The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.
      + Link +
      • + +
    • + + CVE-2016-3119 +
      The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
      + Link +
      • + +
    • + + CVE-2015-8629 +
      The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
      + Link +
      • + +
    • + + CVE-2004-0971 +
      The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
      + Link +
      • + +
    +
    • + +
  • +
    + nettle 2.7.1-5 - +
    +
      + +
    • + + CVE-2015-8803 +
      The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
      + Link +
      • + +
    • + + CVE-2015-8805 +
      The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.
      + Link +
      • + +
    • + + CVE-2015-8804 +
      x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + icu 52.1-8+deb8u3 - +
    +
      + +
    • + + CVE-2015-4844 +
      Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2016-0494 +
      Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
      + Link +
      • + +
    • + + CVE-2015-2632 +
      Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
      + Link +
      • + +
    +
    • + +
  • +
    + perl 5.20.2-3+deb8u1 - +
    +
      + +
    • + + CVE-2015-8607 +
      The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
      + Link +
      • + +
    • + + CVE-2011-4116 +
      + Link +
      • + +
    • + + CVE-2012-3878 +
      + Link +
      • + +
    • + + CVE-2016-2381 +
      Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
      + Link +
      • + +
    +
    • + +
  • +
    + libidn 1.29-1 - +
    +
      + +
    • + + CVE-2015-2059 +
      The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.
      + Link +
      • + +
    +
    • + +
  • +
    + gnutls28 3.3.8-6+deb8u3 - +
    +
      + +
    • + + CVE-2011-3389 +
      The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
      + Link +
      • + +
    +
    • + +
  • +
    + curl 7.38.0-4+deb8u2 - +
    +
      + +
    • + + CVE-2016-0755 +
      The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
      + Link +
      • + +
    +
    • + +
  • +
    + util-linux 2.25.2-6 - +
    +
      + +
    • + + CVE-2015-5224 +
      + Link +
      • + +
    • + + CVE-2016-2779 +
      + Link +
      • + +
    • + + CVE-2015-5218 +
      Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.
      + Link +
      • + +
    +
    • + +
  • +
    + apt 1.0.9.8.1 - +
    +
      + +
    • + + CVE-2011-3374 +
      + Link +
      • + +
    • + + CVE-2012-3587 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack.
      + Link +
      • + +
    • + + CVE-2012-0954 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587.
      + Link +
      • + +
    +
    • + +
  • +
    + gcc-4.9 4.9.2-10 - +
    +
      + +
    • + + CVE-2015-5276 +
      The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + pam 1.1.8-3.1 - +
    +
      + +
    • + + CVE-2015-3238 +
      The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
      + Link +
      • + +
    +
    • + +
  • +
    + shadow 1:4.2-3 - +
    +
      + +
    • + + CVE-2013-4235 +
      + Link +
      • + +
    • + + CVE-2007-5686 +
      initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.
      + Link +
      • + +
    +
    • + +
  • +
    + systemd 215-17+deb8u2 - +
    +
      + +
    • + + CVE-2013-4392 +
      systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.
      + Link +
      • + +
    • + + CVE-2015-8842 +
      + Link +
      • + +
    +
    • + +
  • +
    + audit 1:2.4-1 - +
    +
      + +
    • + + CVE-2015-5186 +
      + Link +
      • + +
    +
    • + +
  • +
    + wget 1.16-1 - +
    +
      + +
    • + + CVE-2006-6719 +
      The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.
      + Link +
      • + +
    +
    • + +
  • +
    + tar 1.27.1-2 - +
    +
      + +
    • + + CVE-2005-2541 +
      Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
      + Link +
      • + +
    +
    • + +
  • +
    + openldap 2.4.40+dfsg-1+deb8u1 - +
    +
      + +
    • + + CVE-2015-3276 +
      The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + zlib 1:1.2.8.dfsg-2 - +
    +
      + +
    +
    • + +
  • +
    + kmod 18-3 - +
    +
      + +
    +
    • + +
  • +
    + gcc-4.8 4.8.4-1 - +
    +
      + +
    +
    • + +
  • +
    + libffi 3.1-2 - +
    +
      + +
    +
    • + +
  • +
    + cyrus-sasl2 2.1.26.dfsg1-13+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + libtext-charwidth-perl 0.04-7 - +
    +
      + +
    +
    • + +
  • +
    + debianutils 4.4 - +
    +
      + +
    +
    • + +
  • +
    + gnupg 1.4.18-7 - +
    +
      + +
    +
    • + +
  • +
    + ca-certificates 20141019 - +
    +
      + +
    +
    • + +
  • +
    + bash 4.3-11 - +
    +
      + +
    +
    • + +
  • +
    + coreutils 8.23-4 - +
    +
      + +
    • + + CVE-2016-2781 +
      + Link +
      • + +
    +
    • + +
  • +
    + debconf 1.5.56 - +
    +
      + +
    +
    • + +
  • +
    + libselinux 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + grep 2.20-4.1 - +
    +
      + +
    +
    • + +
  • +
    + cryptsetup 2:1.6.6-5 - +
    +
      + +
    +
    • + +
  • +
    + libsepol 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + mawk 1.3.3-17 - +
    +
      + +
    +
    • + +
  • +
    + startpar 0.59-3 - +
    +
      + +
    +
    • + +
  • +
    + e2fsprogs 1.42.12-1.1 - +
    +
      + +
    +
    • + +
  • +
    + libusb 2:0.1.12-25 - +
    +
      + +
    +
    • + +
  • +
    + attr 1:2.4.47-2 - +
    +
      + +
    +
    • + +
  • +
    + debian-archive-keyring 2014.3 - +
    +
      + +
    +
    • + +
  • +
    + base-passwd 3.5.37 - +
    +
      + +
    +
    • + +
  • +
    + libsemanage 2.3-1 - +
    +
      + +
    +
    • + +
  • +
    + diffutils 1:3.3-1 - +
    +
      + +
    +
    • + +
  • +
    + libtext-wrapi18n-perl 0.06-7 - +
    +
      + +
    +
    • + +
  • +
    + libgpg-error 1.17-3 - +
    +
      + +
    +
    • + +
  • +
    + inetutils 2:1.9.2.39.3a460-3 - +
    +
      + +
    +
    • + +
  • +
    + libtasn1-6 4.2-3+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + libtext-iconv-perl 1.7-5 - +
    +
      + +
    +
    • + +
  • +
    + dash 0.5.7-4 - +
    +
      + +
    +
    • + +
  • +
    + insserv 1.14.0-5 - +
    +
      + +
    +
    • + +
  • +
    + netbase 5.3 - +
    +
      + +
    +
    • + +
  • +
    + readline6 6.3-8 - +
    +
      + +
    +
    • + +
  • +
    + libpsl 0.5.1-1 - +
    +
      + +
    +
    • + +
  • +
    + ustr 1.0.4-3 - +
    +
      + +
    +
    • + +
  • +
    + lsb 4.1+Debian13+nmu1 - +
    +
      + +
    +
    • + +
  • +
    + init-system-helpers 1.22 - +
    +
      + +
    +
    • + +
  • +
    + xz-utils 5.1.1alpha+20120614-2 - +
    +
      + +
    +
    • + +
  • +
    + dpkg 1.17.26 - +
    +
      + +
    +
    • + +
  • +
    + keyutils 1.5.9-5 - +
    +
      + +
    +
    • + +
  • +
    + lvm2 2.02.111-2.2 - +
    +
      + +
    +
    • + +
  • +
    + cdebconf 0.192 - +
    +
      + +
    +
    • + +
  • +
    + bzip2 1.0.6-7 - +
    +
      + +
    +
    • + +
  • +
    + gmp 2:6.0.0+dfsg-6 - +
    +
      + +
    +
    • + +
  • +
    + tzdata 2015g-0+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + p11-kit 0.20.7-1 - +
    +
      + +
    +
    • + +
  • +
    + libssh2 1.4.3-4.1 - +
    +
      + +
    • + + CVE-2016-0787 +
      + Link +
      • + +
    +
    • + +
  • +
    + sysvinit 2.88dsf-59 - +
    +
      + +
    +
    • + +
  • +
    + ncurses 5.9+20140913-1 - +
    +
      + +
    +
    • + +
  • +
    + slang2 2.3.0-2 - +
    +
      + +
    +
    • + +
  • +
    + sensible-utils 0.0.9 - +
    +
      + +
    +
    • + +
  • +
    + libgcrypt20 1.6.3-2 - +
    +
      + +
    • + + CVE-2015-7511 +
      + Link +
      • + +
    +
    • + +
  • +
    + iproute2 3.16.0-2 - +
    +
      + +
    +
    • + +
  • +
    + liblocale-gettext-perl 1.05-8 - +
    +
      + +
    +
    • + +
  • +
    + adduser 3.113+nmu3 - +
    +
      + +
    +
    • + +
  • +
    + procps 2:3.3.9-9 - +
    +
      + +
    +
    • + +
  • +
    + acl 2.2.52-2 - +
    +
      + +
    +
    • + +
  • +
    + hostname 3.15 - +
    +
      + +
    +
    • + +
  • +
    + sed 4.2.2-4 - +
    +
      + +
    +
    • + +
  • +
    + rtmpdump 2.4+20150115.gita107cef-1 - +
    +
      + +
    +
    • + +
  • +
    + libcap2 1:2.24-8 - +
    +
      + +
    +
    • + +
  • +
    + base-files 8+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + findutils 4.4.2-9 - +
    +
      + +
    +
    • + +
  • +
    + db5.3 5.3.28-9 - +
    +
      + +
    +
    • + +
  • +
    + gzip 1.6-4 - +
    +
      + +
    +
    • + +
+
+
+ +
+

sha256:c648cd6a73969d01003f84dcb558aa19f153fdbb63f6e7bc096cf204c1d46280

+
+
+
    + +
  • +
    + pcre3 2:8.35-3.3 - +
    +
      + +
    • + + CVE-2015-8380 +
      The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8390 +
      PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8395 +
      PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392.
      + Link +
      • + +
    • + + CVE-2015-8387 +
      PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-2328 +
      PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8384 +
      PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-8389 +
      PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8388 +
      PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8391 +
      The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8394 +
      PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8386 +
      PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8392 +
      PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-2327 +
      PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8385 +
      PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-3191 +
      The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
      + Link +
      • + +
    • + + CVE-2015-8383 +
      PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8381 +
      The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-1283 +
      The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2014-9769 +
      pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset.
      + Link +
      • + +
    • + + CVE-2015-8382 +
      The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.
      + Link +
      • + +
    • + + CVE-2015-8393 +
      pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
      + Link +
      • + +
    • + + CVE-2015-2326 +
      + Link +
      • + +
    • + + CVE-2015-3210 +
      + Link +
      • + +
    • + + CVE-2015-2325 +
      + Link +
      • + +
    • + + CVE-2015-5073 +
      + Link +
      • + +
    • + + CVE-2015-3217 +
      + Link +
      • + +
    +
    • + +
  • +
    + glibc 2.19-18+deb8u1 - +
    +
      + +
    • + + CVE-2015-5277 +
      The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.
      + Link +
      • + +
    • + + CVE-2016-2856 +
      pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option.
      + Link +
      • + +
    • + + CVE-2014-8121 +
      DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.
      + Link +
      • + +
    • + + CVE-2015-7547 +
      Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
      + Link +
      • + +
    • + + CVE-2015-5180 +
      + Link +
      • + +
    • + + CVE-2013-2207 +
      pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
      + Link +
      • + +
    • + + CVE-2015-8777 +
      The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
      + Link +
      • + +
    • + + CVE-2010-4756 +
      The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
      + Link +
      • + +
    • + + CVE-2010-4052 +
      Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
      + Link +
      • + +
    • + + CVE-2010-4051 +
      The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
      + Link +
      • + +
    • + + CVE-2016-1234 +
      + Link +
      • + +
    • + + CVE-2015-8776 +
      + Link +
      • + +
    • + + CVE-2015-8778 +
      + Link +
      • + +
    • + + CVE-2014-9761 +
      + Link +
      • + +
    • + + CVE-2016-3075 +
      + Link +
      • + +
    • + + CVE-2015-8779 +
      + Link +
      • + +
    +
    • + +
  • +
    + perl 5.20.2-3+deb8u1 - +
    +
      + +
    • + + CVE-2015-8607 +
      The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
      + Link +
      • + +
    • + + CVE-2011-4116 +
      + Link +
      • + +
    • + + CVE-2012-3878 +
      + Link +
      • + +
    • + + CVE-2016-2381 +
      Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
      + Link +
      • + +
    +
    • + +
  • +
    + util-linux 2.25.2-6 - +
    +
      + +
    • + + CVE-2015-5224 +
      + Link +
      • + +
    • + + CVE-2016-2779 +
      + Link +
      • + +
    • + + CVE-2015-5218 +
      Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.
      + Link +
      • + +
    +
    • + +
  • +
    + gcc-4.9 4.9.2-10 - +
    +
      + +
    • + + CVE-2015-5276 +
      The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + pam 1.1.8-3.1 - +
    +
      + +
    • + + CVE-2015-3238 +
      The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
      + Link +
      • + +
    +
    • + +
  • +
    + apt 1.0.9.8.1 - +
    +
      + +
    • + + CVE-2011-3374 +
      + Link +
      • + +
    • + + CVE-2012-3587 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack.
      + Link +
      • + +
    • + + CVE-2012-0954 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587.
      + Link +
      • + +
    +
    • + +
  • +
    + systemd 215-17+deb8u2 - +
    +
      + +
    • + + CVE-2013-4392 +
      systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.
      + Link +
      • + +
    • + + CVE-2015-8842 +
      + Link +
      • + +
    +
    • + +
  • +
    + shadow 1:4.2-3 - +
    +
      + +
    • + + CVE-2013-4235 +
      + Link +
      • + +
    • + + CVE-2007-5686 +
      initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.
      + Link +
      • + +
    +
    • + +
  • +
    + audit 1:2.4-1 - +
    +
      + +
    • + + CVE-2015-5186 +
      + Link +
      • + +
    +
    • + +
  • +
    + tar 1.27.1-2 - +
    +
      + +
    • + + CVE-2005-2541 +
      Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
      + Link +
      • + +
    +
    • + +
  • +
    + libtext-wrapi18n-perl 0.06-7 - +
    +
      + +
    +
    • + +
  • +
    + debian-archive-keyring 2014.3 - +
    +
      + +
    +
    • + +
  • +
    + bzip2 1.0.6-7 - +
    +
      + +
    +
    • + +
  • +
    + netbase 5.3 - +
    +
      + +
    +
    • + +
  • +
    + findutils 4.4.2-9 - +
    +
      + +
    +
    • + +
  • +
    + adduser 3.113+nmu3 - +
    +
      + +
    +
    • + +
  • +
    + debconf 1.5.56 - +
    +
      + +
    +
    • + +
  • +
    + bash 4.3-11 - +
    +
      + +
    +
    • + +
  • +
    + xz-utils 5.1.1alpha+20120614-2 - +
    +
      + +
    +
    • + +
  • +
    + liblocale-gettext-perl 1.05-8 - +
    +
      + +
    +
    • + +
  • +
    + sensible-utils 0.0.9 - +
    +
      + +
    +
    • + +
  • +
    + sysvinit 2.88dsf-59 - +
    +
      + +
    +
    • + +
  • +
    + startpar 0.59-3 - +
    +
      + +
    +
    • + +
  • +
    + base-passwd 3.5.37 - +
    +
      + +
    +
    • + +
  • +
    + mawk 1.3.3-17 - +
    +
      + +
    +
    • + +
  • +
    + lvm2 2.02.111-2.2 - +
    +
      + +
    +
    • + +
  • +
    + libtext-charwidth-perl 0.04-7 - +
    +
      + +
    +
    • + +
  • +
    + debianutils 4.4 - +
    +
      + +
    +
    • + +
  • +
    + gzip 1.6-4 - +
    +
      + +
    +
    • + +
  • +
    + attr 1:2.4.47-2 - +
    +
      + +
    +
    • + +
  • +
    + libsemanage 2.3-1 - +
    +
      + +
    +
    • + +
  • +
    + zlib 1:1.2.8.dfsg-2 - +
    +
      + +
    +
    • + +
  • +
    + base-files 8+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + libtext-iconv-perl 1.7-5 - +
    +
      + +
    +
    • + +
  • +
    + gnupg 1.4.18-7 - +
    +
      + +
    +
    • + +
  • +
    + coreutils 8.23-4 - +
    +
      + +
    • + + CVE-2016-2781 +
      + Link +
      • + +
    +
    • + +
  • +
    + init-system-helpers 1.22 - +
    +
      + +
    +
    • + +
  • +
    + sed 4.2.2-4 - +
    +
      + +
    +
    • + +
  • +
    + libcap2 1:2.24-8 - +
    +
      + +
    +
    • + +
  • +
    + libusb 2:0.1.12-25 - +
    +
      + +
    +
    • + +
  • +
    + ustr 1.0.4-3 - +
    +
      + +
    +
    • + +
  • +
    + libsepol 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + iproute2 3.16.0-2 - +
    +
      + +
    +
    • + +
  • +
    + diffutils 1:3.3-1 - +
    +
      + +
    +
    • + +
  • +
    + gcc-4.8 4.8.4-1 - +
    +
      + +
    +
    • + +
  • +
    + tzdata 2015g-0+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + grep 2.20-4.1 - +
    +
      + +
    +
    • + +
  • +
    + slang2 2.3.0-2 - +
    +
      + +
    +
    • + +
  • +
    + readline6 6.3-8 - +
    +
      + +
    +
    • + +
  • +
    + kmod 18-3 - +
    +
      + +
    +
    • + +
  • +
    + ncurses 5.9+20140913-1 - +
    +
      + +
    +
    • + +
  • +
    + dpkg 1.17.26 - +
    +
      + +
    +
    • + +
  • +
    + procps 2:3.3.9-9 - +
    +
      + +
    +
    • + +
  • +
    + acl 2.2.52-2 - +
    +
      + +
    +
    • + +
  • +
    + libgpg-error 1.17-3 - +
    +
      + +
    +
    • + +
  • +
    + db5.3 5.3.28-9 - +
    +
      + +
    +
    • + +
  • +
    + dash 0.5.7-4 - +
    +
      + +
    +
    • + +
  • +
    + e2fsprogs 1.42.12-1.1 - +
    +
      + +
    +
    • + +
  • +
    + insserv 1.14.0-5 - +
    +
      + +
    +
    • + +
  • +
    + libgcrypt20 1.6.3-2 - +
    +
      + +
    • + + CVE-2015-7511 +
      + Link +
      • + +
    +
    • + +
  • +
    + inetutils 2:1.9.2.39.3a460-3 - +
    +
      + +
    +
    • + +
  • +
    + libselinux 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + cryptsetup 2:1.6.6-5 - +
    +
      + +
    +
    • + +
  • +
    + lsb 4.1+Debian13+nmu1 - +
    +
      + +
    +
    • + +
  • +
    + cdebconf 0.192 - +
    +
      + +
    +
    • + +
  • +
    + hostname 3.15 - +
    +
      + +
    +
    • + +
+
+
+ +
+

sha256:440e9f8ae5cb10857c9b901fe6ed10eb9aa67b997981d16bc4d52f3713908f4e

+
+
+
    + +
  • +
    + pcre3 2:8.35-3.3 - +
    +
      + +
    • + + CVE-2015-8380 +
      The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8390 +
      PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8395 +
      PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392.
      + Link +
      • + +
    • + + CVE-2015-8387 +
      PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-2328 +
      PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8384 +
      PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-8389 +
      PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8388 +
      PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8391 +
      The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8394 +
      PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8386 +
      PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8392 +
      PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395.
      + Link +
      • + +
    • + + CVE-2015-2327 +
      PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8385 +
      PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-3191 +
      The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
      + Link +
      • + +
    • + + CVE-2015-8383 +
      PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8381 +
      The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2016-1283 +
      The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2014-9769 +
      pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset.
      + Link +
      • + +
    • + + CVE-2015-8382 +
      The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.
      + Link +
      • + +
    • + + CVE-2015-8393 +
      pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
      + Link +
      • + +
    • + + CVE-2015-2326 +
      + Link +
      • + +
    • + + CVE-2015-3210 +
      + Link +
      • + +
    • + + CVE-2015-2325 +
      + Link +
      • + +
    • + + CVE-2015-5073 +
      + Link +
      • + +
    • + + CVE-2015-3217 +
      + Link +
      • + +
    +
    • + +
  • +
    + glibc 2.19-18+deb8u1 - +
    +
      + +
    • + + CVE-2015-5277 +
      The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.
      + Link +
      • + +
    • + + CVE-2016-2856 +
      pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option.
      + Link +
      • + +
    • + + CVE-2014-8121 +
      DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.
      + Link +
      • + +
    • + + CVE-2015-7547 +
      Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
      + Link +
      • + +
    • + + CVE-2015-5180 +
      + Link +
      • + +
    • + + CVE-2013-2207 +
      pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
      + Link +
      • + +
    • + + CVE-2015-8777 +
      The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
      + Link +
      • + +
    • + + CVE-2010-4756 +
      The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
      + Link +
      • + +
    • + + CVE-2010-4052 +
      Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
      + Link +
      • + +
    • + + CVE-2010-4051 +
      The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
      + Link +
      • + +
    • + + CVE-2016-1234 +
      + Link +
      • + +
    • + + CVE-2015-8776 +
      + Link +
      • + +
    • + + CVE-2015-8778 +
      + Link +
      • + +
    • + + CVE-2014-9761 +
      + Link +
      • + +
    • + + CVE-2016-3075 +
      + Link +
      • + +
    • + + CVE-2015-8779 +
      + Link +
      • + +
    +
    • + +
  • +
    + perl 5.20.2-3+deb8u1 - +
    +
      + +
    • + + CVE-2015-8607 +
      The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
      + Link +
      • + +
    • + + CVE-2011-4116 +
      + Link +
      • + +
    • + + CVE-2012-3878 +
      + Link +
      • + +
    • + + CVE-2016-2381 +
      Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
      + Link +
      • + +
    +
    • + +
  • +
    + gcc-4.9 4.9.2-10 - +
    +
      + +
    • + + CVE-2015-5276 +
      The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + apt 1.0.9.8.1 - +
    +
      + +
    • + + CVE-2011-3374 +
      + Link +
      • + +
    • + + CVE-2012-3587 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack.
      + Link +
      • + +
    • + + CVE-2012-0954 +
      APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587.
      + Link +
      • + +
    +
    • + +
  • +
    + util-linux 2.25.2-6 - +
    +
      + +
    • + + CVE-2015-5224 +
      + Link +
      • + +
    • + + CVE-2016-2779 +
      + Link +
      • + +
    • + + CVE-2015-5218 +
      Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.
      + Link +
      • + +
    +
    • + +
  • +
    + pam 1.1.8-3.1 - +
    +
      + +
    • + + CVE-2015-3238 +
      The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
      + Link +
      • + +
    +
    • + +
  • +
    + shadow 1:4.2-3 - +
    +
      + +
    • + + CVE-2013-4235 +
      + Link +
      • + +
    • + + CVE-2007-5686 +
      initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.
      + Link +
      • + +
    +
    • + +
  • +
    + systemd 215-17+deb8u2 - +
    +
      + +
    • + + CVE-2013-4392 +
      systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.
      + Link +
      • + +
    • + + CVE-2015-8842 +
      + Link +
      • + +
    +
    • + +
  • +
    + tar 1.27.1-2 - +
    +
      + +
    • + + CVE-2005-2541 +
      Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
      + Link +
      • + +
    +
    • + +
  • +
    + audit 1:2.4-1 - +
    +
      + +
    • + + CVE-2015-5186 +
      + Link +
      • + +
    +
    • + +
  • +
    + lvm2 2.02.111-2.2 - +
    +
      + +
    +
    • + +
  • +
    + dash 0.5.7-4 - +
    +
      + +
    +
    • + +
  • +
    + mawk 1.3.3-17 - +
    +
      + +
    +
    • + +
  • +
    + lsb 4.1+Debian13+nmu1 - +
    +
      + +
    +
    • + +
  • +
    + acl 2.2.52-2 - +
    +
      + +
    +
    • + +
  • +
    + gnupg 1.4.18-7 - +
    +
      + +
    +
    • + +
  • +
    + liblocale-gettext-perl 1.05-8 - +
    +
      + +
    +
    • + +
  • +
    + grep 2.20-4.1 - +
    +
      + +
    +
    • + +
  • +
    + attr 1:2.4.47-2 - +
    +
      + +
    +
    • + +
  • +
    + sed 4.2.2-4 - +
    +
      + +
    +
    • + +
  • +
    + libgcrypt20 1.6.3-2 - +
    +
      + +
    • + + CVE-2015-7511 +
      + Link +
      • + +
    +
    • + +
  • +
    + gcc-4.8 4.8.4-1 - +
    +
      + +
    +
    • + +
  • +
    + hostname 3.15 - +
    +
      + +
    +
    • + +
  • +
    + diffutils 1:3.3-1 - +
    +
      + +
    +
    • + +
  • +
    + ncurses 5.9+20140913-1 - +
    +
      + +
    +
    • + +
  • +
    + debconf 1.5.56 - +
    +
      + +
    +
    • + +
  • +
    + sysvinit 2.88dsf-59 - +
    +
      + +
    +
    • + +
  • +
    + libsepol 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + libtext-charwidth-perl 0.04-7 - +
    +
      + +
    +
    • + +
  • +
    + libsemanage 2.3-1 - +
    +
      + +
    +
    • + +
  • +
    + readline6 6.3-8 - +
    +
      + +
    +
    • + +
  • +
    + procps 2:3.3.9-9 - +
    +
      + +
    +
    • + +
  • +
    + debian-archive-keyring 2014.3 - +
    +
      + +
    +
    • + +
  • +
    + insserv 1.14.0-5 - +
    +
      + +
    +
    • + +
  • +
    + slang2 2.3.0-2 - +
    +
      + +
    +
    • + +
  • +
    + debianutils 4.4 - +
    +
      + +
    +
    • + +
  • +
    + cryptsetup 2:1.6.6-5 - +
    +
      + +
    +
    • + +
  • +
    + libcap2 1:2.24-8 - +
    +
      + +
    +
    • + +
  • +
    + gzip 1.6-4 - +
    +
      + +
    +
    • + +
  • +
    + libselinux 2.3-2 - +
    +
      + +
    +
    • + +
  • +
    + zlib 1:1.2.8.dfsg-2 - +
    +
      + +
    +
    • + +
  • +
    + bash 4.3-11 - +
    +
      + +
    +
    • + +
  • +
    + bzip2 1.0.6-7 - +
    +
      + +
    +
    • + +
  • +
    + netbase 5.3 - +
    +
      + +
    +
    • + +
  • +
    + findutils 4.4.2-9 - +
    +
      + +
    +
    • + +
  • +
    + inetutils 2:1.9.2.39.3a460-3 - +
    +
      + +
    +
    • + +
  • +
    + sensible-utils 0.0.9 - +
    +
      + +
    +
    • + +
  • +
    + tzdata 2015g-0+deb8u1 - +
    +
      + +
    +
    • + +
  • +
    + ustr 1.0.4-3 - +
    +
      + +
    +
    • + +
  • +
    + libtext-iconv-perl 1.7-5 - +
    +
      + +
    +
    • + +
  • +
    + libtext-wrapi18n-perl 0.06-7 - +
    +
      + +
    +
    • + +
  • +
    + db5.3 5.3.28-9 - +
    +
      + +
    +
    • + +
  • +
    + kmod 18-3 - +
    +
      + +
    +
    • + +
  • +
    + base-passwd 3.5.37 - +
    +
      + +
    +
    • + +
  • +
    + libusb 2:0.1.12-25 - +
    +
      + +
    +
    • + +
  • +
    + coreutils 8.23-4 - +
    +
      + +
    • + + CVE-2016-2781 +
      + Link +
      • + +
    +
    • + +
  • +
    + dpkg 1.17.26 - +
    +
      + +
    +
    • + +
  • +
    + base-files 8+deb8u2 - +
    +
      + +
    +
    • + +
  • +
    + adduser 3.113+nmu3 - +
    +
      + +
    +
    • + +
  • +
    + cdebconf 0.192 - +
    +
      + +
    +
    • + +
  • +
    + init-system-helpers 1.22 - +
    +
      + +
    +
    • + +
  • +
    + startpar 0.59-3 - +
    +
      + +
    +
    • + +
  • +
    + xz-utils 5.1.1alpha+20120614-2 - +
    +
      + +
    +
    • + +
  • +
    + libgpg-error 1.17-3 - +
    +
      + +
    +
    • + +
  • +
    + iproute2 3.16.0-2 - +
    +
      + +
    +
    • + +
  • +
    + e2fsprogs 1.42.12-1.1 - +
    +
      + +
    +
    • + +
+
+
+ +
+
+
+
+
+ + + + + + \ No newline at end of file diff --git a/cmd/clairctl/reports/html/report-sample.html b/cmd/clairctl/reports/html/report-sample.html new file mode 100644 index 00000000..a16d0cc6 --- /dev/null +++ b/cmd/clairctl/reports/html/report-sample.html @@ -0,0 +1,2925 @@ + + + + Hyperclair report : jgsqware/ubuntu-git + + + + + + + +
+
+

Hyperclair report

+
+ +
+

Image: jgsqware/ubuntu-git

+ +
+
+ +

Total : 76

+

+ Critical : 1 + +

+

+ Medium : 17 + +

+

+ Low : 57 + +

+ Negligible : 1 +

+

+ +
+
+ +
+ + +
+
+
CVE-2015-7547
+
High
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2015-8239
+
Medium
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2015-8605
+
Medium
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2015-8540
+
Medium
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2015-8472
+
Medium
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2015-5277
+
Medium
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2015-7575
+
Medium
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2016-3191
+
Medium
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2016-2842
+
Medium
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2016-2037
+
Medium
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2015-7511
+
Medium
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2011-5325
+
Medium
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2015-7978
+
Medium
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2015-7977
+
Medium
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2016-2381
+
Medium
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2015-8138
+
Medium
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2016-2781
+
Medium
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2015-5602
+
Medium
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2014-2583
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2015-5276
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2014-5044
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2015-0245
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2014-4330
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2016-0727
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2015-8158
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2015-7973
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2015-8140
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2015-8139
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2015-7976
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2015-7979
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2013-7422
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2016-2148
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2016-2147
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2015-7974
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2014-9621
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2014-9620
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2014-9653
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2014-9645
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2014-2667
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2013-4235
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2016-0797
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2013-7041
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2016-0702
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2016-0705
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2016-0798
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2016-0799
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2014-9114
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2013-0157
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2015-8393
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2015-8387
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2015-8391
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2015-3238
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2015-8390
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2015-8394
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2015-2328
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2015-8385
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2015-8380
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2015-8386
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2015-8382
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2015-8778
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2014-9761
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2015-5180
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2013-2207
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2015-8776
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2015-8779
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2014-8625
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2014-2524
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2014-8121
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2015-1781
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2015-8777
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2016-1234
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2016-3075
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2015-1197
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2016-2774
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2016-2090
+
Low
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + + +
+
+
CVE-2015-5186
+
Negligible
+ + +
sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845
+
+ + +
+
+ +
+
+
+
+ +
+

sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845

+
+
+
    + +
  • +
    + eglibc 2.19-0ubuntu6.6 - +
    +
      + +
    • + + CVE-2015-7547 +
      Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
      + Link +
      • + +
    • + + CVE-2015-5277 +
      The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.
      + Link +
      • + +
    • + + CVE-2015-8778 +
      hcreate((size_t)-1) should fail with ENOMEM
      + Link +
      • + +
    • + + CVE-2013-2207 +
      pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
      + Link +
      • + +
    • + + CVE-2015-8776 +
      Passing out of range data to strftime() causes a segfault
      + Link +
      • + +
    • + + CVE-2015-8779 +
      catopen() Multiple unbounded stack allocations
      + Link +
      • + +
    • + + CVE-2015-5180 +
      DNS resolver NULL pointer dereference with crafted record type
      + Link +
      • + +
    • + + CVE-2014-9761 +
      nan function unbounded stack allocation
      + Link +
      • + +
    • + + CVE-2014-8121 +
      DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset.
      + Link +
      • + +
    • + + CVE-2015-1781 +
      Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.
      + Link +
      • + +
    • + + CVE-2015-8777 +
      The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
      + Link +
      • + +
    • + + CVE-2016-1234 +
      glob: buffer overflow with GLOB_ALTDIRFUNC due to incorrect NAME_MAX limit assumption
      + Link +
      • + +
    • + + CVE-2016-3075 +
      The getnetbyname implementation in nss_dns contains a potentially unbounded alloca call (in the form of a call to strdupa), leading to a stack overflow (stack exhaustion) and a crash if getnetbyname is invoked on a very long name.
      + Link +
      • + +
    +
    • + +
  • +
    + ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.6 - +
    +
      + +
    • + + CVE-2015-8138 +
      ntp: missing check for zero originate timestamp
      + Link +
      • + +
    • + + CVE-2015-7977 +
      reslist NULL pointer dereference
      + Link +
      • + +
    • + + CVE-2015-7978 +
      Stack exhaustion in recursive traversal of restriction list
      + Link +
      • + +
    • + + CVE-2016-0727 +
      NTP statsdir cleanup cronjob insecure
      + Link +
      • + +
    • + + CVE-2015-8139 +
      Origin Leak: ntpq and ntpdc, disclose origin
      + Link +
      • + +
    • + + CVE-2015-7976 +
      ntpq saveconfig command allows dangerous characters in filenames
      + Link +
      • + +
    • + + CVE-2015-7979 +
      Off-path Denial of Service (DoS) attack on authenticated broadcast mode
      + Link +
      • + +
    • + + CVE-2015-8158 +
      Potential Infinite Loop in ntpq
      + Link +
      • + +
    • + + CVE-2015-7973 +
      Deja Vu: Replay attack on authenticated broadcast mode
      + Link +
      • + +
    • + + CVE-2015-8140 +
      ntpq vulnerable to replay attacks
      + Link +
      • + +
    • + + CVE-2015-7974 +
      NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."
      + Link +
      • + +
    +
    • + +
  • +
    + pcre3 1:8.31-2ubuntu2.1 - +
    +
      + +
    • + + CVE-2016-3191 +
      The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
      + Link +
      • + +
    • + + CVE-2015-8393 +
      pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
      + Link +
      • + +
    • + + CVE-2015-8387 +
      PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8391 +
      The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8390 +
      PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8394 +
      PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-2328 +
      PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8385 +
      PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8380 +
      The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8386 +
      PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
      + Link +
      • + +
    • + + CVE-2015-8382 +
      The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.
      + Link +
      • + +
    +
    • + +
  • +
    + openssl 1.0.1f-1ubuntu2.16 - +
    +
      + +
    • + + CVE-2016-2842 +
      The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.
      + Link +
      • + +
    • + + CVE-2016-0797 +
      Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.
      + Link +
      • + +
    • + + CVE-2016-0702 +
      The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.
      + Link +
      • + +
    • + + CVE-2016-0705 +
      Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
      + Link +
      • + +
    • + + CVE-2016-0798 +
      Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.
      + Link +
      • + +
    • + + CVE-2016-0799 +
      The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.
      + Link +
      • + +
    +
    • + +
  • +
    + busybox 1:1.21.0-1ubuntu1 - +
    +
      + +
    • + + CVE-2011-5325 +
      path traversal vulnerability in busybox tar
      + Link +
      • + +
    • + + CVE-2014-9645 +
      modprobe wrongly accepts paths as module names
      + Link +
      • + +
    • + + CVE-2016-2147 +
      OOB heap write due to integer underflow
      + Link +
      • + +
    • + + CVE-2016-2148 +
      heap overflow in OPTION_6RD parsing
      + Link +
      • + +
    +
    • + +
  • +
    + perl 5.18.2-2ubuntu1 - +
    +
      + +
    • + + CVE-2016-2381 +
      environment variable confusion
      + Link +
      • + +
    • + + CVE-2013-7422 +
      Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression.
      + Link +
      • + +
    • + + CVE-2014-4330 +
      The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function.
      + Link +
      • + +
    +
    • + +
  • +
    + file 1:5.14-2ubuntu3.3 - +
    +
      + +
    • + + CVE-2014-9621 +
      The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string.
      + Link +
      • + +
    • + + CVE-2014-9620 +
      The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.
      + Link +
      • + +
    • + + CVE-2014-9653 +
      readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.
      + Link +
      • + +
    +
    • + +
  • +
    + libpng 1.2.50-1ubuntu2.14.04.1 - +
    +
      + +
    • + + CVE-2015-8540 +
      underflow read in png_check_keyword in pngwutil.c
      + Link +
      • + +
    • + + CVE-2015-8472 +
      Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.
      + Link +
      • + +
    +
    • + +
  • +
    + sudo 1.8.9p5-1ubuntu1.2 - +
    +
      + +
    • + + CVE-2015-8239 +
      race condition checking digests/checksums in sudoers
      + Link +
      • + +
    • + + CVE-2015-5602 +
      sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt."
      + Link +
      • + +
    +
    • + +
  • +
    + pam 1.1.8-1ubuntu2 - +
    +
      + +
    • + + CVE-2015-3238 +
      The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
      + Link +
      • + +
    • + + CVE-2013-7041 +
      The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack.
      + Link +
      • + +
    • + + CVE-2014-2583 +
      Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create aribitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty funtion, which is used by the format_timestamp_name function.
      + Link +
      • + +
    +
    • + +
  • +
    + isc-dhcp 4.2.4-7ubuntu12.3 - +
    +
      + +
    • + + CVE-2015-8605 +
      ISC DHCP 4.x before 4.1-ESV-R12-P1 and 4.2.x and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.
      + Link +
      • + +
    • + + CVE-2016-2774 +
      ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions.
      + Link +
      • + +
    +
    • + +
  • +
    + cpio 2.11+dfsg-1ubuntu1.1 - +
    +
      + +
    • + + CVE-2016-2037 +
      The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.
      + Link +
      • + +
    • + + CVE-2015-1197 +
      cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.
      + Link +
      • + +
    +
    • + +
  • +
    + gcc-4.8 4.8.4-2ubuntu1~14.04 - +
    +
      + +
    • + + CVE-2014-5044 +
      Array memory allocations could cause an integer overflow and thus memory overflow issues at runtime.
      + Link +
      • + +
    • + + CVE-2015-5276 +
      The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.
      + Link +
      • + +
    +
    • + +
  • +
    + util-linux 2.20.1-5.1ubuntu20.7 - +
    +
      + +
    • + + CVE-2014-9114 +
      blkid command injection
      + Link +
      • + +
    • + + CVE-2013-0157 +
      (a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists.
      + Link +
      • + +
    +
    • + +
  • +
    + coreutils 8.21-1ubuntu5.3 - +
    +
      + +
    • + + CVE-2016-2781 +
      nonpriv session can escape to the parent session by using the TIOCSTI ioctl
      + Link +
      • + +
    +
    • + +
  • +
    + libgcrypt11 1.5.3-2ubuntu4.2 - +
    +
      + +
    • + + CVE-2015-7511 +
      ECDH Key-Extraction via Low-Bandwidth Electromagnetic Attacks on PCs
      + Link +
      • + +
    +
    • + +
  • +
    + gnutls26 2.12.23-12ubuntu2.3 - +
    +
      + +
    • + + CVE-2015-7575 +
      Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.
      + Link +
      • + +
    +
    • + +
  • +
    + python3.4 3.4.3-1ubuntu1~14.04.3 - +
    +
      + +
    • + + CVE-2014-2667 +
      Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value.
      + Link +
      • + +
    +
    • + +
  • +
    + dbus 1.6.18-0ubuntu4.3 - +
    +
      + +
    • + + CVE-2015-0245 +
      D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.
      + Link +
      • + +
    +
    • + +
  • +
    + libbsd 0.6.0-2ubuntu1 - +
    +
      + +
    • + + CVE-2016-2090 +
      Heap buffer overflow in fgetwln function of libbsd
      + Link +
      • + +
    +
    • + +
  • +
    + shadow 1:4.1.5.1-1ubuntu9.1 - +
    +
      + +
    • + + CVE-2013-4235 +
      TOCTOU race conditions by copying and removing directory trees
      + Link +
      • + +
    +
    • + +
  • +
    + dpkg 1.17.5ubuntu5.5 - +
    +
      + +
    • + + CVE-2014-8625 +
      Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.
      + Link +
      • + +
    +
    • + +
  • +
    + readline6 6.3-4ubuntu2 - +
    +
      + +
    • + + CVE-2014-2524 +
      The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.
      + Link +
      • + +
    +
    • + +
  • +
    + audit 1:2.3.2-2ubuntu1 - +
    +
      + +
    • + + CVE-2015-5186 +
      log terminal emulator escape sequences handling
      + Link +
      • + +
    +
    • + +
  • +
    + ucf 3.0027+nmu1 - +
    +
      + +
    +
    • + +
  • +
    + lsb 4.1+Debian11ubuntu6 - +
    +
      + +
    +
    • + +
  • +
    + ncurses 5.9+20140118-1ubuntu1 - +
    +
      + +
    +
    • + +
  • +
    + libusb 2:0.1.12-23.3ubuntu1 - +
    +
      + +
    +
    • + +
  • +
    + mawk 1.3.3-17ubuntu2 - +
    +
      + +
    +
    • + +
  • +
    + gzip 1.6-3ubuntu1 - +
    +
      + +
    +
    • + +
  • +
    + ubuntu-keyring 2012.05.19 - +
    +
      + +
    +
    • + +
  • +
    + json-c 0.11-3ubuntu1.2 - +
    +
      + +
    +
    • + +
  • +
    + gccgo-4.9 4.9.1-0ubuntu1 - +
    +
      + +
    +
    • + +
  • +
    + e2fsprogs 1.42.9-3ubuntu1.3 - +
    +
      + +
    +
    • + +
  • +
    + libtext-wrapi18n-perl 0.06-7 - +
    +
      + +
    +
    • + +
  • +
    + bzip2 1.0.6-5 - +
    +
      + +
    +
    • + +
  • +
    + tzdata 2015g-0ubuntu0.14.04 - +
    +
      + +
    +
    • + +
  • +
    + procps 1:3.3.9-1ubuntu2.2 - +
    +
      + +
    +
    • + +
  • +
    + upstart 1.12.1-0ubuntu4.2 - +
    +
      + +
    +
    • + +
  • +
    + dh-python 1.20140128-1ubuntu8.2 - +
    +
      + +
    +
    • + +
  • +
    + db5.3 5.3.28-3ubuntu3 - +
    +
      + +
    +
    • + +
  • +
    + xz-utils 5.1.1alpha+20120614-2ubuntu2 - +
    +
      + +
    +
    • + +
  • +
    + kmod 15-0ubuntu6 - +
    +
      + +
    +
    • + +
  • +
    + vim 2:7.4.052-1ubuntu3 - +
    +
      + +
    +
    • + +
  • +
    + mime-support 3.54ubuntu1.1 - +
    +
      + +
    +
    • + +
  • +
    + systemd 204-5ubuntu20.15 - +
    +
      + +
    +
    • + +
  • +
    + libpod-latex-perl 0.61-1 - +
    +
      + +
    +
    • + +
  • +
    + libtasn1-6 3.4-3ubuntu0.3 - +
    +
      + +
    +
    • + +
  • +
    + libterm-ui-perl 0.42-1 - +
    +
      + +
    +
    • + +
  • +
    + sensible-utils 0.0.9 - +
    +
      + +
    +
    • + +
  • +
    + libmodule-pluggable-perl 5.1-1 - +
    +
      + +
    +
    • + +
  • +
    + hostname 3.15ubuntu1 - +
    +
      + +
    +
    • + +
  • +
    + init-system-helpers 1.14 - +
    +
      + +
    +
    • + +
  • +
    + netcat-openbsd 1.105-7ubuntu1 - +
    +
      + +
    +
    • + +
  • +
    + xkeyboard-config 2.10.1-1ubuntu1 - +
    +
      + +
    +
    • + +
  • +
    + libtext-charwidth-perl 0.04-7build3 - +
    +
      + +
    +
    • + +
  • +
    + bash 4.3-7ubuntu1.5 - +
    +
      + +
    +
    • + +
  • +
    + libcap2 1:2.24-0ubuntu2 - +
    +
      + +
    +
    • + +
  • +
    + netbase 5.2 - +
    +
      + +
    +
    • + +
  • +
    + popt 1.16-8ubuntu1 - +
    +
      + +
    +
    • + +
  • +
    + apt 1.0.1ubuntu2.10 - +
    +
      + +
    +
    • + +
  • +
    + mountall 2.53 - +
    +
      + +
    +
    • + +
  • +
    + ifupdown 0.7.47.2ubuntu4.1 - +
    +
      + +
    +
    • + +
  • +
    + sed 4.2.2-4ubuntu1 - +
    +
      + +
    +
    • + +
  • +
    + lvm2 2.02.98-6ubuntu2 - +
    +
      + +
    +
    • + +
  • +
    + less 458-2 - +
    +
      + +
    +
    • + +
  • +
    + libtext-iconv-perl 1.7-5build2 - +
    +
      + +
    +
    • + +
  • +
    + plymouth 0.8.8-0ubuntu17.1 - +
    +
      + +
    +
    • + +
  • +
    + libtext-soundex-perl 3.4-1build1 - +
    +
      + +
    +
    • + +
  • +
    + libnih 1.0.3-4ubuntu25 - +
    +
      + +
    +
    • + +
  • +
    + initramfs-tools 0.103ubuntu4.2 - +
    +
      + +
    +
    • + +
  • +
    + klibc 2.0.3-0ubuntu1 - +
    +
      + +
    +
    • + +
  • +
    + console-setup 1.70ubuntu8 - +
    +
      + +
    +
    • + +
  • +
    + dash 0.5.7-4ubuntu1 - +
    +
      + +
    +
    • + +
  • +
    + zlib 1:1.2.8.dfsg-1ubuntu1 - +
    +
      + +
    +
    • + +
  • +
    + libdrm 2.4.60-2~ubuntu14.04.1 - +
    +
      + +
    +
    • + +
  • +
    + gnupg 1.4.16-1ubuntu2.3 - +
    +
      + +
    +
    • + +
  • +
    + rsyslog 7.4.4-1ubuntu2.6 - +
    +
      + +
    +
    • + +
  • +
    + sqlite3 3.8.2-1ubuntu2.1 - +
    +
      + +
    +
    • + +
  • +
    + attr 1:2.4.47-1ubuntu1 - +
    +
      + +
    +
    • + +
  • +
    + liblog-message-simple-perl 0.10-1 - +
    +
      + +
    +
    • + +
  • +
    + ubuntu-meta 1.325 - +
    +
      + +
    +
    • + +
  • +
    + gdbm 1.8.3-12build1 - +
    +
      + +
    +
    • + +
  • +
    + ureadahead 0.100.0-16 - +
    +
      + +
    +
    • + +
  • +
    + insserv 1.14.0-5ubuntu2 - +
    +
      + +
    +
    • + +
  • +
    + libsemanage 2.2-1 - +
    +
      + +
    +
    • + +
  • +
    + libselinux 2.2.2-1ubuntu0.1 - +
    +
      + +
    +
    • + +
  • +
    + newt 0.52.15-2ubuntu5 - +
    +
      + +
    +
    • + +
  • +
    + libsepol 2.2-1ubuntu0.1 - +
    +
      + +
    +
    • + +
  • +
    + base-files 7.2ubuntu5.3 - +
    +
      + +
    +
    • + +
  • +
    + mpdecimal 2.4.0-6 - +
    +
      + +
    +
    • + +
  • +
    + iproute2 3.12.0-2ubuntu1 - +
    +
      + +
    +
    • + +
  • +
    + ustr 1.0.4-3ubuntu2 - +
    +
      + +
    +
    • + +
  • +
    + resolvconf 1.69ubuntu1.1 - +
    +
      + +
    +
    • + +
  • +
    + iputils 3:20121221-4ubuntu1.1 - +
    +
      + +
    +
    • + +
  • +
    + grep 2.16-1 - +
    +
      + +
    +
    • + +
  • +
    + fribidi 0.19.6-1 - +
    +
      + +
    +
    • + +
  • +
    + acl 2.2.52-1 - +
    +
      + +
    +
    • + +
  • +
    + python3-defaults 3.4.0-0ubuntu2 - +
    +
      + +
    +
    • + +
  • +
    + debconf 1.5.51ubuntu2 - +
    +
      + +
    +
    • + +
  • +
    + findutils 4.4.2-7 - +
    +
      + +
    +
    • + +
  • +
    + lockfile-progs 0.1.17 - +
    +
      + +
    +
    • + +
  • +
    + expat 2.1.0-4ubuntu1.1 - +
    +
      + +
    +
    • + +
  • +
    + tar 1.27.1-1 - +
    +
      + +
    +
    • + +
  • +
    + slang2 2.2.4-15ubuntu1 - +
    +
      + +
    +
    • + +
  • +
    + net-tools 1.60-25ubuntu2.1 - +
    +
      + +
    +
    • + +
  • +
    + logrotate 3.8.7-1ubuntu1 - +
    +
      + +
    +
    • + +
  • +
    + adduser 3.113+nmu3ubuntu3 - +
    +
      + +
    +
    • + +
  • +
    + cron 3.0pl1-124ubuntu2 - +
    +
      + +
    +
    • + +
  • +
    + base-passwd 3.5.33 - +
    +
      + +
    +
    • + +
  • +
    + kbd 1.15.5-1ubuntu1 - +
    +
      + +
    +
    • + +
  • +
    + p11-kit 0.20.2-2ubuntu2 - +
    +
      + +
    +
    • + +
  • +
    + cgmanager 0.24-0ubuntu7.5 - +
    +
      + +
    +
    • + +
  • +
    + liblockfile 1.09-6ubuntu1 - +
    +
      + +
    +
    • + +
  • +
    + libestr 0.1.9-0ubuntu2 - +
    +
      + +
    +
    • + +
  • +
    + eject 2.1.5+deb1+cvs20081104-13.1 - +
    +
      + +
    +
    • + +
  • +
    + sysvinit 2.88dsf-41ubuntu6.2 - +
    +
      + +
    +
    • + +
  • +
    + cdebconf 0.187ubuntu1 - +
    +
      + +
    +
    • + +
  • +
    + diffutils 1:3.3-1 - +
    +
      + +
    +
    • + +
  • +
    + libarchive-extract-perl 0.70-1 - +
    +
      + +
    +
    • + +
  • +
    + libffi 3.1~rc1+r3.0.13-12ubuntu0.1 - +
    +
      + +
    +
    • + +
  • +
    + langpack-locales 2.13+git20120306-12.1 - +
    +
      + +
    +
    • + +
  • +
    + makedev 2.3.1-93ubuntu1 - +
    +
      + +
    +
    • + +
  • +
    + libgpg-error 1.12-0.2ubuntu1 - +
    +
      + +
    +
    • + +
  • +
    + liblocale-gettext-perl 1.05-7build3 - +
    +
      + +
    +
    • + +
  • +
    + debianutils 4.4 - +
    +
      + +
    +
    • + +
+
+
+ +
+

sha256:9e0bc8a71bde464f710bc2b593a1fc21521517671e918687892303151331fa56

+
+
+
    + +
+
+
+ +
+

sha256:27aa681c95e5165caf287dcfe896532df4ae8b10e099500f2f8f71acf4002a89

+
+
+
    + +
+
+
+ +
+

sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4

+
+
+
    + +
+
+
+ +
+
+
+
+
+ + + + + + \ No newline at end of file diff --git a/cmd/clairctl/reports/json/analysis-jgsqware-ubuntu-git-latest.json b/cmd/clairctl/reports/json/analysis-jgsqware-ubuntu-git-latest.json new file mode 100644 index 00000000..1497cb58 --- /dev/null +++ b/cmd/clairctl/reports/json/analysis-jgsqware-ubuntu-git-latest.json @@ -0,0 +1,1580 @@ +{ + "Registry": "registry:5000", + "ImageName": "jgsqware/ubuntu-git", + "Tag": "latest", + "Layers": [ + { + "Layer": { + "Name": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845", + "Namespace": "ubuntu:14.04", + "ParentName": "sha256:9e0bc8a71bde464f710bc2b593a1fc21521517671e918687892303151331fa56", + "IndexedByVersion": 2, + "Features": [ + { + "Name": "sudo", + "Namespace": "ubuntu:14.04", + "Version": "1.8.9p5-1ubuntu1.2", + "Vulnerabilities": [ + { + "Name": "CVE-2015-8239", + "Namespace": "ubuntu:14.04", + "Description": "race condition checking digests/checksums in sudoers", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8239", + "Severity": "Medium" + }, + { + "Name": "CVE-2015-5602", + "Namespace": "ubuntu:14.04", + "Description": "sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by \"/home/*/*/file.txt.\"", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-5602", + "Severity": "Medium" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libtext-soundex-perl", + "Namespace": "ubuntu:14.04", + "Version": "3.4-1build1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "dash", + "Namespace": "ubuntu:14.04", + "Version": "0.5.7-4ubuntu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "eject", + "Namespace": "ubuntu:14.04", + "Version": "2.1.5+deb1+cvs20081104-13.1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "gcc-4.8", + "Namespace": "ubuntu:14.04", + "Version": "4.8.4-2ubuntu1~14.04", + "Vulnerabilities": [ + { + "Name": "CVE-2014-5044", + "Namespace": "ubuntu:14.04", + "Description": "Array memory allocations could cause an integer overflow and thus memory overflow issues at runtime.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-5044", + "Severity": "Low" + }, + { + "Name": "CVE-2015-5276", + "Namespace": "ubuntu:14.04", + "Description": "The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-5276", + "Severity": "Low" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "lvm2", + "Namespace": "ubuntu:14.04", + "Version": "2.02.98-6ubuntu2", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "net-tools", + "Namespace": "ubuntu:14.04", + "Version": "1.60-25ubuntu2.1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libsepol", + "Namespace": "ubuntu:14.04", + "Version": "2.2-1ubuntu0.1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libtext-charwidth-perl", + "Namespace": "ubuntu:14.04", + "Version": "0.04-7build3", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "cdebconf", + "Namespace": "ubuntu:14.04", + "Version": "0.187ubuntu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "vim", + "Namespace": "ubuntu:14.04", + "Version": "2:7.4.052-1ubuntu3", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "attr", + "Namespace": "ubuntu:14.04", + "Version": "1:2.4.47-1ubuntu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "gnutls26", + "Namespace": "ubuntu:14.04", + "Version": "2.12.23-12ubuntu2.3", + "Vulnerabilities": [ + { + "Name": "CVE-2015-7575", + "Namespace": "ubuntu:14.04", + "Description": "Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-7575", + "Severity": "Medium", + "FixedBy": "2.12.23-12ubuntu2.4" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "python3.4", + "Namespace": "ubuntu:14.04", + "Version": "3.4.3-1ubuntu1~14.04.3", + "Vulnerabilities": [ + { + "Name": "CVE-2014-2667", + "Namespace": "ubuntu:14.04", + "Description": "Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-2667", + "Severity": "Low" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "logrotate", + "Namespace": "ubuntu:14.04", + "Version": "3.8.7-1ubuntu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "adduser", + "Namespace": "ubuntu:14.04", + "Version": "3.113+nmu3ubuntu3", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "base-passwd", + "Namespace": "ubuntu:14.04", + "Version": "3.5.33", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "grep", + "Namespace": "ubuntu:14.04", + "Version": "2.16-1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "dpkg", + "Namespace": "ubuntu:14.04", + "Version": "1.17.5ubuntu5.5", + "Vulnerabilities": [ + { + "Name": "CVE-2014-8625", + "Namespace": "ubuntu:14.04", + "Description": "Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-8625", + "Severity": "Low" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "ustr", + "Namespace": "ubuntu:14.04", + "Version": "1.0.4-3ubuntu2", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "db5.3", + "Namespace": "ubuntu:14.04", + "Version": "5.3.28-3ubuntu3", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libtext-iconv-perl", + "Namespace": "ubuntu:14.04", + "Version": "1.7-5build2", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "gccgo-4.9", + "Namespace": "ubuntu:14.04", + "Version": "4.9.1-0ubuntu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "xz-utils", + "Namespace": "ubuntu:14.04", + "Version": "5.1.1alpha+20120614-2ubuntu2", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "netcat-openbsd", + "Namespace": "ubuntu:14.04", + "Version": "1.105-7ubuntu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "coreutils", + "Namespace": "ubuntu:14.04", + "Version": "8.21-1ubuntu5.3", + "Vulnerabilities": [ + { + "Name": "CVE-2015-1865", + "Namespace": "ubuntu:14.04", + "Description": "\"time of check to time of use\" race condition fts.c", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-1865", + "Severity": "Low" + }, + { + "Name": "CVE-2016-2781", + "Namespace": "ubuntu:14.04", + "Description": "nonpriv session can escape to the parent session by using the TIOCSTI ioctl", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2781", + "Severity": "Medium" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "cpio", + "Namespace": "ubuntu:14.04", + "Version": "2.11+dfsg-1ubuntu1.1", + "Vulnerabilities": [ + { + "Name": "CVE-2016-2037", + "Namespace": "ubuntu:14.04", + "Description": "The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2037", + "Severity": "Medium", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 4.3, + "Vectors": "AV:N/AC:M/Au:N/C:N/I:N" + } + } + }, + "FixedBy": "2.11+dfsg-1ubuntu1.2" + }, + { + "Name": "CVE-2015-1197", + "Namespace": "ubuntu:14.04", + "Description": "cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-1197", + "Severity": "Low", + "FixedBy": "2.11+dfsg-1ubuntu1.2" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "tar", + "Namespace": "ubuntu:14.04", + "Version": "1.27.1-1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libffi", + "Namespace": "ubuntu:14.04", + "Version": "3.1~rc1+r3.0.13-12ubuntu0.1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libgcrypt11", + "Namespace": "ubuntu:14.04", + "Version": "1.5.3-2ubuntu4.2", + "Vulnerabilities": [ + { + "Name": "CVE-2015-7511", + "Namespace": "ubuntu:14.04", + "Description": "ECDH Key-Extraction via Low-Bandwidth Electromagnetic Attacks on PCs", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-7511", + "Severity": "Medium", + "FixedBy": "1.5.3-2ubuntu4.3" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "findutils", + "Namespace": "ubuntu:14.04", + "Version": "4.4.2-7", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "gzip", + "Namespace": "ubuntu:14.04", + "Version": "1.6-3ubuntu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "klibc", + "Namespace": "ubuntu:14.04", + "Version": "2.0.3-0ubuntu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "gnupg", + "Namespace": "ubuntu:14.04", + "Version": "1.4.16-1ubuntu2.3", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "readline6", + "Namespace": "ubuntu:14.04", + "Version": "6.3-4ubuntu2", + "Vulnerabilities": [ + { + "Name": "CVE-2014-2524", + "Namespace": "ubuntu:14.04", + "Description": "The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-2524", + "Severity": "Low" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "lockfile-progs", + "Namespace": "ubuntu:14.04", + "Version": "0.1.17", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "fribidi", + "Namespace": "ubuntu:14.04", + "Version": "0.19.6-1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "json-c", + "Namespace": "ubuntu:14.04", + "Version": "0.11-3ubuntu1.2", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "sysvinit", + "Namespace": "ubuntu:14.04", + "Version": "2.88dsf-41ubuntu6.2", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "base-files", + "Namespace": "ubuntu:14.04", + "Version": "7.2ubuntu5.3", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "ifupdown", + "Namespace": "ubuntu:14.04", + "Version": "0.7.47.2ubuntu4.1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "resolvconf", + "Namespace": "ubuntu:14.04", + "Version": "1.69ubuntu1.1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "bash", + "Namespace": "ubuntu:14.04", + "Version": "4.3-7ubuntu1.5", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "console-setup", + "Namespace": "ubuntu:14.04", + "Version": "1.70ubuntu8", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "pcre3", + "Namespace": "ubuntu:14.04", + "Version": "1:8.31-2ubuntu2.1", + "Vulnerabilities": [ + { + "Name": "CVE-2015-2328", + "Namespace": "ubuntu:14.04", + "Description": "PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-2328", + "Severity": "Low", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 7.5, + "Vectors": "AV:N/AC:L/Au:N/C:P/I:P" + } + } + } + }, + { + "Name": "CVE-2016-3191", + "Namespace": "ubuntu:14.04", + "Description": "The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-3191", + "Severity": "Medium", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 7.5, + "Vectors": "AV:N/AC:L/Au:N/C:P/I:P" + } + } + } + }, + { + "Name": "CVE-2015-8394", + "Namespace": "ubuntu:14.04", + "Description": "PCRE before 8.38 mishandles the (?(\u003cdigits\u003e) and (?(R\u003cdigits\u003e) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8394", + "Severity": "Low", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 7.5, + "Vectors": "AV:N/AC:L/Au:N/C:P/I:P" + } + } + } + }, + { + "Name": "CVE-2015-8391", + "Namespace": "ubuntu:14.04", + "Description": "The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8391", + "Severity": "Low", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 9, + "Vectors": "AV:N/AC:L/Au:N/C:P/I:P" + } + } + } + }, + { + "Name": "CVE-2015-8390", + "Namespace": "ubuntu:14.04", + "Description": "PCRE before 8.38 mishandles the [: and \\\\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8390", + "Severity": "Low", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 7.5, + "Vectors": "AV:N/AC:L/Au:N/C:P/I:P" + } + } + } + }, + { + "Name": "CVE-2015-8382", + "Namespace": "ubuntu:14.04", + "Description": "The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8382", + "Severity": "Low", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 6.4, + "Vectors": "AV:N/AC:L/Au:N/C:P/I:N" + } + } + } + }, + { + "Name": "CVE-2015-8387", + "Namespace": "ubuntu:14.04", + "Description": "PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8387", + "Severity": "Low", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 7.5, + "Vectors": "AV:N/AC:L/Au:N/C:P/I:P" + } + } + } + }, + { + "Name": "CVE-2015-8393", + "Namespace": "ubuntu:14.04", + "Description": "pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8393", + "Severity": "Low", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 5, + "Vectors": "AV:N/AC:L/Au:N/C:P/I:N" + } + } + } + }, + { + "Name": "CVE-2015-8386", + "Namespace": "ubuntu:14.04", + "Description": "PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8386", + "Severity": "Low", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 7.5, + "Vectors": "AV:N/AC:L/Au:N/C:P/I:P" + } + } + } + }, + { + "Name": "CVE-2015-8380", + "Namespace": "ubuntu:14.04", + "Description": "The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \\01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8380", + "Severity": "Low", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 7.5, + "Vectors": "AV:N/AC:L/Au:N/C:P/I:P" + } + } + } + }, + { + "Name": "CVE-2015-8385", + "Namespace": "ubuntu:14.04", + "Description": "PCRE before 8.38 mishandles the /(?|(\\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8385", + "Severity": "Low", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 7.5, + "Vectors": "AV:N/AC:L/Au:N/C:P/I:P" + } + } + } + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libsemanage", + "Namespace": "ubuntu:14.04", + "Version": "2.2-1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "gdbm", + "Namespace": "ubuntu:14.04", + "Version": "1.8.3-12build1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "xkeyboard-config", + "Namespace": "ubuntu:14.04", + "Version": "2.10.1-1ubuntu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "ncurses", + "Namespace": "ubuntu:14.04", + "Version": "5.9+20140118-1ubuntu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "python3-defaults", + "Namespace": "ubuntu:14.04", + "Version": "3.4.0-0ubuntu2", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libarchive-extract-perl", + "Namespace": "ubuntu:14.04", + "Version": "0.70-1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "iproute2", + "Namespace": "ubuntu:14.04", + "Version": "3.12.0-2ubuntu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "liblocale-gettext-perl", + "Namespace": "ubuntu:14.04", + "Version": "1.05-7build3", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "mawk", + "Namespace": "ubuntu:14.04", + "Version": "1.3.3-17ubuntu2", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "expat", + "Namespace": "ubuntu:14.04", + "Version": "2.1.0-4ubuntu1.1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libcap2", + "Namespace": "ubuntu:14.04", + "Version": "1:2.24-0ubuntu2", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "initramfs-tools", + "Namespace": "ubuntu:14.04", + "Version": "0.103ubuntu4.2", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libestr", + "Namespace": "ubuntu:14.04", + "Version": "0.1.9-0ubuntu2", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libtext-wrapi18n-perl", + "Namespace": "ubuntu:14.04", + "Version": "0.06-7", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "debianutils", + "Namespace": "ubuntu:14.04", + "Version": "4.4", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "insserv", + "Namespace": "ubuntu:14.04", + "Version": "1.14.0-5ubuntu2", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "slang2", + "Namespace": "ubuntu:14.04", + "Version": "2.2.4-15ubuntu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "systemd", + "Namespace": "ubuntu:14.04", + "Version": "204-5ubuntu20.15", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "upstart", + "Namespace": "ubuntu:14.04", + "Version": "1.12.1-0ubuntu4.2", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "kbd", + "Namespace": "ubuntu:14.04", + "Version": "1.15.5-1ubuntu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "busybox", + "Namespace": "ubuntu:14.04", + "Version": "1:1.21.0-1ubuntu1", + "Vulnerabilities": [ + { + "Name": "CVE-2014-9645", + "Namespace": "ubuntu:14.04", + "Description": "modprobe wrongly accepts paths as module names", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-9645", + "Severity": "Low" + }, + { + "Name": "CVE-2011-5325", + "Namespace": "ubuntu:14.04", + "Description": "path traversal vulnerability in busybox tar", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2011-5325", + "Severity": "Medium" + }, + { + "Name": "CVE-2016-2147", + "Namespace": "ubuntu:14.04", + "Description": "OOB heap write due to integer underflow", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2147", + "Severity": "Low" + }, + { + "Name": "CVE-2016-2148", + "Namespace": "ubuntu:14.04", + "Description": "heap overflow in OPTION_6RD parsing", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2148", + "Severity": "Low" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "eglibc", + "Namespace": "ubuntu:14.04", + "Version": "2.19-0ubuntu6.6", + "Vulnerabilities": [ + { + "Name": "CVE-2015-8778", + "Namespace": "ubuntu:14.04", + "Description": "hcreate((size_t)-1) should fail with ENOMEM", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8778", + "Severity": "Low" + }, + { + "Name": "CVE-2014-9761", + "Namespace": "ubuntu:14.04", + "Description": "nan function unbounded stack allocation", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-9761", + "Severity": "Low" + }, + { + "Name": "CVE-2015-5180", + "Namespace": "ubuntu:14.04", + "Description": "DNS resolver NULL pointer dereference with crafted record type", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-5180", + "Severity": "Low" + }, + { + "Name": "CVE-2013-2207", + "Namespace": "ubuntu:14.04", + "Description": "pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2013-2207", + "Severity": "Low" + }, + { + "Name": "CVE-2015-8776", + "Namespace": "ubuntu:14.04", + "Description": "Passing out of range data to strftime() causes a segfault", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8776", + "Severity": "Low" + }, + { + "Name": "CVE-2015-8779", + "Namespace": "ubuntu:14.04", + "Description": "catopen() Multiple unbounded stack allocations", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8779", + "Severity": "Low" + }, + { + "Name": "CVE-2015-5277", + "Namespace": "ubuntu:14.04", + "Description": "The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-5277", + "Severity": "Medium" + }, + { + "Name": "CVE-2015-7547", + "Namespace": "ubuntu:14.04", + "Description": "Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing \"dual A/AAAA DNS queries\" and the libnss_dns.so.2 NSS module.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-7547", + "Severity": "High", + "FixedBy": "2.19-0ubuntu6.7" + }, + { + "Name": "CVE-2014-8121", + "Namespace": "ubuntu:14.04", + "Description": "DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-8121", + "Severity": "Low" + }, + { + "Name": "CVE-2015-1781", + "Namespace": "ubuntu:14.04", + "Description": "Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-1781", + "Severity": "Low" + }, + { + "Name": "CVE-2016-1234", + "Namespace": "ubuntu:14.04", + "Description": "glob: buffer overflow with GLOB_ALTDIRFUNC due to incorrect NAME_MAX limit assumption", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-1234", + "Severity": "Medium" + }, + { + "Name": "CVE-2015-8777", + "Namespace": "ubuntu:14.04", + "Description": "The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8777", + "Severity": "Low" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "hostname", + "Namespace": "ubuntu:14.04", + "Version": "3.15ubuntu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "bzip2", + "Namespace": "ubuntu:14.04", + "Version": "1.0.6-5", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libnih", + "Namespace": "ubuntu:14.04", + "Version": "1.0.3-4ubuntu25", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "mpdecimal", + "Namespace": "ubuntu:14.04", + "Version": "2.4.0-6", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "openssl", + "Namespace": "ubuntu:14.04", + "Version": "1.0.1f-1ubuntu2.16", + "Vulnerabilities": [ + { + "Name": "CVE-2016-0797", + "Namespace": "ubuntu:14.04", + "Description": "Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-0797", + "Severity": "Low", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 5, + "Vectors": "AV:N/AC:L/Au:N/C:N/I:N" + } + } + }, + "FixedBy": "1.0.1f-1ubuntu2.18" + }, + { + "Name": "CVE-2016-2842", + "Namespace": "ubuntu:14.04", + "Description": "The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2842", + "Severity": "Medium", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 10, + "Vectors": "AV:N/AC:L/Au:N/C:C/I:C" + } + } + }, + "FixedBy": "1.0.1f-1ubuntu2.18" + }, + { + "Name": "CVE-2016-0702", + "Namespace": "ubuntu:14.04", + "Description": "The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a \"CacheBleed\" attack.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-0702", + "Severity": "Low", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 1.9, + "Vectors": "AV:L/AC:M/Au:N/C:P/I:N" + } + } + }, + "FixedBy": "1.0.1f-1ubuntu2.18" + }, + { + "Name": "CVE-2016-0705", + "Namespace": "ubuntu:14.04", + "Description": "Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-0705", + "Severity": "Low", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 10, + "Vectors": "AV:N/AC:L/Au:N/C:C/I:C" + } + } + }, + "FixedBy": "1.0.1f-1ubuntu2.18" + }, + { + "Name": "CVE-2016-0798", + "Namespace": "ubuntu:14.04", + "Description": "Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-0798", + "Severity": "Low", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 7.8, + "Vectors": "AV:N/AC:L/Au:N/C:N/I:N" + } + } + }, + "FixedBy": "1.0.1f-1ubuntu2.18" + }, + { + "Name": "CVE-2016-0799", + "Namespace": "ubuntu:14.04", + "Description": "The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-0799", + "Severity": "Low", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 10, + "Vectors": "AV:N/AC:L/Au:N/C:C/I:C" + } + } + }, + "FixedBy": "1.0.1f-1ubuntu2.18" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "diffutils", + "Namespace": "ubuntu:14.04", + "Version": "1:3.3-1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "apt", + "Namespace": "ubuntu:14.04", + "Version": "1.0.1ubuntu2.10", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "debconf", + "Namespace": "ubuntu:14.04", + "Version": "1.5.51ubuntu2", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "ubuntu-meta", + "Namespace": "ubuntu:14.04", + "Version": "1.325", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "rsyslog", + "Namespace": "ubuntu:14.04", + "Version": "7.4.4-1ubuntu2.6", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "dh-python", + "Namespace": "ubuntu:14.04", + "Version": "1.20140128-1ubuntu8.2", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libpng", + "Namespace": "ubuntu:14.04", + "Version": "1.2.50-1ubuntu2.14.04.1", + "Vulnerabilities": [ + { + "Name": "CVE-2015-8540", + "Namespace": "ubuntu:14.04", + "Description": "underflow read in png_check_keyword in pngwutil.c", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8540", + "Severity": "Medium", + "FixedBy": "1.2.50-1ubuntu2.14.04.2" + }, + { + "Name": "CVE-2015-8472", + "Namespace": "ubuntu:14.04", + "Description": "Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8472", + "Severity": "Medium", + "FixedBy": "1.2.50-1ubuntu2.14.04.2" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libmodule-pluggable-perl", + "Namespace": "ubuntu:14.04", + "Version": "5.1-1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "mountall", + "Namespace": "ubuntu:14.04", + "Version": "2.53", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "cron", + "Namespace": "ubuntu:14.04", + "Version": "3.0pl1-124ubuntu2", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "acl", + "Namespace": "ubuntu:14.04", + "Version": "2.2.52-1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libdrm", + "Namespace": "ubuntu:14.04", + "Version": "2.4.60-2~ubuntu14.04.1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "util-linux", + "Namespace": "ubuntu:14.04", + "Version": "2.20.1-5.1ubuntu20.7", + "Vulnerabilities": [ + { + "Name": "CVE-2014-9114", + "Namespace": "ubuntu:14.04", + "Description": "blkid command injection", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-9114", + "Severity": "Low" + }, + { + "Name": "CVE-2013-0157", + "Namespace": "ubuntu:14.04", + "Description": "(a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2013-0157", + "Severity": "Low" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "tzdata", + "Namespace": "ubuntu:14.04", + "Version": "2015g-0ubuntu0.14.04", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "less", + "Namespace": "ubuntu:14.04", + "Version": "458-2", + "Vulnerabilities": [ + { + "Name": "CVE-2014-9488", + "Namespace": "ubuntu:14.04", + "Description": "The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-9488", + "Severity": "Low" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "popt", + "Namespace": "ubuntu:14.04", + "Version": "1.16-8ubuntu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "init-system-helpers", + "Namespace": "ubuntu:14.04", + "Version": "1.14", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "mime-support", + "Namespace": "ubuntu:14.04", + "Version": "3.54ubuntu1.1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "p11-kit", + "Namespace": "ubuntu:14.04", + "Version": "0.20.2-2ubuntu2", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "cgmanager", + "Namespace": "ubuntu:14.04", + "Version": "0.24-0ubuntu7.5", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libselinux", + "Namespace": "ubuntu:14.04", + "Version": "2.2.2-1ubuntu0.1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "langpack-locales", + "Namespace": "ubuntu:14.04", + "Version": "2.13+git20120306-12.1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "procps", + "Namespace": "ubuntu:14.04", + "Version": "1:3.3.9-1ubuntu2.2", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "ureadahead", + "Namespace": "ubuntu:14.04", + "Version": "0.100.0-16", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "file", + "Namespace": "ubuntu:14.04", + "Version": "1:5.14-2ubuntu3.3", + "Vulnerabilities": [ + { + "Name": "CVE-2014-9621", + "Namespace": "ubuntu:14.04", + "Description": "The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-9621", + "Severity": "Low" + }, + { + "Name": "CVE-2014-9620", + "Namespace": "ubuntu:14.04", + "Description": "The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-9620", + "Severity": "Low" + }, + { + "Name": "CVE-2014-9653", + "Namespace": "ubuntu:14.04", + "Description": "readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-9653", + "Severity": "Low" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "dbus", + "Namespace": "ubuntu:14.04", + "Version": "1.6.18-0ubuntu4.3", + "Vulnerabilities": [ + { + "Name": "CVE-2015-0245", + "Namespace": "ubuntu:14.04", + "Description": "D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-0245", + "Severity": "Low" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "zlib", + "Namespace": "ubuntu:14.04", + "Version": "1:1.2.8.dfsg-1ubuntu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "netbase", + "Namespace": "ubuntu:14.04", + "Version": "5.2", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libtasn1-6", + "Namespace": "ubuntu:14.04", + "Version": "3.4-3ubuntu0.3", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "sed", + "Namespace": "ubuntu:14.04", + "Version": "4.2.2-4ubuntu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "e2fsprogs", + "Namespace": "ubuntu:14.04", + "Version": "1.42.9-3ubuntu1.3", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "sensible-utils", + "Namespace": "ubuntu:14.04", + "Version": "0.0.9", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libusb", + "Namespace": "ubuntu:14.04", + "Version": "2:0.1.12-23.3ubuntu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "shadow", + "Namespace": "ubuntu:14.04", + "Version": "1:4.1.5.1-1ubuntu9.1", + "Vulnerabilities": [ + { + "Name": "CVE-2013-4235", + "Namespace": "ubuntu:14.04", + "Description": "TOCTOU race conditions by copying and removing directory trees", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2013-4235", + "Severity": "Low" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "kmod", + "Namespace": "ubuntu:14.04", + "Version": "15-0ubuntu6", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "ucf", + "Namespace": "ubuntu:14.04", + "Version": "3.0027+nmu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libpod-latex-perl", + "Namespace": "ubuntu:14.04", + "Version": "0.61-1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "ubuntu-keyring", + "Namespace": "ubuntu:14.04", + "Version": "2012.05.19", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "perl", + "Namespace": "ubuntu:14.04", + "Version": "5.18.2-2ubuntu1", + "Vulnerabilities": [ + { + "Name": "CVE-2016-2381", + "Namespace": "ubuntu:14.04", + "Description": "environment variable confusion", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2381", + "Severity": "Medium", + "FixedBy": "5.18.2-2ubuntu1.1" + }, + { + "Name": "CVE-2013-7422", + "Namespace": "ubuntu:14.04", + "Description": "Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2013-7422", + "Severity": "Low", + "FixedBy": "5.18.2-2ubuntu1.1" + }, + { + "Name": "CVE-2014-4330", + "Namespace": "ubuntu:14.04", + "Description": "The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-4330", + "Severity": "Low", + "FixedBy": "5.18.2-2ubuntu1.1" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "lsb", + "Namespace": "ubuntu:14.04", + "Version": "4.1+Debian11ubuntu6", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "makedev", + "Namespace": "ubuntu:14.04", + "Version": "2.3.1-93ubuntu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libterm-ui-perl", + "Namespace": "ubuntu:14.04", + "Version": "0.42-1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "isc-dhcp", + "Namespace": "ubuntu:14.04", + "Version": "4.2.4-7ubuntu12.3", + "Vulnerabilities": [ + { + "Name": "CVE-2015-8605", + "Namespace": "ubuntu:14.04", + "Description": "ISC DHCP 4.x before 4.1-ESV-R12-P1 and 4.2.x and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8605", + "Severity": "Medium", + "FixedBy": "4.2.4-7ubuntu12.4" + }, + { + "Name": "CVE-2016-2774", + "Namespace": "ubuntu:14.04", + "Description": "ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2774", + "Severity": "Low", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 7.1, + "Vectors": "AV:N/AC:M/Au:N/C:N/I:N" + } + } + } + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "liblog-message-simple-perl", + "Namespace": "ubuntu:14.04", + "Version": "0.10-1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "plymouth", + "Namespace": "ubuntu:14.04", + "Version": "0.8.8-0ubuntu17.1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "audit", + "Namespace": "ubuntu:14.04", + "Version": "1:2.3.2-2ubuntu1", + "Vulnerabilities": [ + { + "Name": "CVE-2015-5186", + "Namespace": "ubuntu:14.04", + "Description": "log terminal emulator escape sequences handling", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-5186", + "Severity": "Negligible" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libbsd", + "Namespace": "ubuntu:14.04", + "Version": "0.6.0-2ubuntu1", + "Vulnerabilities": [ + { + "Name": "CVE-2016-2090", + "Namespace": "ubuntu:14.04", + "Description": "Heap buffer overflow in fgetwln function of libbsd", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2090", + "Severity": "Low" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "iputils", + "Namespace": "ubuntu:14.04", + "Version": "3:20121221-4ubuntu1.1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "libgpg-error", + "Namespace": "ubuntu:14.04", + "Version": "1.12-0.2ubuntu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "pam", + "Namespace": "ubuntu:14.04", + "Version": "1.1.8-1ubuntu2", + "Vulnerabilities": [ + { + "Name": "CVE-2015-3238", + "Namespace": "ubuntu:14.04", + "Description": "The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-3238", + "Severity": "Low", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 5.8, + "Vectors": "AV:N/AC:M/Au:N/C:P/I:N" + } + } + }, + "FixedBy": "1.1.8-1ubuntu2.1" + }, + { + "Name": "CVE-2013-7041", + "Namespace": "ubuntu:14.04", + "Description": "The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2013-7041", + "Severity": "Low", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 4.3, + "Vectors": "AV:N/AC:M/Au:N/C:P/I:N" + } + } + }, + "FixedBy": "1.1.8-1ubuntu2.1" + }, + { + "Name": "CVE-2014-2583", + "Namespace": "ubuntu:14.04", + "Description": "Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create aribitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty funtion, which is used by the format_timestamp_name function.", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-2583", + "Severity": "Low", + "Metadata": { + "NVD": { + "CVSSv2": { + "Score": 5.8, + "Vectors": "AV:N/AC:M/Au:N/C:P/I:P" + } + } + }, + "FixedBy": "1.1.8-1ubuntu2.1" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "liblockfile", + "Namespace": "ubuntu:14.04", + "Version": "1.09-6ubuntu1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "ntp", + "Namespace": "ubuntu:14.04", + "Version": "1:4.2.6.p5+dfsg-3ubuntu2.14.04.6", + "Vulnerabilities": [ + { + "Name": "CVE-2016-0727", + "Namespace": "ubuntu:14.04", + "Description": "NTP statsdir cleanup cronjob insecure", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-0727", + "Severity": "Low" + }, + { + "Name": "CVE-2015-8158", + "Namespace": "ubuntu:14.04", + "Description": "Potential Infinite Loop in ntpq", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8158", + "Severity": "Low" + }, + { + "Name": "CVE-2015-7973", + "Namespace": "ubuntu:14.04", + "Description": "Deja Vu: Replay attack on authenticated broadcast mode", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-7973", + "Severity": "Low" + }, + { + "Name": "CVE-2015-8140", + "Namespace": "ubuntu:14.04", + "Description": "ntpq vulnerable to replay attacks", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8140", + "Severity": "Low" + }, + { + "Name": "CVE-2015-8139", + "Namespace": "ubuntu:14.04", + "Description": "Origin Leak: ntpq and ntpdc, disclose origin", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8139", + "Severity": "Low" + }, + { + "Name": "CVE-2015-7976", + "Namespace": "ubuntu:14.04", + "Description": "ntpq saveconfig command allows dangerous characters in filenames", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-7976", + "Severity": "Low" + }, + { + "Name": "CVE-2015-7979", + "Namespace": "ubuntu:14.04", + "Description": "Off-path Denial of Service (DoS) attack on authenticated broadcast mode", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-7979", + "Severity": "Low" + }, + { + "Name": "CVE-2015-8138", + "Namespace": "ubuntu:14.04", + "Description": "ntp: missing check for zero originate timestamp", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8138", + "Severity": "Medium" + }, + { + "Name": "CVE-2015-7977", + "Namespace": "ubuntu:14.04", + "Description": "reslist NULL pointer dereference", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-7977", + "Severity": "Medium" + }, + { + "Name": "CVE-2015-7978", + "Namespace": "ubuntu:14.04", + "Description": "Stack exhaustion in recursive traversal of restriction list", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-7978", + "Severity": "Medium" + }, + { + "Name": "CVE-2015-7974", + "Namespace": "ubuntu:14.04", + "Description": "NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a \"skeleton key.\"", + "Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-7974", + "Severity": "Low" + } + ], + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "newt", + "Namespace": "ubuntu:14.04", + "Version": "0.52.15-2ubuntu5", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + }, + { + "Name": "sqlite3", + "Namespace": "ubuntu:14.04", + "Version": "3.8.2-1ubuntu2.1", + "AddedBy": "sha256:d89e1bee20d9cb344674e213b581f14fbd8e70274ecf9d10c514bab78a307845" + } + ] + } + }, + { + "Layer": { + "Name": "sha256:9e0bc8a71bde464f710bc2b593a1fc21521517671e918687892303151331fa56", + "Namespace": "ubuntu:14.04", + "ParentName": "sha256:27aa681c95e5165caf287dcfe896532df4ae8b10e099500f2f8f71acf4002a89", + "IndexedByVersion": 2 + } + }, + { + "Layer": { + "Name": "sha256:27aa681c95e5165caf287dcfe896532df4ae8b10e099500f2f8f71acf4002a89", + "Namespace": "ubuntu:14.04", + "ParentName": "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4", + "IndexedByVersion": 2 + } + }, + { + "Layer": { + "Name": "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4", + "IndexedByVersion": 2 + } + } + ] +} \ No newline at end of file diff --git a/cmd/clairctl/server/reverseProxy/reverseProxy.go b/cmd/clairctl/server/reverseProxy/reverseProxy.go new file mode 100644 index 00000000..61e989c6 --- /dev/null +++ b/cmd/clairctl/server/reverseProxy/reverseProxy.go @@ -0,0 +1,245 @@ +package reverseProxy + +// Modified version of the original golang HTTP reverse proxy handler +// And Vars in Gorilla/mux +// Added support for Filter functions + +// Copyright 2011 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +import ( + "io" + "log" + "net" + "net/http" + "net/url" + "strings" + "sync" + "time" + + "github.com/Sirupsen/logrus" + "github.com/gorilla/context" + "github.com/gorilla/mux" + "github.com/coreos/clair/cmd/clairctl/database" + "github.com/coreos/clair/cmd/clairctl/docker" + "github.com/coreos/clair/cmd/clairctl/docker/httpclient" + "github.com/wunderlist/moxy" +) + +// FilterFunc is a function that is called to process a proxy response +// Since it has handle to the response object, it can manipulate the content +type FilterFunc func(*http.Request, *http.Response) + +// onExitFlushLoop is a callback set by tests to detect the state of the +// flushLoop() goroutine. +var onExitFlushLoop func() + +// ReverseProxy is an HTTP Handler that takes an incoming request and +// sends it to another server, proxying the response back to the +// client. +type ReverseProxy struct { + // Director must be a function which modifies + // the request into a new request to be sent + // using Transport. Its response is then copied + // back to the original client unmodified. + Director func(*http.Request) + + // Filters must be an array of functions which modify + // the response before the body is written + Filters []FilterFunc + + // The transport used to perform proxy requests. + // If nil, http.DefaultTransport is used. + Transport http.RoundTripper + + // FlushInterval specifies the flush interval + // to flush to the client while copying the + // response body. + // If zero, no periodic flushing is done. + FlushInterval time.Duration + + // ErrorLog specifies an optional logger for errors + // that occur when attempting to proxy the request. + // If nil, logging goes to os.Stderr via the log package's + // standard logger. + ErrorLog *log.Logger +} + +func copyHeader(dst, src http.Header) { + for k, vv := range src { + for _, v := range vv { + dst.Add(k, v) + } + } +} + +// Hop-by-hop headers. These are removed when sent to the backend. +// http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html +var hopHeaders = []string{ + "Connection", + "Keep-Alive", + "Proxy-Authenticate", + "Proxy-Authorization", + "Te", // canonicalized version of "TE" + "Trailers", + "Transfer-Encoding", + "Upgrade", +} + +func (p *ReverseProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request) { + + transport := p.Transport + if transport == nil { + transport = http.DefaultTransport + } + + outreq := new(http.Request) + *outreq = *req // includes shallow copies of maps, but okay + + context.Set(outreq, "in_req", req) + p.Director(outreq) + outreq.Proto = "HTTP/1.1" + outreq.ProtoMajor = 1 + outreq.ProtoMinor = 1 + outreq.Close = false + // Remove hop-by-hop headers to the backend. Especially + // important is "Connection" because we want a persistent + // connection, regardless of what the client sent to us. This + // is modifying the same underlying map from req (shallow + // copied above) so we only copy it if necessary. + copiedHeaders := false + for _, h := range hopHeaders { + if outreq.Header.Get(h) != "" { + if !copiedHeaders { + outreq.Header = make(http.Header) + copyHeader(outreq.Header, req.Header) + copiedHeaders = true + } + outreq.Header.Del(h) + } + } + + if clientIP, _, err := net.SplitHostPort(req.RemoteAddr); err == nil { + // If we aren't the first proxy retain prior + // X-Forwarded-For information as a comma+space + // separated list and fold multiple headers into one. + if prior, ok := outreq.Header["X-Forwarded-For"]; ok { + clientIP = strings.Join(prior, ", ") + ", " + clientIP + } + outreq.Header.Set("X-Forwarded-For", clientIP) + } + + res, err := transport.RoundTrip(outreq) + if err != nil { + logrus.Errorf("http: proxy error: %v", err) + rw.WriteHeader(http.StatusInternalServerError) + return + } + defer res.Body.Close() + + for _, filterFn := range p.Filters { + filterFn(req, res) + } + + for _, h := range hopHeaders { + res.Header.Del(h) + } + + copyHeader(rw.Header(), res.Header) + + rw.WriteHeader(res.StatusCode) + p.copyResponse(rw, res.Body) +} + +func (p *ReverseProxy) copyResponse(dst io.Writer, src io.Reader) { + if p.FlushInterval != 0 { + if wf, ok := dst.(writeFlusher); ok { + mlw := &maxLatencyWriter{ + dst: wf, + latency: p.FlushInterval, + done: make(chan bool), + } + go mlw.flushLoop() + defer mlw.stop() + dst = mlw + } + } + + io.Copy(dst, src) +} + +type writeFlusher interface { + io.Writer + http.Flusher +} + +type maxLatencyWriter struct { + dst writeFlusher + latency time.Duration + + lk sync.Mutex // protects Write + Flush + done chan bool +} + +func (m *maxLatencyWriter) Write(p []byte) (int, error) { + m.lk.Lock() + defer m.lk.Unlock() + return m.dst.Write(p) +} + +func (m *maxLatencyWriter) flushLoop() { + t := time.NewTicker(m.latency) + defer t.Stop() + for { + select { + case <-m.done: + if onExitFlushLoop != nil { + onExitFlushLoop() + } + return + case <-t.C: + m.lk.Lock() + m.dst.Flush() + m.lk.Unlock() + } + } +} + +func (m *maxLatencyWriter) stop() { m.done <- true } + +// NewReverseProxy returns a new ReverseProxy that load-balances the proxy requests between multiple hosts defined by the RegistryMapping in the database +// It also allows to define a chain of filter functions to process the outgoing response(s) +func NewReverseProxy(filters []FilterFunc) *ReverseProxy { + director := func(request *http.Request) { + + inr := context.Get(request, "in_req").(*http.Request) + host, _ := database.GetRegistryMapping(mux.Vars(inr)["digest"]) + out, _ := url.Parse(host) + request.URL.Scheme = out.Scheme + request.URL.Host = out.Host + client := httpclient.Get() + req, _ := http.NewRequest("HEAD", request.URL.String(), nil) + resp, err := client.Do(req) + if err != nil { + logrus.Errorf("response error: %v", err) + return + } + + if resp.StatusCode == http.StatusUnauthorized { + logrus.Info("pull from clair is unauthorized") + docker.AuthenticateResponse(resp, request) + } + + r, _ := http.NewRequest("GET", request.URL.String(), nil) + r.Header.Set("Authorization", request.Header.Get("Authorization")) + r.Header.Set("Accept-Encoding", request.Header.Get("Accept-Encoding")) + *request = *r + } + + return &ReverseProxy{ + Transport: moxy.NewTransport(), + Director: director, + Filters: filters, + } +} diff --git a/cmd/clairctl/server/server.go b/cmd/clairctl/server/server.go new file mode 100644 index 00000000..05d9cc03 --- /dev/null +++ b/cmd/clairctl/server/server.go @@ -0,0 +1,69 @@ +package server + +import ( + "net" + "net/http" + "os" + "strings" + "time" + + "github.com/Sirupsen/logrus" + "github.com/coreos/clair/cmd/clairctl/docker" + "github.com/coreos/clair/cmd/clairctl/server/reverseProxy" + "github.com/gorilla/mux" + "github.com/spf13/viper" +) + +type handler func(rw http.ResponseWriter, req *http.Request) error + +var router *mux.Router + +//Serve run a local server with the fileserver and the reverse proxy +func Serve(sURL string) error { + + go func() { + restrictedFileServer := func(path string) http.Handler { + if _, err := os.Stat(path); os.IsNotExist(err) { + os.Mkdir(path, 0777) + } + + fc := func(w http.ResponseWriter, r *http.Request) { + http.FileServer(http.Dir(path)).ServeHTTP(w, r) + } + return http.HandlerFunc(fc) + } + + router.PathPrefix("/v2/local").Handler(http.StripPrefix("/v2/local", restrictedFileServer(docker.TmpLocal()))).Methods("GET") + listener, err := net.Listen("tcp", sURL) + if err != nil { + logrus.Fatalf("cannot instanciate listener: %v", err) + } + + if viper.GetInt("hyperclair.port") == 0 { + port := strings.Split(listener.Addr().String(), ":")[1] + logrus.Debugf("Update local server port from %q to %q", "0", port) + viper.Set("hyperclair.port", port) + } + logrus.Info("Starting Server on ", listener.Addr()) + + if err := http.Serve(listener, nil); err != nil { + logrus.Fatalf("local server error: %v", err) + } + }() + //sleep needed to wait the server start. Maybe use a channel for that + time.Sleep(5 * time.Millisecond) + return nil +} + +func reverseRegistryHandler() http.HandlerFunc { + filters := []reverseProxy.FilterFunc{} + proxy := reverseProxy.NewReverseProxy(filters) + return proxy.ServeHTTP +} + +func init() { + + router = mux.NewRouter() + router.PathPrefix("/v2").Path("/{repository}/{name}/blobs/{digest}").HandlerFunc(reverseRegistryHandler()) + http.Handle("/", router) +} diff --git a/cmd/clairctl/test/test.go b/cmd/clairctl/test/test.go new file mode 100644 index 00000000..13eb8c20 --- /dev/null +++ b/cmd/clairctl/test/test.go @@ -0,0 +1,36 @@ +package test + +import ( + "io/ioutil" + "log" + "os" +) + +func CreateTmpConfigFile(content string) string { + + c := []byte(content) + tmpfile, err := ioutil.TempFile("", "test-hyperclair") + if err != nil { + log.Fatal(err) + } + if content != "" { + if _, err := tmpfile.Write(c); err != nil { + log.Fatal(err) + } + if err := tmpfile.Close(); err != nil { + log.Fatal(err) + } + } else { + if err := os.Remove(tmpfile.Name()); err != nil { + log.Fatal(err) + } + } + return tmpfile.Name() +} + +func CreateConfigFile(content string, name string, path string) string { + if err := ioutil.WriteFile(path+"/"+name, []byte(content), 0600); err != nil { + log.Fatal(err) + } + return path + "/" + name +} diff --git a/cmd/clairctl/xerrors/xerrors.go b/cmd/clairctl/xerrors/xerrors.go new file mode 100644 index 00000000..33c99328 --- /dev/null +++ b/cmd/clairctl/xerrors/xerrors.go @@ -0,0 +1,11 @@ +package xerrors + +import "errors" + +var ( + ServiceUnavailable = errors.New("service is unavailable") + Unauthorized = errors.New("unauthorized access") + NotFound = errors.New("image not found") + InternalError = errors.New("client quit unexpectedly") + ErrDisallowed = errors.New("analysing official images is not allowed") +) diff --git a/cmd/clairctl/xstrings/xstrings.go b/cmd/clairctl/xstrings/xstrings.go new file mode 100644 index 00000000..49aa29dc --- /dev/null +++ b/cmd/clairctl/xstrings/xstrings.go @@ -0,0 +1,29 @@ +package xstrings + +import ( + "encoding/json" + "strings" +) + +//Substr extract string of length in s starting at pos +func Substr(s string, pos, length int) string { + runes := []rune(s) + l := pos + length + if l > len(runes) { + l = len(runes) + } + return string(runes[pos:l]) +} + +//TrimPrefixSuffix combine TrimPrefix and TrimSuffix +func TrimPrefixSuffix(s string, prefix string, suffix string) string { + return strings.TrimSuffix(strings.TrimPrefix(s, prefix), suffix) +} + +func ToIndentJSON(v interface{}) ([]byte, error) { + b, err := json.MarshalIndent(v, "", "\t") + if err != nil { + return nil, err + } + return b, nil +} diff --git a/cmd/clairctl/xstrings/xstrings_test.go b/cmd/clairctl/xstrings/xstrings_test.go new file mode 100644 index 00000000..d58dd13c --- /dev/null +++ b/cmd/clairctl/xstrings/xstrings_test.go @@ -0,0 +1,27 @@ +package xstrings + +import "testing" + +func TestSubstrFromBeginning(t *testing.T) { + commitID := "e3ff9321271b0a5cec45ca6e0cdc72b2f376afd2" + expected := "e3ff9" + if s := Substr(commitID, 0, 5); s != expected { + t.Errorf("is %v, expect %v", s, expected) + } +} + +func TestSubstrFromCharFive(t *testing.T) { + commitID := "e3ff9321271b0a5cec45ca6e0cdc72b2f376afd2" + expected := "32127" + if s := Substr(commitID, 5, 5); s != expected { + t.Errorf("is %v, expect %v", s, expected) + } +} + +func TestTrimPrefixSuffix(t *testing.T) { + v := "http://registry:5555/v2" + e := "registry:5555" + if s := TrimPrefixSuffix(v, "http://", "/v2"); s != e { + t.Errorf("is %v, expect %v", s, e) + } +}