-
eglibc 2.19-0ubuntu6.6 -
-
CVE-2015-7547
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
Link
-
CVE-2015-5277
The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.
Link
-
CVE-2015-8778
hcreate((size_t)-1) should fail with ENOMEM
Link
-
CVE-2013-2207
pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
Link
-
CVE-2015-8776
Passing out of range data to strftime() causes a segfault
Link
-
CVE-2015-8779
catopen() Multiple unbounded stack allocations
Link
-
CVE-2015-5180
DNS resolver NULL pointer dereference with crafted record type
Link
-
CVE-2014-9761
nan function unbounded stack allocation
Link
-
CVE-2014-8121
DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset.
Link
-
CVE-2015-1781
Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.
Link
-
CVE-2015-8777
The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
Link
-
CVE-2016-1234
glob: buffer overflow with GLOB_ALTDIRFUNC due to incorrect NAME_MAX limit assumption
Link
-
CVE-2016-3075
The getnetbyname implementation in nss_dns contains a potentially unbounded alloca call (in the form of a call to strdupa), leading to a stack overflow (stack exhaustion) and a crash if getnetbyname is invoked on a very long name.
Link
-
ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.6 -
-
CVE-2015-8138
ntp: missing check for zero originate timestamp
Link
-
CVE-2015-7977
reslist NULL pointer dereference
Link
-
CVE-2015-7978
Stack exhaustion in recursive traversal of restriction list
Link
-
CVE-2016-0727
NTP statsdir cleanup cronjob insecure
Link
-
CVE-2015-8139
Origin Leak: ntpq and ntpdc, disclose origin
Link
-
CVE-2015-7976
ntpq saveconfig command allows dangerous characters in filenames
Link
-
CVE-2015-7979
Off-path Denial of Service (DoS) attack on authenticated broadcast mode
Link
-
CVE-2015-8158
Potential Infinite Loop in ntpq
Link
-
CVE-2015-7973
Deja Vu: Replay attack on authenticated broadcast mode
Link
-
CVE-2015-8140
ntpq vulnerable to replay attacks
Link
-
CVE-2015-7974
NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."
Link
-
pcre3 1:8.31-2ubuntu2.1 -
-
CVE-2016-3191
The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
Link
-
CVE-2015-8393
pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
Link
-
CVE-2015-8387
PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
Link
-
CVE-2015-8391
The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
Link
-
CVE-2015-8390
PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
Link
-
CVE-2015-8394
PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
Link
-
CVE-2015-2328
PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
Link
-
CVE-2015-8385
PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
Link
-
CVE-2015-8380
The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
Link
-
CVE-2015-8386
PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
Link
-
CVE-2015-8382
The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.
Link
-
openssl 1.0.1f-1ubuntu2.16 -
-
CVE-2016-2842
The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.
Link
-
CVE-2016-0797
Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.
Link
-
CVE-2016-0702
The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.
Link
-
CVE-2016-0705
Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
Link
-
CVE-2016-0798
Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.
Link
-
CVE-2016-0799
The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.
Link
-
busybox 1:1.21.0-1ubuntu1 -
-
CVE-2011-5325
path traversal vulnerability in busybox tar
Link
-
CVE-2014-9645
modprobe wrongly accepts paths as module names
Link
-
CVE-2016-2147
OOB heap write due to integer underflow
Link
-
CVE-2016-2148
heap overflow in OPTION_6RD parsing
Link
-
perl 5.18.2-2ubuntu1 -
-
CVE-2016-2381
environment variable confusion
Link
-
CVE-2013-7422
Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression.
Link
-
CVE-2014-4330
The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function.
Link
-
file 1:5.14-2ubuntu3.3 -
-
CVE-2014-9621
The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string.
Link
-
CVE-2014-9620
The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.
Link
-
CVE-2014-9653
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.
Link
-
libpng 1.2.50-1ubuntu2.14.04.1 -
-
CVE-2015-8540
underflow read in png_check_keyword in pngwutil.c
Link
-
CVE-2015-8472
Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.
Link
-
sudo 1.8.9p5-1ubuntu1.2 -
-
CVE-2015-8239
race condition checking digests/checksums in sudoers
Link
-
CVE-2015-5602
sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt."
Link
-
pam 1.1.8-1ubuntu2 -
-
CVE-2015-3238
The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
Link
-
CVE-2013-7041
The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack.
Link
-
CVE-2014-2583
Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create aribitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty funtion, which is used by the format_timestamp_name function.
Link
-
isc-dhcp 4.2.4-7ubuntu12.3 -
-
CVE-2015-8605
ISC DHCP 4.x before 4.1-ESV-R12-P1 and 4.2.x and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.
Link
-
CVE-2016-2774
ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions.
Link
-
cpio 2.11+dfsg-1ubuntu1.1 -
-
CVE-2016-2037
The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.
Link
-
CVE-2015-1197
cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.
Link
-
gcc-4.8 4.8.4-2ubuntu1~14.04 -
-
CVE-2014-5044
Array memory allocations could cause an integer overflow and thus memory overflow issues at runtime.
Link
-
CVE-2015-5276
The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.
Link
-
util-linux 2.20.1-5.1ubuntu20.7 -
-
CVE-2014-9114
blkid command injection
Link
-
CVE-2013-0157
(a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists.
Link
-
coreutils 8.21-1ubuntu5.3 -
-
libgcrypt11 1.5.3-2ubuntu4.2 -
-
gnutls26 2.12.23-12ubuntu2.3 -
-
CVE-2015-7575
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.
Link
-
python3.4 3.4.3-1ubuntu1~14.04.3 -
-
CVE-2014-2667
Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value.
Link
-
dbus 1.6.18-0ubuntu4.3 -
-
CVE-2015-0245
D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.
Link
-
libbsd 0.6.0-2ubuntu1 -
-
shadow 1:4.1.5.1-1ubuntu9.1 -
-
dpkg 1.17.5ubuntu5.5 -
-
readline6 6.3-4ubuntu2 -
-
audit 1:2.3.2-2ubuntu1 -
-
ucf 3.0027+nmu1 -
-
lsb 4.1+Debian11ubuntu6 -
-
ncurses 5.9+20140118-1ubuntu1 -
-
libusb 2:0.1.12-23.3ubuntu1 -
-
mawk 1.3.3-17ubuntu2 -
-
gzip 1.6-3ubuntu1 -
-
ubuntu-keyring 2012.05.19 -
-
json-c 0.11-3ubuntu1.2 -
-
gccgo-4.9 4.9.1-0ubuntu1 -
-
e2fsprogs 1.42.9-3ubuntu1.3 -
-
libtext-wrapi18n-perl 0.06-7 -
-
bzip2 1.0.6-5 -
-
tzdata 2015g-0ubuntu0.14.04 -
-
procps 1:3.3.9-1ubuntu2.2 -
-
upstart 1.12.1-0ubuntu4.2 -
-
dh-python 1.20140128-1ubuntu8.2 -
-
db5.3 5.3.28-3ubuntu3 -
-
xz-utils 5.1.1alpha+20120614-2ubuntu2 -
-
kmod 15-0ubuntu6 -
-
vim 2:7.4.052-1ubuntu3 -
-
mime-support 3.54ubuntu1.1 -
-
systemd 204-5ubuntu20.15 -
-
libpod-latex-perl 0.61-1 -
-
libtasn1-6 3.4-3ubuntu0.3 -
-
libterm-ui-perl 0.42-1 -
-
sensible-utils 0.0.9 -
-
libmodule-pluggable-perl 5.1-1 -
-
hostname 3.15ubuntu1 -
-
init-system-helpers 1.14 -
-
netcat-openbsd 1.105-7ubuntu1 -
-
xkeyboard-config 2.10.1-1ubuntu1 -
-
libtext-charwidth-perl 0.04-7build3 -
-
bash 4.3-7ubuntu1.5 -
-
libcap2 1:2.24-0ubuntu2 -
-
netbase 5.2 -
-
popt 1.16-8ubuntu1 -
-
apt 1.0.1ubuntu2.10 -
-
mountall 2.53 -
-
ifupdown 0.7.47.2ubuntu4.1 -
-
sed 4.2.2-4ubuntu1 -
-
lvm2 2.02.98-6ubuntu2 -
-
less 458-2 -
-
libtext-iconv-perl 1.7-5build2 -
-
plymouth 0.8.8-0ubuntu17.1 -
-
libtext-soundex-perl 3.4-1build1 -
-
libnih 1.0.3-4ubuntu25 -
-
initramfs-tools 0.103ubuntu4.2 -
-
klibc 2.0.3-0ubuntu1 -
-
console-setup 1.70ubuntu8 -
-
dash 0.5.7-4ubuntu1 -
-
zlib 1:1.2.8.dfsg-1ubuntu1 -
-
libdrm 2.4.60-2~ubuntu14.04.1 -
-
gnupg 1.4.16-1ubuntu2.3 -
-
rsyslog 7.4.4-1ubuntu2.6 -
-
sqlite3 3.8.2-1ubuntu2.1 -
-
attr 1:2.4.47-1ubuntu1 -
-
liblog-message-simple-perl 0.10-1 -
-
ubuntu-meta 1.325 -
-
gdbm 1.8.3-12build1 -
-
ureadahead 0.100.0-16 -
-
insserv 1.14.0-5ubuntu2 -
-
libsemanage 2.2-1 -
-
libselinux 2.2.2-1ubuntu0.1 -
-
newt 0.52.15-2ubuntu5 -
-
libsepol 2.2-1ubuntu0.1 -
-
base-files 7.2ubuntu5.3 -
-
mpdecimal 2.4.0-6 -
-
iproute2 3.12.0-2ubuntu1 -
-
ustr 1.0.4-3ubuntu2 -
-
resolvconf 1.69ubuntu1.1 -
-
iputils 3:20121221-4ubuntu1.1 -
-
grep 2.16-1 -
-
fribidi 0.19.6-1 -
-
acl 2.2.52-1 -
-
python3-defaults 3.4.0-0ubuntu2 -
-
debconf 1.5.51ubuntu2 -
-
findutils 4.4.2-7 -
-
lockfile-progs 0.1.17 -
-
expat 2.1.0-4ubuntu1.1 -
-
tar 1.27.1-1 -
-
slang2 2.2.4-15ubuntu1 -
-
net-tools 1.60-25ubuntu2.1 -
-
logrotate 3.8.7-1ubuntu1 -
-
adduser 3.113+nmu3ubuntu3 -
-
cron 3.0pl1-124ubuntu2 -
-
base-passwd 3.5.33 -
-
kbd 1.15.5-1ubuntu1 -
-
p11-kit 0.20.2-2ubuntu2 -
-
cgmanager 0.24-0ubuntu7.5 -
-
liblockfile 1.09-6ubuntu1 -
-
libestr 0.1.9-0ubuntu2 -
-
eject 2.1.5+deb1+cvs20081104-13.1 -
-
sysvinit 2.88dsf-41ubuntu6.2 -
-
cdebconf 0.187ubuntu1 -
-
diffutils 1:3.3-1 -
-
libarchive-extract-perl 0.70-1 -
-
libffi 3.1~rc1+r3.0.13-12ubuntu0.1 -
-
langpack-locales 2.13+git20120306-12.1 -
-
makedev 2.3.1-93ubuntu1 -
-
libgpg-error 1.12-0.2ubuntu1 -
-
liblocale-gettext-perl 1.05-7build3 -
-
debianutils 4.4 -