| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
41901 |
CVE-2015-8930 |
20 |
|
DoS |
2016-09-20 |
2018-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself. |
|
41902 |
CVE-2015-8929 |
119 |
|
DoS Overflow |
2016-09-20 |
2017-06-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file. |
|
41903 |
CVE-2015-8928 |
125 |
|
DoS |
2016-09-20 |
2018-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. |
|
41904 |
CVE-2015-8927 |
125 |
|
DoS |
2016-09-20 |
2017-06-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The trad_enc_decrypt_update function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted zip file, related to reading the password. |
|
41905 |
CVE-2015-8926 |
476 |
|
DoS |
2016-09-20 |
2018-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive. |
|
41906 |
CVE-2015-8925 |
125 |
|
DoS |
2016-09-20 |
2018-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing. |
|
41907 |
CVE-2015-8924 |
125 |
|
DoS |
2016-09-20 |
2018-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file. |
|
41908 |
CVE-2015-8923 |
20 |
|
DoS |
2016-09-20 |
2018-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file. |
|
41909 |
CVE-2015-8922 |
476 |
|
DoS |
2016-09-20 |
2018-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct. |
|
41910 |
CVE-2015-8921 |
125 |
|
DoS |
2016-09-20 |
2018-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. |
|
41911 |
CVE-2015-8920 |
125 |
|
DoS |
2016-09-20 |
2018-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file. |
|
41912 |
CVE-2015-8919 |
119 |
|
DoS Overflow |
2016-09-20 |
2018-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file. |
|
41913 |
CVE-2015-8918 |
119 |
|
DoS Overflow |
2016-09-20 |
2017-06-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy." |
|
41914 |
CVE-2015-8917 |
476 |
|
DoS |
2016-09-20 |
2018-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file. |
|
41915 |
CVE-2015-8916 |
476 |
|
DoS |
2016-09-20 |
2018-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a "split file in multivolume RAR," which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted rar file. |
|
41916 |
CVE-2015-8915 |
125 |
|
DoS |
2016-09-20 |
2018-11-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file. |
|
41917 |
CVE-2015-8914 |
254 |
|
DoS Bypass |
2016-06-17 |
2018-10-19 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address. |
|
41918 |
CVE-2015-8903 |
20 |
|
DoS |
2017-02-27 |
2017-02-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted VICAR file. |
|
41919 |
CVE-2015-8902 |
20 |
|
DoS |
2017-02-27 |
2017-02-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted PDB file. |
|
41920 |
CVE-2015-8901 |
20 |
|
DoS |
2017-02-27 |
2017-02-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file. |
|
41921 |
CVE-2015-8900 |
20 |
|
DoS |
2017-02-27 |
2017-02-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file. |
|
41922 |
CVE-2015-8899 |
20 |
|
DoS |
2016-06-30 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally. |
|
41923 |
CVE-2015-8898 |
476 |
|
DoS |
2017-03-15 |
2018-05-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The WriteImages function in magick/constitute.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image file. |
|
41924 |
CVE-2015-8897 |
125 |
|
DoS |
2017-03-15 |
2018-05-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The SpliceImage function in MagickCore/transform.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (application crash) via a crafted png file. |
|
41925 |
CVE-2015-8896 |
189 |
|
DoS |
2017-03-15 |
2018-05-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file. |
|
41926 |
CVE-2015-8895 |
190 |
|
DoS Overflow |
2017-03-15 |
2018-05-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflow. |
|
41927 |
CVE-2015-8894 |
415 |
|
DoS |
2017-03-15 |
2017-03-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Double free vulnerability in coders/tga.c in ImageMagick 7.0.0 and later allows remote attackers to cause a denial of service (application crash) via a crafted tga file. |
|
41928 |
CVE-2015-8893 |
119 |
|
DoS Overflow |
2016-07-10 |
2016-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to cause a denial of service (OS outage or buffer over-read) via a crafted application, aka Android internal bug 28822690 and Qualcomm internal bug CR822275. |
|
41929 |
CVE-2015-8892 |
264 |
|
Bypass |
2016-07-10 |
2016-11-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
platform/msm_shared/boot_verifier.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to bypass intended access restrictions via a digest with trailing data, aka Android internal bug 28822807 and Qualcomm internal bug CR902998. |
|
41930 |
CVE-2015-8891 |
189 |
|
Overflow Bypass |
2016-07-10 |
2016-11-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple integer overflows in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to bypass intended access restrictions via a crafted image, aka Android internal bug 28842418 and Qualcomm internal bug CR813930. |
|
41931 |
CVE-2015-8890 |
264 |
|
Bypass |
2016-07-10 |
2016-11-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
platform/msm_shared/partition_parser.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate certain GUID Partition Table (GPT) data, which allows attackers to bypass intended access restrictions via a crafted MultiMediaCard (MMC), aka Android internal bug 28822878 and Qualcomm internal bug CR823461. |
|
41932 |
CVE-2015-8889 |
264 |
|
|
2016-07-10 |
2016-11-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The aboot implementation in the Qualcomm components in Android before 2016-07-05 on Nexus 6P devices omits the recovery PIN feature, which has unspecified impact and attack vectors, aka Android internal bug 28822677 and Qualcomm internal bug CR804067. |
|
41933 |
CVE-2015-8888 |
264 |
|
Overflow Bypass |
2016-07-10 |
2016-11-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to bypass intended access restrictions via a crafted block count and block size of a sparse header, aka Android internal bug 28822465 and Qualcomm internal bug CR813933. |
|
41934 |
CVE-2015-8880 |
|
|
|
2016-05-21 |
2016-05-24 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Double free vulnerability in the format printer in PHP 7.x before 7.0.1 allows remote attackers to have an unspecified impact by triggering an error. |
|
41935 |
CVE-2015-8879 |
20 |
|
DoS |
2016-05-21 |
2018-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table. |
|
41936 |
CVE-2015-8878 |
119 |
|
DoS Overflow Mem. Corr. |
2016-05-21 |
2016-05-24 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service (race condition and heap memory corruption) by leveraging an application that performs many temporary-file accesses. |
|
41937 |
CVE-2015-8877 |
399 |
|
DoS |
2016-05-21 |
2018-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function. |
|
41938 |
CVE-2015-8876 |
|
|
DoS |
2016-05-21 |
2018-01-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger unintended method execution via crafted serialized data. |
|
41939 |
CVE-2015-8875 |
189 |
|
DoS Exec Code Overflow |
2016-06-01 |
2016-10-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image, which triggers a heap-based buffer overflow. |
|
41940 |
CVE-2015-8874 |
119 |
|
DoS Overflow |
2016-05-16 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call. |
|
41941 |
CVE-2015-8873 |
20 |
|
DoS |
2016-05-16 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault) via recursive method calls. |
|
41942 |
CVE-2015-8871 |
416 |
|
|
2016-09-21 |
2017-07-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors. |
|
41943 |
CVE-2015-8870 |
20 |
|
DoS Overflow +Info |
2016-12-06 |
2018-01-04 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file. |
|
41944 |
CVE-2015-8869 |
119 |
|
Overflow +Info |
2016-06-13 |
2018-10-30 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
OCaml before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attacks or obtain sensitive information as demonstrated by a long string to the String.copy function. |
|
41945 |
CVE-2015-8868 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2016-05-06 |
2018-01-04 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document. |
|
41946 |
CVE-2015-8867 |
310 |
|
|
2016-05-21 |
2018-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. |
|
41947 |
CVE-2015-8866 |
|
|
|
2016-05-21 |
2018-01-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161. |
|
41948 |
CVE-2015-8865 |
119 |
|
DoS Exec Code Overflow |
2016-05-20 |
2018-06-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file. |
|
41949 |
CVE-2015-8864 |
79 |
|
XSS |
2017-04-13 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068. |
|
41950 |
CVE-2015-8863 |
119 |
|
DoS Overflow |
2016-05-06 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow. |
