| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-19543 |
125 |
|
|
2018-11-26 |
2020-09-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c. |
|
2 |
CVE-2018-19542 |
476 |
|
DoS |
2018-11-26 |
2020-04-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service. |
|
3 |
CVE-2018-19541 |
125 |
|
|
2018-11-26 |
2021-01-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer over-read of size 8 in the function jas_image_depalettize in libjasper/base/jas_image.c. |
|
4 |
CVE-2018-19540 |
787 |
|
Overflow |
2018-11-26 |
2021-01-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer overflow of size 1 in the function jas_icctxtdesc_input in libjasper/base/jas_icc.c. |
|
5 |
CVE-2018-19539 |
617 |
|
DoS |
2018-11-26 |
2020-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service. |
|
6 |
CVE-2018-18873 |
476 |
|
|
2018-10-31 |
2020-09-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c. |
|
7 |
CVE-2017-5898 |
190 |
|
DoS Overflow |
2017-03-15 |
2020-11-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit. |
|
8 |
CVE-2016-9398 |
617 |
|
DoS |
2017-03-23 |
2021-02-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. |
|
9 |
CVE-2016-4957 |
476 |
|
DoS |
2016-07-05 |
2020-06-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547. |
|
10 |
CVE-2016-4956 |
|
|
DoS |
2016-07-05 |
2021-07-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548. |
|
11 |
CVE-2016-4955 |
362 |
|
DoS |
2016-07-05 |
2021-07-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time. |
|
12 |
CVE-2016-4954 |
362 |
|
DoS |
2016-07-05 |
2021-07-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication. |
|
13 |
CVE-2016-4953 |
287 |
|
DoS |
2016-07-05 |
2021-07-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time. |
|
14 |
CVE-2016-2782 |
476 |
|
DoS |
2016-04-27 |
2022-01-31 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint. |
|
15 |
CVE-2016-2315 |
119 |
|
Exec Code Overflow |
2016-04-08 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow. |
|
16 |
CVE-2016-1602 |
94 |
|
Exec Code |
2017-03-23 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root). |
|
17 |
CVE-2016-0718 |
119 |
|
DoS Exec Code Overflow |
2016-05-26 |
2023-02-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. |
|
18 |
CVE-2016-0668 |
|
|
|
2016-04-21 |
2022-09-21 |
1.7 |
None |
Remote |
High |
??? |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to InnoDB. |
|
19 |
CVE-2016-0651 |
|
|
|
2016-04-21 |
2022-08-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer. |
|
20 |
CVE-2016-0642 |
|
|
|
2016-04-21 |
2022-08-29 |
4.3 |
None |
Remote |
Medium |
??? |
None |
Partial |
Partial |
|
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated. |
|
21 |
CVE-2016-0264 |
119 |
|
Exec Code Overflow |
2016-05-24 |
2021-09-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors. |
|
22 |
CVE-2015-8934 |
125 |
|
DoS |
2016-09-20 |
2018-01-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file. |
|
23 |
CVE-2015-8933 |
190 |
|
DoS Overflow |
2016-09-20 |
2017-11-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file. |
|
24 |
CVE-2015-8932 |
20 |
|
DoS |
2016-09-20 |
2018-01-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift. |
|
25 |
CVE-2015-8931 |
190 |
|
Overflow |
2016-09-20 |
2018-01-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior. |
|
26 |
CVE-2015-8930 |
20 |
|
DoS |
2016-09-20 |
2018-01-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself. |
|
27 |
CVE-2015-8929 |
119 |
|
DoS Overflow |
2016-09-20 |
2017-07-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file. |
|
28 |
CVE-2015-8928 |
125 |
|
DoS |
2016-09-20 |
2018-01-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. |
|
29 |
CVE-2015-8926 |
476 |
|
DoS |
2016-09-20 |
2018-01-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive. |
|
30 |
CVE-2015-8925 |
125 |
|
DoS |
2016-09-20 |
2018-01-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing. |
|
31 |
CVE-2015-8779 |
119 |
|
DoS Exec Code Overflow |
2016-04-19 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name. |
|
32 |
CVE-2015-8778 |
119 |
|
DoS Exec Code Overflow |
2016-04-19 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access. |
|
33 |
CVE-2015-8776 |
189 |
|
DoS +Info |
2016-04-19 |
2018-10-30 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value. |
|
34 |
CVE-2015-8567 |
401 |
|
DoS |
2017-04-13 |
2020-09-09 |
6.8 |
None |
Remote |
Low |
??? |
None |
None |
Complete |
|
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption). |
|
35 |
CVE-2015-8551 |
476 |
|
DoS |
2016-04-13 |
2020-08-26 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka "Linux pciback missing sanity checks." |
|
36 |
CVE-2015-8126 |
120 |
|
DoS Overflow |
2015-11-13 |
2022-05-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. |
|
37 |
CVE-2015-7976 |
254 |
|
|
2017-01-30 |
2018-10-30 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename. |
|
38 |
CVE-2015-7547 |
119 |
|
DoS Exec Code Overflow |
2016-02-18 |
2023-02-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. |
|
39 |
CVE-2015-5969 |
200 |
|
+Info |
2016-04-08 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments. |
|
40 |
CVE-2015-5300 |
361 |
|
DoS |
2017-07-21 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart). |
|
41 |
CVE-2015-5041 |
200 |
|
+Info |
2016-06-06 |
2019-06-19 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods. |
|
42 |
CVE-2015-4680 |
295 |
|
|
2017-04-05 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates. |
|
43 |
CVE-2015-1283 |
190 |
|
DoS Overflow |
2015-07-23 |
2022-07-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716. |
|
44 |
CVE-2015-0272 |
|
|
DoS |
2015-11-17 |
2023-02-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215. |
|
45 |
CVE-2014-9853 |
399 |
|
DoS |
2017-03-17 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file. |
|
46 |
CVE-2014-9852 |
913 |
|
|
2017-03-17 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors. |
|
47 |
CVE-2014-9761 |
119 |
|
DoS Exec Code Overflow |
2016-04-19 |
2019-06-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function. |
