The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2015-4787 | Unspecified vulnerability in the Data Store component in Oracle Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-2583, CVE-2015-2624, CVE-2015-2626, CVE-2015-2640, CVE-2015-2654, CVE-2015-2656, CVE-2015-4754, CVE-2015-4764, CVE-2015-4775, CVE-2015-4776, CVE-2015-4777, CVE-2015-4778, CVE-2015-4780, CVE-2015-4781, CVE-2015-4782, CVE-2015-4783, CVE-2015-4784, CVE-2015-4785, CVE-2015-4786, CVE-2015-4789, and CVE-2015-4790. | Medium | Jul 20, 2015 | n/a |
| CVE-2015-4788 | Unspecified vulnerability in the Data Store component in Oracle Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35 allows local users to affect integrity and availability via unknown vectors, a different vulnerability than CVE-2015-4774 and CVE-2015-4779. | Low | Jul 20, 2015 | n/a |
| CVE-2015-4789 | Unspecified vulnerability in the Data Store component in Oracle Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-2583, CVE-2015-2624, CVE-2015-2626, CVE-2015-2640, CVE-2015-2654, CVE-2015-2656, CVE-2015-4754, CVE-2015-4764, CVE-2015-4775, CVE-2015-4776, CVE-2015-4777, CVE-2015-4778, CVE-2015-4780, CVE-2015-4781, CVE-2015-4782, CVE-2015-4783, CVE-2015-4784, CVE-2015-4785, CVE-2015-4786, CVE-2015-4787, and CVE-2015-4790. | Medium | Jul 20, 2015 | n/a |
| CVE-2015-4790 | Unspecified vulnerability in the Data Store component in Oracle Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-2583, CVE-2015-2624, CVE-2015-2626, CVE-2015-2640, CVE-2015-2654, CVE-2015-2656, CVE-2015-4754, CVE-2015-4764, CVE-2015-4775, CVE-2015-4776, CVE-2015-4777, CVE-2015-4778, CVE-2015-4780, CVE-2015-4781, CVE-2015-4782, CVE-2015-4783, CVE-2015-4784, CVE-2015-4785, CVE-2015-4786, CVE-2015-4787, and CVE-2015-4789. | Medium | Jul 20, 2015 | n/a |
| CVE-2015-1283 | Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716. | Medium | Jul 23, 2015 | xml-2.2.4.0 (VxWorks 7) |
| CVE-2015-3991 | A flaw was found in the strongSwan payload handling code. This flaw can be triggered by an IKEv1 or IKEv2 message that contains payloads that are only defined for the respective other IKE version. For instance, sending an IKEv1 Main Mode message containing a payload with type 41 (IKEv2 Notify) will crash the daemon or, potentially allow for remote code execution, when a short summary of the contents of the message is logged (\"parsed ID_PROT request 0 [ ... ]\"). | HIGH | Jul 31, 2015 | n/a |
| CVE-2015-3963 | Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, 6.9.x before 6.9.4.4, and 7.x before 7 ipnet_coreip 1.2.2.0, as used on Schneider Electric SAGE RTU devices before J2 and other devices, does not properly generate TCP initial sequence number (ISN) values, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value. | LOW | Aug 5, 2015 | ipnet_coreip-1.2.2.0 (VxWorks 7) |
| CVE-2015-4700 | The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler. | Medium | Aug 31, 2015 | n/a |
| CVE-2014-9745 | The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a broken number-with-base in a Postscript stream, as demonstrated by 8#garbage. | Medium | Sep 16, 2015 | SR0640 (VxWorks 7) |
| CVE-2015-1335 | lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source. | High | Oct 2, 2015 | n/a |
| CVE-2014-9750 | ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field. | Medium | Oct 6, 2015 | ntp-1.1.0.0 (VxWorks 7) |
| CVE-2014-9751 | The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine\'s network interface with a packet from the ::1 address. | Medium | Oct 6, 2015 | ntp-1.1.0.0 (VxWorks 7) |
| CVE-2015-6607 | SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586. | Medium | Oct 7, 2015 | n/a |
| CVE-2013-7445 | The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox. | High | Oct 16, 2015 | n/a |
| CVE-2015-5156 | The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel before 4.2 attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets. | Medium | Oct 19, 2015 | n/a |
| CVE-2015-5283 | The sctp_init function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished. | Medium | Oct 19, 2015 | n/a |
| CVE-2015-7691 | It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in ntp_crypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. Receipt of these packets can cause ntpd to crash. | MEDIUM | Oct 28, 2015 | ntp-1.2.0.0 (VxWorks 7) |
| CVE-2015-7692 | It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in ntp_crypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. Receipt of these packets can cause ntpd to crash. | MEDIUM | Oct 28, 2015 | ntp-1.2.0.0 (VxWorks 7) |
| CVE-2015-7701 | A memory leak flaw was found in ntpd\'s CRYPTO_ASSOC. If ntpd is configured to use autokey authentication, an attacker could send packets to ntpd that would, after several days of ongoing attack, cause it to run out of memory. | HIGH | Oct 28, 2015 | ntp-1.2.0.0 (VxWorks 7) |
| CVE-2015-7702 | It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in ntp_crypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. Receipt of these packets can cause ntpd to crash. | MEDIUM | Oct 28, 2015 | ntp-1.2.0.0 (VxWorks 7) |
| CVE-2015-7703 | configuration directives \"pidfile\" and \"driftfile\" should only be allowed locally. | MEDIUM | Oct 28, 2015 | ntp-1.2.0.0 (VxWorks 7) |
| CVE-2015-7704 | configuration directives \"pidfile\" and \"driftfile\" should only be allowed locally. | MEDIUM | Oct 28, 2015 | ntp-1.2.0.0 (VxWorks 7) |
| CVE-2015-7705 | A flaw was found in the way NTP handled rate limiting. An attacker able to send a large number of crafted requests to an NTP server could trigger the rate limiting on that server, and prevent clients from getting a usable reply from the server. | HIGH | Oct 28, 2015 | ntp-1.2.0.0 (VxWorks 7) |
| CVE-2015-7848 | When processing a specially crafted private mode packet, an integer overflow can occur leading to out of bounds memory copy operation. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash. | MEDIUM | Oct 28, 2015 | ntp-1.2.0.0 (VxWorks 7) |
| CVE-2015-7849 | An exploitable use-after-free vulnerability exists in the password management functionality of the Network Time Protocol. A specially crafted key file could cause a buffer overflow resulting in memory corruption. An attacker could provide a malicious password file to trigger this vulnerability. | MEDIUM | Oct 28, 2015 | ntp-1.2.0.0 (VxWorks 7) |
| CVE-2015-7850 | An exploitable denial of service vulnerability exists in the remote configuration functionality of the Network Time Protocol. A specially crafted configuration file could cause an endless loop resulting in a denial of service. An attacker could provide a the malicious configuration file to trigger this vulnerability. | MEDIUM | Oct 28, 2015 | ntp-1.2.0.0 (VxWorks 7) |
| CVE-2015-7851 | Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use \'\\\' or \'/\' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files. | LOW | Oct 28, 2015 | ntp-1.2.0.0 (VxWorks 7) |
| CVE-2015-7852 | A potential off by one vulnerability exists in the cookedprint functionality of ntpq. A specially crafted buffer could cause a buffer overflow potentially resulting in null byte being written out of bounds. | MEDIUM | Oct 28, 2015 | ntp-1.2.0.0 (VxWorks 7) |
| CVE-2015-7853 | A potential buffer overflow vulnerability exists in the refclock of ntpd. An invalid length provided by a hardware reference clock could cause a buffer overflow potentially resulting in memory being modified. A malicious reflock could provide a negative length to trigger this vulnerability. | HIGH | Oct 28, 2015 | ntp-1.2.0.0 (VxWorks 7) |
| CVE-2015-7854 | A potential buffer overflow vulnerability exists in the password management functionality of ntp. A specially crafted key file could cause a buffer overflow potentially resulting in memory being modified. An attacker could provide a malicious password to trigger this vulnerability. | MEDIUM | Oct 28, 2015 | ntp-1.2.0.0 (VxWorks 7) |
| CVE-2015-7855 | It was found that NTP\'s decodenetnum() would abort with an assertion failure when processing a mode 6 or mode 7 packet containing an unusually long data value where a network address was expected. This could allow an authenticated attacker to crash ntpd. | MEDIUM | Oct 28, 2015 | ntp-1.2.0.0 (VxWorks 7) |
| CVE-2015-7871 | Unauthenticated off-path attackers can force ntpd processes to peer with malicious time sources of the attacker??s choosing allowing the attacker to make arbitrary changes to system time. This attack leverages a logic error in ntpd??s handling of certain crypto-NAK packets. When a vulnerable ntpd receives an NTP symmetric active crypto-NAK packet, it will peer with the sender bypassing the authentication typically required to establish a peer association. | HIGH | Oct 28, 2015 | ntp-1.2.0.0 (VxWorks 7) |
| CVE-2015-2925 | The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a double-chroot attack. | Medium | Nov 16, 2015 | n/a |
| CVE-2015-5276 | The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. | Medium | Nov 18, 2015 | SR0600 (VxWorks 7) |
| CVE-2015-3194 | crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.<a href=http://cwe.mitre.org/data/definitions/476.html>CWE-476: NULL Pointer Dereference</a> | Medium | Dec 7, 2015 | openSSL-1.0.5.0 (VxWorks 7) |
| CVE-2015-3195 | The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. | Medium | Dec 7, 2015 | openSSL-1.0.5.0 (VxWorks 7) |
| CVE-2015-3196 | ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message. | Medium | Dec 7, 2015 | openSSL-1.0.5.0 (VxWorks 7) |
| CVE-2015-7096 | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103. | Medium | Dec 11, 2015 | n/a |
| CVE-2015-7098 | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103. | Medium | Dec 11, 2015 | n/a |
| CVE-2015-7885 | The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application. | Low | Dec 28, 2015 | n/a |
| CVE-2015-8374 | fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action. | Low | Dec 28, 2015 | n/a |
| CVE-2016-1283 | The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\\){99}-))(?J)(?\'R\'(?\'R\'<((?\'RR\'(?\'R\'\\){97)?J)?J)(?\'R\'(?\'R\'\\){99|(:(?|(?\'R\')(\\k\'R\')|((?\'R\')))H\'R\'R)(H\'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. | HIGH | Jan 7, 2016 | n/a |
| CVE-2015-8668 | Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a large width field in a BMP image. | HIGH | Jan 8, 2016 | n/a |
| CVE-2015-7974 | NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a skeleton key. | LOW | Jan 26, 2016 | ntp-1.2.0.2 (VxWorks 7) |
| CVE-2015-7973 | It was found that when NTP is configured in broadcast mode, a man-in-the-middle attacker or a malicious client could replay packets received from the broadcast server to all (other) clients. This could cause the time on affected clients to become out of sync over a longer period of time. | MEDIUM | Jan 27, 2016 | ntp-1.2.0.2 (VxWorks 7) |
| CVE-2015-7975 | It was found that ntpq did not implement a proper lenght check when calling nextvar(), which executes a memcpy(), on the name buffer. | LOW | Jan 27, 2016 | ntp-1.2.0.2 (VxWorks 7) |
| CVE-2015-7976 | The ntpq saveconfig command does not do adequate filtering of special characters from the supplied filename. Note: the ability to use the saveconfig command is controlled by the \'restrict nomodify\' directive, and the recommended default configuration is to disable this capability. If the ability to execute a \'saveconfig\' is required, it can easily (and should) be limited and restricted to a known small number of IP addresses. | MEDIUM | Jan 27, 2016 | ntp-1.2.0.2 (VxWorks 7) |
| CVE-2015-7977 | A NULL pointer dereference flaw was found in the way ntpd processed \'ntpdc reslist\' commands that queried restriction lists with a large amount of entries. A remote attacker could use this flaw to crash the ntpd process. | MEDIUM | Jan 27, 2016 | ntp-1.2.0.2 (VxWorks 7) |
| CVE-2015-7978 | A stack-based buffer overflow was found in the way ntpd processed \'ntpdc reslist\' commands that queried restriction lists with a large amount of entries. A remote attacker could use this flaw to crash the ntpd process. | MEDIUM | Jan 27, 2016 | ntp-1.2.0.2 (VxWorks 7) |
| CVE-2015-7979 | It was found that when NTP is configured in broadcast mode, an off-path attacker could broadcast packets with bad authentication (wrong key, mismatched key, incorrect MAC, etc) to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server. This could cause the time on affected clients to become out of sync over a longer period of time. | MEDIUM | Jan 27, 2016 | ntp-1.2.0.2 (VxWorks 7) |
