The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2015-8139 | To prevent off-path attackers from impersonating legitimate peers, clients require that the origin timestamp in a received response packet match the transmit timestamp from its last request to a given peer. Under assumption that only the recipient of the request packet will know the value of the transmit timestamp, this prevents an attacker from forging replies | MEDIUM | Jan 27, 2016 | ntp-1.2.0.2 (VxWorks 7) |
| CVE-2015-8140 | The ntpq protocol is vulnerable to replay attacks. The sequence number being included under the signature fails to prevent replay attacks for two reasons. Commands that don\'t require authentication can be used to move the sequence number forward, and NTP doesn\'t actually care what sequence number is used so a packet can be replayed at any time. If, for example, an attacker can intercept authenticated reconfiguration commands that would. for example, tell ntpd to connect with a server that turns out to be malicious and a subsequent reconfiguration directive removed that malicious server, the attacker could replay the configuration command to re-establish an association to malicious server. | MEDIUM | Jan 27, 2016 | ntp-1.2.0.2 (VxWorks 7) |
| CVE-2015-8158 | A flaw was found in the way the ntpq client certain processed incoming packets in a loop in the getresponse() function: | MEDIUM | Jan 27, 2016 | ntp-1.2.0.2 (VxWorks 7) |
| CVE-2016-1923 | Heap-based buffer overflow in the opj_j2k_update_image_data function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image. | MEDIUM | Jan 27, 2016 | n/a |
| CVE-2016-1924 | The opj_tgt_reset function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image. | MEDIUM | Jan 27, 2016 | n/a |
| CVE-2016-0754 | cURL before 7.47.0 on Windows allows attackers to write to arbitrary files in the current working directory on a different drive via a colon in a remote file name. | MEDIUM | Jan 29, 2016 | n/a |
| CVE-2016-0755 | The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015. | MEDIUM | Jan 29, 2016 | webcli_curl-7.50.3.0 (VxWorks 7) |
| CVE-2016-1723 | WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1725 and CVE-2016-1726. | HIGH | Feb 1, 2016 | n/a |
| CVE-2016-1724 | WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1727. | HIGH | Feb 1, 2016 | n/a |
| CVE-2016-1725 | WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1723 and CVE-2016-1726. | HIGH | Feb 1, 2016 | n/a |
| CVE-2016-1726 | WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1723 and CVE-2016-1725. | HIGH | Feb 1, 2016 | n/a |
| CVE-2016-1727 | WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1724. | HIGH | Feb 1, 2016 | n/a |
| CVE-2016-1728 | The Cascading Style Sheets (CSS) implementation in Apple iOS before 9.2.1 and Safari before 9.0.3 mishandles the a:visited button selector during height processing, which makes it easier for remote attackers to obtain sensitive browser-history information via a crafted web site. | MEDIUM | Feb 1, 2016 | n/a |
| CVE-2015-3197 | an issue where a connecting client can force an SSL handshake to complete via SSLv2, even if allSSLv2 ciphers are disabled. It is important to note that simply disabling the SSLv2 ciphers on your OpenSSL server will not mitigate this issue. In order to prevent an SSLv2 connection, support for the actual protocol must be disabled as well. In other words, even if the server configuration only allows strong ciphers (such as AES-GCM) that are not part of SSLv2, it is possible for an attacker to \"slip through\" these disabled ciphers and complete a handshake usingSSLv2. SSLv2 is a weak and broken protocol and should not be used. If that\'s not possible -- and really, the only reason is having to support very old clients | MEDIUM | Feb 12, 2016 | openSSL-1.0.7.0 (VxWorks 7) |
| CVE-2015-7504 | A heap-based buffer overflow flaw was discovered in the way QEMU\'s AMD PC-Net II Ethernet Controller emulation received certain packets in loopback mode. A privileged user (with the CAP_SYS_RAWIO capability) inside a guest could use this flaw to crash the host QEMU process (resulting in denial of service) or, potentially, execute arbitrary code with privileges of the host QEMU process. | MEDIUM | Feb 23, 2016 | n/a |
| CVE-2016-0702 | The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a CacheBleed attack. | LOW | Mar 7, 2016 | openSSL-1.0.7.0 (VxWorks 7) |
| CVE-2016-0705 | Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.<a href=http://cwe.mitre.org/data/definitions/415.html>CWE-415: Double Free</a> | HIGH | Mar 7, 2016 | openSSL-1.0.7.0 (VxWorks 7) |
| CVE-2016-0797 | Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.<a href=http://cwe.mitre.org/data/definitions/190.html>CWE-190: Integer Overflow or Wraparound</a> <a href=http://cwe.mitre.org/data/definitions/476.html>CWE-476: NULL Pointer Dereference</a> | MEDIUM | Mar 7, 2016 | openSSL-1.0.7.0 (VxWorks 7) |
| CVE-2016-0798 | Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c. | HIGH | Mar 7, 2016 | openSSL-1.0.7.0 (VxWorks 7) |
| CVE-2016-0799 | The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842. | HIGH | Mar 7, 2016 | openSSL-1.0.7.0 (VxWorks 7) |
| CVE-2016-1630 | The ContainerNode::parserRemoveChild function in WebKit/Source/core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 49.0.2623.75, mishandles widget updates, which makes it easier for remote attackers to bypass the Same Origin Policy via a crafted web site. | MEDIUM | Mar 7, 2016 | n/a |
| CVE-2016-1634 | Use-after-free vulnerability in the StyleResolver::appendCSSStyleSheet function in WebKit/Source/core/css/resolver/StyleResolver.cpp in Blink, as used in Google Chrome before 49.0.2623.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site that triggers Cascading Style Sheets (CSS) style invalidation during a certain subtree-removal action.<a href=http://cwe.mitre.org/data/definitions/416.html>CWE-416: Use After Free</a> | HIGH | Mar 7, 2016 | n/a |
| CVE-2016-0703 | The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800. | MEDIUM | Mar 8, 2016 | openSSL-1.0.4.0 (VxWorks 7) |
| CVE-2016-0704 | An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800. | MEDIUM | Mar 11, 2016 | openSSL-1.0.4.0 (VxWorks 7) |
| CVE-2016-0800 | The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a DROWN attack. | MEDIUM | Mar 11, 2016 | openSSL-1.0.7.0 (VxWorks 7) |
| CVE-2014-3591 | Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server\'s private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication. | LOW | Mar 12, 2016 | n/a |
| CVE-2015-5229 | It was discovered that the calloc implementation in glibc could return memory areas which contain non-zero bytes. This could result in unexpected application behavior such as hangs or crashes. | MEDIUM | Mar 12, 2016 | n/a |
| CVE-2015-5300 | It was found that ntpd did not correctly implement the threshold limitation for the \'-g\' option, which is used to set the time without any restrictions. A man-in-the-middle attacker able to intercept NTP traffic between a connecting client and an NTP server could use this flaw to force that client to make multiple steps larger than the panic threshold, effectively changing the time to an arbitrary value at any time. | MEDIUM | Mar 12, 2016 | ntp-1.2.0.2 (VxWorks 7) |
| CVE-2016-0821 | The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636. | MEDIUM | Mar 12, 2016 | n/a |
| CVE-2016-1643 | The ImageInputType::ensurePrimaryContent function in WebKit/Source/core/html/forms/ImageInputType.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly maintain the user agent shadow DOM, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage type confusion. | HIGH | Mar 18, 2016 | n/a |
| CVE-2016-1644 | WebKit/Source/core/layout/LayoutObject.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly restrict relayout scheduling, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted HTML document.<a href=http://cwe.mitre.org/data/definitions/416.html>CWE-416: Use After Free</a> | HIGH | Mar 18, 2016 | n/a |
| CVE-2016-1972 | Race condition in libvpx in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.<a href=http://cwe.mitre.org/data/definitions/416.html>CWE-416: Use After Free</a> | MEDIUM | Mar 18, 2016 | n/a |
| CVE-2016-3116 | CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data.<a href=https://cwe.mitre.org/data/definitions/93.html>CWE-93: Improper Neutralization of CRLF Sequences (\'CRLF Injection\')</a> | MEDIUM | Mar 23, 2016 | n/a |
| CVE-2016-1778 | WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | HIGH | Mar 25, 2016 | n/a |
| CVE-2016-1779 | WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to bypass the Same Origin Policy and obtain physical-location data via a crafted geolocation request. | MEDIUM | Mar 25, 2016 | n/a |
| CVE-2016-1780 | WebKit in Apple iOS before 9.3 does not prevent hidden web views from reading orientation and motion data, which allows remote attackers to obtain sensitive information about a device\'s physical environment via a crafted web site. | MEDIUM | Mar 25, 2016 | n/a |
| CVE-2016-1781 | WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles attachment URLs, which makes it easier for remote web servers to track users via unspecified vectors. | MEDIUM | Mar 25, 2016 | n/a |
| CVE-2016-1782 | WebKit in Apple iOS before 9.3 and Safari before 9.1 does not properly restrict redirects that specify a TCP port number, which allows remote attackers to bypass intended port restrictions via a crafted web site. | MEDIUM | Mar 25, 2016 | n/a |
| CVE-2016-1783 | WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | HIGH | Mar 25, 2016 | n/a |
| CVE-2016-1785 | The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | MEDIUM | Mar 25, 2016 | n/a |
| CVE-2016-1786 | The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx (aka redirection) status code, which allows remote attackers to spoof the displayed URL, bypass the Same Origin Policy, and obtain sensitive cached information via a crafted web site. | MEDIUM | Mar 25, 2016 | n/a |
| CVE-2016-1784 | The History implementation in WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to cause a denial of service (resource consumption and application crash) via a crafted web site. | MEDIUM | Mar 28, 2016 | n/a |
| CVE-2016-2118 | The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka BADLOCK. | MEDIUM | Apr 12, 2016 | n/a |
| CVE-2016-3157 | The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly context-switch IOPL on 64-bit PV Xen guests, which allows guest OS users to gain privileges, cause a denial of service (guest OS crash), or obtain sensitive information by leveraging I/O port access. | HIGH | Apr 12, 2016 | n/a |
| CVE-2015-8806 | dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the <!DOCTYPE html substring in a crafted HTML document. | Medium | Apr 18, 2016 | n/a |
| CVE-2016-3961 | Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area. | LOW | Apr 18, 2016 | n/a |
| CVE-2016-0682 | Unspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0689, CVE-2016-0692, CVE-2016-0694, and CVE-2016-3418. | MEDIUM | Apr 21, 2016 | n/a |
| CVE-2016-0689 | Unspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0682, CVE-2016-0692, CVE-2016-0694, and CVE-2016-3418. | MEDIUM | Apr 21, 2016 | n/a |
| CVE-2016-0692 | Unspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0682, CVE-2016-0689, CVE-2016-0694, and CVE-2016-3418. | MEDIUM | Apr 21, 2016 | n/a |
| CVE-2016-0694 | Unspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0682, CVE-2016-0689, CVE-2016-0692, and CVE-2016-3418. | MEDIUM | Apr 21, 2016 | n/a |
