Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Linux
(Oracle)| Repositories |
• https://github.com/torvalds/linux
• https://github.com/libarchive/libarchive • https://github.com/file/file • https://github.com/krb5/krb5 • https://github.com/apache/httpd |
| #Vulnerabilities | 218 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2015-07-20 | CVE-2015-0253 | The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI. | Http_server, Mac_os_x, Mac_os_x_server, Linux, Solaris | N/A | ||
| 2015-08-24 | CVE-2015-6243 | The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions. | Linux, Solaris, Wireshark | N/A | ||
| 2015-08-24 | CVE-2015-6244 | The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | Linux, Solaris, Wireshark | N/A | ||
| 2015-08-24 | CVE-2015-6245 | epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | Linux, Solaris, Wireshark | N/A | ||
| 2015-08-24 | CVE-2015-6246 | The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | Linux, Solaris, Wireshark | N/A | ||
| 2015-08-24 | CVE-2015-6248 | The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | Linux, Solaris, Wireshark | N/A | ||
| 2015-12-06 | CVE-2015-3195 | The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. | Mac_os_x, Ubuntu_linux, Debian_linux, Fedora, Openssl, Leap, Opensuse, Api_gateway, Communications_webrtc_session_controller, Exalogic_infrastructure, Http_server, Integrated_lights_out_manager_firmware, Life_sciences_data_hub, Linux, Solaris, Sun_ray_software, Transportation_management, Vm_server, Vm_virtualbox, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Linux_enterprise_server | 5.3 | ||
| 2016-05-16 | CVE-2015-4643 | Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022. | Debian_linux, Linux, Php, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 9.8 | ||
| 2016-06-20 | CVE-2016-2177 | OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c. | Icewall_mcrp, Icewall_sso, Icewall_sso_agent_option, Openssl, Linux, Solaris | 9.8 | ||
| 2016-06-20 | CVE-2016-2178 | The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. | Ubuntu_linux, Debian_linux, Node\.js, Openssl, Linux, Solaris, Linux_enterprise | 5.5 |