Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
954083.9%HIGH

Related CVEs

54
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2017-17806The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization.HIGH7.842.5%Dec 20, 2017
CVE-2017-17805The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.HIGH7.834.4%Dec 20, 2017
CVE-2016-1254Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.NONE85.7%Dec 5, 2017
CVE-2015-3138print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash).NONE81.0%Sep 28, 2017
CVE-2014-4616Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.MEDIUM5.994.1%Aug 24, 2017
CVE-2015-3405ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.NONE91.6%Aug 9, 2017
CVE-2015-5203Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.NONE77.5%Aug 2, 2017
CVE-2015-5221Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.NONE80.2%Jul 25, 2017
CVE-2016-9961game-music-emu before 0.6.1 mishandles unspecified integer values.NONE90.1%Jun 6, 2017
CVE-2016-9960game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).NONE40.8%Jun 6, 2017
CVE-2016-9959game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.NONE81.4%Apr 12, 2017
CVE-2016-9958game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.NONE81.4%Apr 12, 2017
CVE-2016-9957Stack-based buffer overflow in game-music-emu before 0.6.1.NONE77.5%Apr 12, 2017
CVE-2017-6542The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow.NONE97.3%Mar 27, 2017
CVE-2015-8010Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi.NONE70.9%Mar 27, 2017
CVE-2016-7797Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.NONE86.8%Mar 24, 2017
CVE-2016-9556The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file.NONE81.0%Mar 23, 2017
CVE-2016-10048Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors.NONE93.0%Mar 23, 2017
CVE-2014-9851ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash).NONE88.4%Mar 20, 2017
CVE-2014-9850Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption).NONE88.1%Mar 20, 2017