| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2016-9105 |
3 Qemu, Opensuse Project, Opensuse |
3 Leap, Qemu, Leap |
2018-12-01 |
2.1 |
| Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors involving a reference to the source fid object. |
| CVE-2016-9101 |
3 Qemu, Opensuse Project, Opensuse |
3 Leap, Qemu, Leap |
2018-12-01 |
2.1 |
| Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device. |
| CVE-2015-7547 |
11 Sophos, Oracle, Canonical and 8 more |
31 Big-ip Policy Enforcement Manager, Linux Enterprise Debuginfo, Helion Openstack and 28 more |
2018-11-30 |
6.8 |
| Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute... |
| CVE-2016-8689 |
3 Libarchive, Opensuse Project, Opensuse |
3 Leap, Libarchive, Leap |
2018-11-30 |
5.0 |
| The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive. |
| CVE-2016-8688 |
3 Libarchive, Opensuse Project, Opensuse |
3 Leap, Libarchive, Leap |
2018-11-30 |
4.3 |
| The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or... |
| CVE-2016-8687 |
3 Libarchive, Opensuse Project, Opensuse |
3 Leap, Libarchive, Leap |
2018-11-30 |
5.0 |
| Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename. |
| CVE-2017-5934 |
4 Moinmo, Canonical, Debian and 1 more |
4 Moinmoin, Ubuntu Linux, Debian Linux and 1 more |
2018-11-29 |
4.3 |
| Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2015-5221 |
4 Fedoraproject, Opensuse Project, Jasper Project and 1 more |
6 Fedora, Opensuse, Jasper and 3 more |
2018-11-22 |
4.3 |
| Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. |
| CVE-2015-5203 |
4 Opensuse Project, Jasper Project, Fedoraproject and 1 more |
6 Opensuse, Jasper, Fedora and 3 more |
2018-11-22 |
4.3 |
| Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. |
| CVE-2016-0718 |
8 Libexpat, Apple, Canonical and 5 more |
14 Linux Enterprise Software Development Kit, Ubuntu Linux, Leap and 11 more |
2018-11-16 |
7.5 |
| Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. |
| CVE-2017-13081 |
7 W1.fi, Canonical, Debian and 4 more |
12 Hostapd, Wpa Supplicant, Ubuntu Linux and 9 more |
2018-11-13 |
2.9 |
| Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients. |
| CVE-2017-13080 |
7 W1.fi, Canonical, Debian and 4 more |
12 Hostapd, Wpa Supplicant, Ubuntu Linux and 9 more |
2018-11-13 |
2.9 |
| Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients. |
| CVE-2017-13079 |
7 W1.fi, Canonical, Debian and 4 more |
12 Hostapd, Wpa Supplicant, Ubuntu Linux and 9 more |
2018-11-13 |
2.9 |
| Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients. |
| CVE-2017-13078 |
7 W1.fi, Canonical, Debian and 4 more |
12 Hostapd, Wpa Supplicant, Ubuntu Linux and 9 more |
2018-11-13 |
2.9 |
| Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients. |
| CVE-2017-13077 |
9 Wpa, Wpa2, W1.fi and 6 more |
14 Wpa, Wpa2, Hostapd and 11 more |
2018-11-13 |
5.4 |
| Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. |
| CVE-2016-7141 |
3 Haxx, Novell, Opensuse |
3 Leap, Libcurl, Leap |
2018-11-13 |
5.0 |
| curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from... |
| CVE-2016-5421 |
4 Debian, Haxx, Novell and 1 more |
4 Debian Linux, Leap, Libcurl and 1 more |
2018-11-13 |
7.5 |
| Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors. |
| CVE-2016-5420 |
4 Debian, Haxx, Novell and 1 more |
4 Debian Linux, Leap, Libcurl and 1 more |
2018-11-13 |
5.0 |
| curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a... |
| CVE-2016-5419 |
4 Debian, Haxx, Novell and 1 more |
4 Debian Linux, Leap, Libcurl and 1 more |
2018-11-13 |
5.0 |
| curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session. |
| CVE-2017-13082 |
7 W1.fi, Canonical, Debian and 4 more |
12 Hostapd, Wpa Supplicant, Ubuntu Linux and 9 more |
2018-11-02 |
5.8 |
| Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay,... |
