Linux Security Vulnerabilities and Issues — Linux CVE List

Lucene search

OracleLinux

11 matches found

CVE•added 2017/04/11 6:59 p.m.•1783 views

CVE-2016-1908

The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on...

9.8CVSS9AI score0.04423EPSS

CVE•added 2017/01/30 9:59 p.m.•173 views

CVE-2016-2518

The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.

5.3CVSS6.2AI score0.00785EPSS

CVE•added 2017/07/21 2:29 p.m.•169 views

CVE-2015-5219

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.

7.5CVSS7.1AI score0.0364EPSS

CVE•added 2017/01/30 9:59 p.m.•169 views

CVE-2015-7977

ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.

5.9CVSS6.3AI score0.11631EPSS

CVE•added 2017/08/07 8:29 p.m.•168 views

CVE-2015-7701

Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).

7.5CVSS8.2AI score0.06317EPSS

CVE•added 2017/08/07 8:29 p.m.•167 views

CVE-2015-7691

The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.

7.5CVSS7.8AI score0.11502EPSS

CVE•added 2017/08/07 8:29 p.m.•154 views

CVE-2015-7692

The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.

7.5CVSS7.9AI score0.11502EPSS

CVE•added 2017/08/07 8:29 p.m.•151 views

CVE-2015-7702

6.5CVSS7.9AI score0.11502EPSS

CVE•added 2017/07/24 2:29 p.m.•150 views

CVE-2015-7703

The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration passwor...

7.5CVSS8.6AI score0.03193EPSS

CVE•added 2017/08/07 8:29 p.m.•135 views

CVE-2015-7852

ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.

5.9CVSS7.1AI score0.0317EPSS

CVE•added 2017/03/15 7:59 p.m.•79 views

CVE-2015-8896

Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file.

6.5CVSS6.3AI score0.00228EPSS