NVD List
| Id | Name | Description | Reject | CVSS Version | CVSS Score | Severity | Pub Date | Modified Date | Actions |
|---|---|---|---|---|---|---|---|---|---|
| 28665 | CVE-2015-8539 | The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c. | 2 | 7.2 | High | 2017-01-19 | 2016-12-05 | View | |
| 28666 | CVE-2015-8540 | Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read. | 2 | 9.3 | High | 2017-01-19 | 2016-11-28 | View | |
| 28667 | CVE-2015-8542 | An issue was discovered in Open-Xchange Guard before 2.2.0-rev8. The "getprivkeybyid" API call is used to download a PGP Private Key for a specific user after providing authentication credentials. Clients provide the "id" and "cid" parameter to specify the current user by its user- and context-ID. The "auth" parameter contains a hashed password string which gets created by the client by asking the user to enter his or her OX Guard password. This parameter is used as single point of authentication when accessing PGP Private Keys. In case a user has set the same password as another user, it is possible to download another user"s PGP Private Key by iterating the "id" and "cid" parameters. This kind of attack would also be able by brute-forcing login credentials, but since the "id" and "cid" parameters are sequential they are much easier to predict than a user"s login name. At the same time, there are some obvious insecure standard passwords that are widely used. A attacker could send the hashed representation of typically weak passwords and randomly fetch Private Key of matching accounts. The attack can be executed by both internal users and "guests" which use the external mail reader. | 2 | 4 | Medium | 2017-01-19 | 2016-12-16 | View | |
| 28668 | CVE-2015-8543 | The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application. | 2 | 6.9 | Medium | 2017-01-19 | 2016-12-07 | View | |
| 81696 | CVE-2015-8544 | NetApp SnapDrive for Windows before 7.0.2P4, 7.0.3, and 7.1 before 7.1.3P1 allows remote attackers to obtain sensitive information via unspecified vectors. | 2 | 5 | Medium | 2017-02-28 | 2017-02-24 | View |
Page 15070 of 17672, showing 5 records out of 88360 total, starting on record 75346, ending on 75350
