Skip to main content
CVE-2015-8863 CRITICAL PATCH Act Now

Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.6%.

Denial Of Service Buffer Overflow Leap Opensuse Jq
NVD GitHub
CVSS 3.0
9.8
EPSS
10.6%
CVE-2016-4074 HIGH POC PATCH This Week

The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Jq
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2015-0857 CRITICAL Act Now

Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Tardiff Debian Linux
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2016-4422 CRITICAL Act Now

The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth might allow context-dependent attackers to bypass authentication or gain privileges via a system user account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Libpam Sshauth Debian Linux
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2015-8868 HIGH This Week

Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Fedora Debian Linux +2
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2016-2094 HIGH This Week

The HTTPS NIO Connector allows remote attackers to cause a denial of service (thread consumption) by opening a socket and not sending an SSL handshake, aka a read-timeout vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Enterprise Application Platform
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2015-0858 LOW Monitor

Cool Projects TarDiff allows local users to write to arbitrary files via a symlink attack on a pathname in a /tmp/tardiff-$$ temporary directory. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Debian Linux Tardiff
NVD
CVSS 3.0
3.3
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy