Skip to main content
CVE-2015-8863 CRITICAL PATCH Act Now

Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.6%.

Denial Of Service Buffer Overflow Leap Opensuse Jq
NVD GitHub
CVSS 3.0
9.8
EPSS
10.6%
CVE-2015-0857 CRITICAL Act Now

Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Tardiff Debian Linux
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2016-4422 CRITICAL Act Now

The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth might allow context-dependent attackers to bypass authentication or gain privileges via a system user account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Libpam Sshauth Debian Linux
NVD
CVSS 3.1
9.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy