Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2016-09-26	CVE-2016-6306	Out-of-bounds Read vulnerability in multiple products The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c. network high complexity openssl hp novell nodejs debian canonical CWE-125	5.9
2016-09-20	CVE-2015-8924	Out-of-bounds Read vulnerability in multiple products The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file. local low complexity libarchive novell canonical CWE-125	5.5
2016-09-20	CVE-2015-8923	Improper Input Validation vulnerability in multiple products The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file. network low complexity libarchive novell canonical CWE-20	6.5
2016-09-20	CVE-2015-8922	NULL Pointer Dereference vulnerability in multiple products The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct. local low complexity libarchive novell canonical oracle CWE-476	5.5
2016-09-20	CVE-2015-8920	Out-of-bounds Read vulnerability in multiple products The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file. local low complexity novell canonical libarchive CWE-125	5.5
2016-08-01	CVE-2016-1609	Cross-site Scripting vulnerability in Novell Filr 1.2/2.0 Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allow remote authenticated users to inject arbitrary web script or HTML via crafted input, as demonstrated by a crafted attribute of an IMG element in the phone field of a user profile. network low complexity novell CWE-79	5.4
2016-07-05	CVE-2016-4957	NULL Pointer Dereference vulnerability in multiple products ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. network low complexity oracle novell opensuse ntp suse CWE-476	5.0
2016-07-05	CVE-2016-4956	ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. network low complexity ntp oracle novell suse opensuse siemens	5.3
2016-07-05	CVE-2016-4955	Race Condition vulnerability in multiple products ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time. network high complexity ntp oracle novell suse opensuse siemens CWE-362	5.9
2016-06-27	CVE-2016-4470	The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command. local low complexity oracle linux novell redhat	5.5