Search Results (Refine Search)
- CPE Product Version: cpe:/o:fedoraproject:fedora:20
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-3340 |
Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request. Published: April 28, 2015; 10:59:02 AM -0400 |
V3.x:(not available) V2.0: 2.9 LOW |
CVE-2015-0844 |
The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file. Published: April 14, 2015; 2:59:03 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-2806 |
Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors. Published: April 10, 2015; 11:00:05 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2015-2782 |
Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ARJ archive. Published: April 08, 2015; 2:59:06 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-0557 |
Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive. Published: April 08, 2015; 2:59:04 PM -0400 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2015-0556 |
Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive. Published: April 08, 2015; 2:59:03 PM -0400 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2015-2756 |
QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response. Published: April 01, 2015; 10:59:08 AM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2015-2752 |
The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service (host CPU consumption) via a crafted request to the device model (qemu-dm). Published: April 01, 2015; 10:59:06 AM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2015-2751 |
Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations. Published: April 01, 2015; 10:59:05 AM -0400 |
V3.x:(not available) V2.0: 7.1 HIGH |
CVE-2015-2157 |
The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory. Published: March 27, 2015; 10:59:05 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2015-0295 |
The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file. Published: March 25, 2015; 10:59:01 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-0252 |
internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data. Published: March 24, 2015; 1:59:01 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-2152 |
Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support. Published: March 18, 2015; 12:59:02 PM -0400 |
V3.x:(not available) V2.0: 1.9 LOW |
CVE-2015-0778 |
osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file. Published: March 16, 2015; 10:59:01 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-1782 |
The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet. Published: March 13, 2015; 10:59:00 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-2151 |
The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors. Published: March 12, 2015; 10:59:03 AM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2015-2045 |
The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors. Published: March 12, 2015; 10:59:01 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2015-2206 |
libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests. Published: March 09, 2015; 1:59:10 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-0886 |
Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maximum exponent. Published: February 27, 2015; 9:59:35 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-9679 |
Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow. Published: February 19, 2015; 10:59:11 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |