Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-4106 |
QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors. Published: June 03, 2015; 4:59:09 PM -0400 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2015-2922 |
The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. Published: May 27, 2015; 6:59:06 AM -0400 |
V3.x:(not available) V2.0: 3.3 LOW |
CVE-2015-3455 |
Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate. Published: May 18, 2015; 11:59:11 AM -0400 |
V3.x:(not available) V2.0: 2.6 LOW |
CVE-2015-1868 |
The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself. Published: May 18, 2015; 11:59:05 AM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2015-1860 |
Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image. Published: May 12, 2015; 3:59:06 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-1859 |
Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image. Published: May 12, 2015; 3:59:05 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-1858 |
Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image. Published: May 12, 2015; 3:59:04 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-3340 |
Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request. Published: April 28, 2015; 10:59:02 AM -0400 |
V3.x:(not available) V2.0: 2.9 LOW |
CVE-2015-3148 |
cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. Published: April 24, 2015; 10:59:11 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-3145 |
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character. Published: April 24, 2015; 10:59:10 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-0844 |
The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file. Published: April 14, 2015; 2:59:03 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-2806 |
Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors. Published: April 10, 2015; 11:00:05 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2015-2782 |
Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ARJ archive. Published: April 08, 2015; 2:59:06 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-0557 |
Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive. Published: April 08, 2015; 2:59:04 PM -0400 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2015-0556 |
Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive. Published: April 08, 2015; 2:59:03 PM -0400 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2015-1827 |
The get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (crash) via a group list request for a user that belongs to a large number of groups. Published: March 30, 2015; 10:59:04 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-1815 |
The get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot before 3.2.22 allows remote attackers to execute arbitrary commands via shell metacharacters in a file name. Published: March 30, 2015; 10:59:03 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2015-2331 |
Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow. Published: March 30, 2015; 6:59:12 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-2157 |
The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory. Published: March 27, 2015; 10:59:05 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2015-2317 |
The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a control character in a URL, as demonstrated by a \x08javascript: URL. Published: March 25, 2015; 10:59:04 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |