Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-8104 |
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c. Published: November 16, 2015; 6:59:12 AM -0500 |
V3.x:(not available) V2.0: 4.7 MEDIUM |
CVE-2015-8126 |
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. Published: November 12, 2015; 10:59:05 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-5214 |
LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via an index to a non-existent bookmark in a DOC file. Published: November 10, 2015; 12:59:04 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-5213 |
Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a long DOC file, which triggers a buffer overflow. Published: November 10, 2015; 12:59:03 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-5212 |
Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted PrinterSetup data in an ODF document. Published: November 10, 2015; 12:59:02 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-4551 |
LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow remote attackers to obtain sensitive information via a crafted document, which embeds data from local files into (1) Calc or (2) Writer. Published: November 10, 2015; 12:59:00 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-2697 |
The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\0' character in a long realm field within a TGS request. Published: November 08, 2015; 10:59:03 PM -0500 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2015-2696 |
lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call. Published: November 08, 2015; 10:59:02 PM -0500 |
V3.x:(not available) V2.0: 7.1 HIGH |
CVE-2015-2695 |
lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call. Published: November 08, 2015; 10:59:00 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-6855 |
hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash. Published: November 06, 2015; 4:59:07 PM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2015-7697 |
Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive. Published: November 06, 2015; 1:59:05 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-7696 |
Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value. Published: November 06, 2015; 1:59:04 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-6031 |
Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the MiniUPnP client (aka MiniUPnPc) before 1.9.20150917 allows remote UPNP servers to cause a denial of service (application crash) and possibly execute arbitrary code via an "oversized" XML element name. Published: November 02, 2015; 2:59:14 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-5262 |
http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors. Published: October 27, 2015; 12:59:07 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-7674 |
Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow. Published: October 26, 2015; 1:59:11 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-5289 |
Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values. Published: October 26, 2015; 10:59:02 AM -0400 |
V3.x:(not available) V2.0: 6.4 MEDIUM |
CVE-2015-4913 |
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858. Published: October 21, 2015; 8:00:16 PM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2015-4895 |
Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. Published: October 21, 2015; 7:59:55 PM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2015-4879 |
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML. Published: October 21, 2015; 7:59:42 PM -0400 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2015-4870 |
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser. Published: October 21, 2015; 7:59:34 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |