Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-1868 |
The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself. Published: May 18, 2015; 11:59:05 AM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2015-1860 |
Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image. Published: May 12, 2015; 3:59:06 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-1859 |
Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image. Published: May 12, 2015; 3:59:05 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-1858 |
Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image. Published: May 12, 2015; 3:59:04 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-3340 |
Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request. Published: April 28, 2015; 10:59:02 AM -0400 |
V3.x:(not available) V2.0: 2.9 LOW |
CVE-2015-3148 |
cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. Published: April 24, 2015; 10:59:11 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-3145 |
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character. Published: April 24, 2015; 10:59:10 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-0844 |
The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file. Published: April 14, 2015; 2:59:03 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-2806 |
Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors. Published: April 10, 2015; 11:00:05 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2015-2782 |
Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ARJ archive. Published: April 08, 2015; 2:59:06 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-0557 |
Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive. Published: April 08, 2015; 2:59:04 PM -0400 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2015-0556 |
Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive. Published: April 08, 2015; 2:59:03 PM -0400 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2015-1827 |
The get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (crash) via a group list request for a user that belongs to a large number of groups. Published: March 30, 2015; 10:59:04 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-1815 |
The get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot before 3.2.22 allows remote attackers to execute arbitrary commands via shell metacharacters in a file name. Published: March 30, 2015; 10:59:03 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2015-2331 |
Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow. Published: March 30, 2015; 6:59:12 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-2157 |
The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory. Published: March 27, 2015; 10:59:05 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2015-2317 |
The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a control character in a URL, as demonstrated by a \x08javascript: URL. Published: March 25, 2015; 10:59:04 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-2316 |
The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the input string. Published: March 25, 2015; 10:59:02 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-0295 |
The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file. Published: March 25, 2015; 10:59:01 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-0252 |
internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data. Published: March 24, 2015; 1:59:01 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |