Filtered by vendor
Subscriptions
Total
166 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-2041 | 3 Debian, Linux, Suse | 3 Debian Linux, Linux Kernel, Suse Linux Enterprise Server | 2024-11-21 | N/A |
net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry. | ||||
CVE-2015-2019 | 1 Ibm | 1 Tivoli Directory Server | 2024-11-21 | N/A |
IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not prevent caching of documents retrieved in SSL sessions, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation. | ||||
CVE-2015-1935 | 1 Ibm | 1 Db2 | 2024-11-21 | N/A |
The scalar-function implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors. | ||||
CVE-2015-1852 | 3 Canonical, Openstack, Redhat | 4 Ubuntu Linux, Keystonemiddleware, Python-keystoneclient and 1 more | 2024-11-21 | N/A |
The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate, a different vulnerability than CVE-2014-7144. | ||||
CVE-2015-1841 | 1 Redhat | 2 Enterprise Linux, Enterprise Virtualization | 2024-11-21 | N/A |
The Web Admin interface in Red Hat Enterprise Virtualization Manager (RHEV-M) allows local users to bypass the timeout function by selecting a VM in the VM grid view. | ||||
CVE-2015-1822 | 3 Debian, Redhat, Tuxfamily | 3 Debian Linux, Enterprise Linux, Chrony | 2024-11-21 | N/A |
chrony before 1.31.1 does not initialize the last "next" pointer when saving unacknowledged replies to command requests, which allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a large number of command requests. | ||||
CVE-2015-1805 | 3 Google, Linux, Redhat | 8 Android, Linux Kernel, Enterprise Linux and 5 more | 2024-11-21 | N/A |
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun." | ||||
CVE-2015-1799 | 2 Ntp, Redhat | 2 Ntp, Enterprise Linux | 2024-11-21 | N/A |
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer. | ||||
CVE-2015-1798 | 2 Ntp, Redhat | 2 Ntp, Enterprise Linux | 2024-11-21 | N/A |
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC. | ||||
CVE-2015-1728 | 1 Microsoft | 1 Windows Media Player | 2024-11-21 | N/A |
Microsoft Windows Media Player 10 through 12 allows remote attackers to execute arbitrary code via a crafted DataObject on a web site, aka "Windows Media Player RCE via DataObject Vulnerability." | ||||
CVE-2015-1465 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-11-21 | N/A |
The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a denial of service (memory consumption or system crash) via a flood of packets. | ||||
CVE-2015-1463 | 2 Clamav, Fedoraproject | 2 Clamav, Fedora | 2024-11-21 | N/A |
ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization." | ||||
CVE-2015-1452 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A |
The Control and Provisioning of Wireless Access Points (CAPWAP) daemon in Fortinet FortiOS 5.0 Patch 7 build 4457 allows remote attackers to cause a denial of service (locked CAPWAP Access Controller) via a large number of ClientHello DTLS messages. | ||||
CVE-2015-1361 | 1 Google | 1 Chrome | 2024-11-21 | N/A |
platform/image-decoders/ImageFrame.h in Blink, as used in Google Chrome before 40.0.2214.91, does not initialize a variable that is used in calls to the Skia SkBitmap::setAlphaType function, which might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document, a different vulnerability than CVE-2015-1205. | ||||
CVE-2015-1334 | 1 Linuxcontainers | 1 Lxc | 2024-11-21 | N/A |
attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1) AppArmor profile or (2) SELinux label. | ||||
CVE-2015-1288 | 4 Debian, Google, Opensuse and 1 more | 8 Debian Linux, Chrome, Opensuse and 5 more | 2024-11-21 | N/A |
The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263. | ||||
CVE-2015-1287 | 4 Debian, Google, Opensuse and 1 more | 8 Debian Linux, Chrome, Opensuse and 5 more | 2024-11-21 | N/A |
Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to core/fetch/CSSStyleSheetResource.cpp. | ||||
CVE-2015-1263 | 3 Debian, Google, Redhat | 3 Debian Linux, Chrome, Rhel Extras | 2024-11-21 | N/A |
The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file. | ||||
CVE-2015-1262 | 3 Debian, Google, Redhat | 3 Debian Linux, Chrome, Rhel Extras | 2024-11-21 | N/A |
platform/fonts/shaping/HarfBuzzShaper.cpp in Blink, as used in Google Chrome before 43.0.2357.65, does not initialize a certain width field, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Unicode text. | ||||
CVE-2015-1259 | 3 Debian, Google, Redhat | 3 Debian Linux, Chrome, Rhel Extras | 2024-11-21 | N/A |
PDFium, as used in Google Chrome before 43.0.2357.65, does not properly initialize memory, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. |