Search Results (4189 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-5213 5 Apache, Canonical, Debian and 2 more 5 Openoffice, Ubuntu Linux, Debian Linux and 2 more 2025-04-12 N/A
Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a long DOC file, which triggers a buffer overflow.
CVE-2015-5252 4 Canonical, Debian, Redhat and 1 more 5 Ubuntu Linux, Debian Linux, Enterprise Linux and 2 more 2025-04-12 7.2 High
vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share.
CVE-2015-5198 2 Canonical, Libvdpau Project 2 Ubuntu Linux, Libvdpau 2025-04-12 N/A
libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to gain privileges via unspecified vectors, related to the VDPAU_DRIVER_PATH environment variable.
CVE-2015-5199 2 Canonical, Libvdpau Project 2 Ubuntu Linux, Libvdpau 2025-04-12 N/A
Directory traversal vulnerability in dlopen in libvdpau before 1.1.1 allows local users to gain privileges via the VDPAU_DRIVER environment variable.
CVE-2015-5200 2 Canonical, Libvdpau Project 2 Ubuntu Linux, Libvdpau 2025-04-12 N/A
The trace functionality in libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to write to arbitrary files via unspecified vectors.
CVE-2015-5260 4 Canonical, Debian, Redhat and 1 more 10 Ubuntu Linux, Debian Linux, Enterprise Linux and 7 more 2025-04-12 N/A
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.
CVE-2015-5143 5 Canonical, Debian, Djangoproject and 2 more 5 Ubuntu Linux, Debian Linux, Django and 2 more 2025-04-12 N/A
The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys.
CVE-2015-4913 7 Canonical, Debian, Fedoraproject and 4 more 17 Ubuntu Linux, Debian Linux, Fedora and 14 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858.
CVE-2015-5144 4 Canonical, Debian, Djangoproject and 1 more 4 Ubuntu Linux, Debian Linux, Django and 1 more 2025-04-12 N/A
Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator.
CVE-2015-4879 6 Canonical, Debian, Fedoraproject and 3 more 15 Ubuntu Linux, Debian Linux, Fedora and 12 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML.
CVE-2015-4895 6 Canonical, Debian, Fedoraproject and 3 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.
CVE-2015-5174 4 Apache, Canonical, Debian and 1 more 6 Tomcat, Ubuntu Linux, Debian Linux and 3 more 2025-04-12 N/A
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.
CVE-2015-4864 4 Canonical, Mariadb, Oracle and 1 more 12 Ubuntu Linux, Mariadb, Mysql and 9 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.
CVE-2015-4866 4 Canonical, Mariadb, Oracle and 1 more 4 Ubuntu Linux, Mariadb, Mysql and 1 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.
CVE-2015-4861 7 Canonical, Debian, Fedoraproject and 4 more 17 Ubuntu Linux, Debian Linux, Fedora and 14 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.
CVE-2015-4870 7 Canonical, Debian, Fedoraproject and 4 more 17 Ubuntu Linux, Debian Linux, Fedora and 14 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.
CVE-2015-5261 4 Canonical, Debian, Redhat and 1 more 10 Ubuntu Linux, Debian Linux, Enterprise Linux and 7 more 2025-04-12 N/A
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.
CVE-2015-4819 6 Canonical, Debian, Fedoraproject and 3 more 16 Ubuntu Linux, Debian Linux, Fedora and 13 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs.
CVE-2015-4826 7 Canonical, Debian, Fedoraproject and 4 more 16 Ubuntu Linux, Debian Linux, Fedora and 13 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.
CVE-2015-4815 7 Canonical, Debian, Fedoraproject and 4 more 17 Ubuntu Linux, Debian Linux, Fedora and 14 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.