Search Results (4205 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-3451 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2025-04-12 N/A
The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.
CVE-2015-5213 5 Apache, Canonical, Debian and 2 more 5 Openoffice, Ubuntu Linux, Debian Linux and 2 more 2025-04-12 N/A
Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a long DOC file, which triggers a buffer overflow.
CVE-2016-1577 3 Canonical, Jasper Project, Redhat 3 Ubuntu Linux, Jasper, Enterprise Linux 2025-04-12 N/A
Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137.
CVE-2016-1580 1 Canonical 2 Ubuntu-core-launcher, Ubuntu Linux 2025-04-12 N/A
The setup_snappy_os_mounts function in the ubuntu-core-launcher package before 1.0.27.1 improperly determines the mount point of bind mounts when using snaps, which might allow remote attackers to obtain sensitive information or gain privileges via a snap with a name starting with "ubuntu-core."
CVE-2015-5964 4 Canonical, Djangoproject, Oracle and 1 more 4 Ubuntu Linux, Django, Solaris and 1 more 2025-04-12 N/A
The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors.
CVE-2015-5247 2 Canonical, Redhat 2 Ubuntu Linux, Libvirt 2025-04-12 N/A
The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool.
CVE-2015-3416 6 Apple, Canonical, Debian and 3 more 7 Mac Os X, Watchos, Ubuntu Linux and 4 more 2025-04-12 N/A
The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.
CVE-2015-5260 4 Canonical, Debian, Redhat and 1 more 10 Ubuntu Linux, Debian Linux, Enterprise Linux and 7 more 2025-04-12 N/A
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.
CVE-2015-3415 6 Apple, Canonical, Debian and 3 more 7 Mac Os X, Watchos, Ubuntu Linux and 4 more 2025-04-12 N/A
The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.
CVE-2015-5262 3 Apache, Canonical, Fedoraproject 3 Httpclient, Ubuntu Linux, Fedora 2025-04-12 N/A
http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.
CVE-2016-1575 2 Canonical, Linux 4 Ubuntu Core, Ubuntu Linux, Ubuntu Touch and 1 more 2025-04-12 7.8 High
The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.
CVE-2015-3414 6 Apple, Canonical, Debian and 3 more 7 Mac Os X, Watchos, Ubuntu Linux and 4 more 2025-04-12 N/A
SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.
CVE-2015-3409 2 Canonical, Module-signature Project 2 Ubuntu Linux, Module-signature 2025-04-12 N/A
Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module.
CVE-2015-5296 4 Canonical, Debian, Redhat and 1 more 5 Ubuntu Linux, Debian Linux, Enterprise Linux and 2 more 2025-04-12 5.4 Medium
Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c.
CVE-2016-1576 2 Canonical, Linux 4 Ubuntu Core, Ubuntu Linux, Ubuntu Touch and 1 more 2025-04-12 7.8 High
The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.
CVE-2016-1581 1 Canonical 2 Lxd, Ubuntu Linux 2025-04-12 N/A
LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors.
CVE-2015-5307 6 Canonical, Debian, Linux and 3 more 9 Ubuntu Linux, Debian Linux, Linux Kernel and 6 more 2025-04-12 N/A
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c.
CVE-2015-5312 6 Apple, Canonical, Debian and 3 more 15 Iphone Os, Mac Os X, Tvos and 12 more 2025-04-12 N/A
The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.
CVE-2015-3408 2 Canonical, Module-signature Project 2 Ubuntu Linux, Module-signature 2025-04-12 N/A
Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest.
CVE-2015-3407 2 Canonical, Module-signature Project 2 Ubuntu Linux, Module-signature 2025-04-12 N/A
Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files.