CVE-2014-8159

The InfiniBand IB implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux RHEL 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a...

CVE-2014-8172

CVE-2014-8172 affects the Linux kernel prior to 3.13, where files list handling uses an inappropriate locking approach around Asynchronous I/O (AIO). This local-denial-of-service flaw can cause soft lockups or a system crash. The available documentation confirms the vulnerability and its local at...

CVE-2015-0274

The XFS implementation in the Linux kernel before 3.15 improperly uses an old size value during remote attribute replacement, which allows local users to cause a denial of service transaction overrun and data corruption or possibly gain privileges by leveraging XFS filesystem access...

[SECURITY] Fedora 22 Update: libssh2-1.5.0-1.fc22

libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS22, SECSH-USERAUTH25, SECSH-CONNECTION23, SECSH-ARCH20, SECSH-FILEXFER06, SECSH-DHGEX04, and SECSH-NUMBERS10...

[SECURITY] Fedora 22 Update: jBCrypt-0.4-1.fc22

A Java implementation of OpenBSD's Blowfish password hashing code...

Session fixation

The Session Description Protocol SDP implementation in Cisco TelePresence Video Communication Server VCS and Cisco Expressway before X8.2 and Cisco TelePresence Conductor before XC2.4 allows remote attackers to cause a denial of service mishandled exception and device reload via a crafted media...

Race condition

Race condition in the TLS implementation in MainApp in the management interface in Cisco Intrusion Prevention System IPS Software before 7.33E4 allows remote attackers to cause a denial of service process hang by establishing many HTTPS sessions, aka Bug ID CSCuq40652...

MGASA-2015-0106 Updated libarchive packages fix security vulnerability

Updated libarchive packages fix security vulnerability: Alexander Cherepanov discovered that bsdcpio, an implementation of the "cpio" program part of the libarchive project, is susceptible to a directory traversal vulnerability via absolute paths...

Design/Logic Flaw

The Remote Desktop Protocol RDP implementation in Microsoft Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to cause a denial of service memory consumption and RDP outage by establishing many RDP sessions that do not properly free allocated memor...

USN-2522-3: ICU vulnerabilities

USN-2522-1 fixed vulnerabilities in ICU. On Ubuntu 12.04 LTS, the font patches caused a regression when using LibreOffice Calc. The patches have now been updated to fix the regression. We apologize for the inconvenience. Original advisory details: It was discovered that ICU incorrectly handled...

USN-2521-1 oxide-qt vulnerabilities

Several out-of-bounds write bugs were discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program...

CVE-2015-1223

Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger extraneous change...

CVE-2015-1218

Multiple use-after-free vulnerabilities in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger movement of a SCRIPT element to different documents,...

CVE-2015-1215

The filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation...

Design/Logic Flaw

Multiple use-after-free vulnerabilities in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger movement of a SCRIPT element to different documents,...

Input validation

Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger extraneous change...

CVE-2015-1218

CVE-2015-1218 affects Google Chrome up to version 41.0.2272.76 (Blink DOM) and is caused by use-after-free in the DOM when moving a SCRIPT element between documents, related to HTMLScriptElement::didMoveToNewDocument and SVGScriptElement::didMoveToNewDocument. The vulnerability can lead to denial...

CVE-2015-1223

Removed by vendor...

CVE-2015-1218

Removed by vendor...

CVE-2015-1223

Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger extraneous change...