Ubuntu Linux@15.10 Security Vulnerabilities and Issues — Ubuntu Linux@15.10 CVE List

Lucene search

CanonicalUbuntu Linux15.10

23 matches found

CVE•added 2017/11/06 5:29 p.m.•258 views

CVE-2015-7529

sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date.

7.8CVSS7.1AI score0.00058EPSS

CVE•added 2017/07/21 2:29 p.m.•213 views

CVE-2015-5300

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherw...

7.5CVSS7.6AI score0.17786EPSS

CVE•added 2017/07/21 2:29 p.m.•169 views

CVE-2015-5219

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.

7.5CVSS7.1AI score0.0364EPSS

CVE•added 2017/07/21 2:29 p.m.•160 views

CVE-2015-5195

ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.

7.5CVSS7.2AI score0.10401EPSS

CVE•added 2017/07/21 2:29 p.m.•154 views

CVE-2015-5194

The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.

7.5CVSS7.1AI score0.11834EPSS

CVE•added 2017/04/13 5:59 p.m.•95 views

CVE-2015-8567

Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).

7.7CVSS7.7AI score0.04759EPSS

CVE•added 2017/01/06 9:59 p.m.•88 views

CVE-2016-2376

A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in arbitrary code execution. A malicious server or an attacker who intercepts the network traffic can send an invalid size for a packet wh...

8.1CVSS8.2AI score0.05406EPSS

CVE•added 2017/01/06 9:59 p.m.•79 views

CVE-2016-2365

A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a null pointer dereference. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this...

5.9CVSS6.2AI score0.01961EPSS

CVE•added 2017/01/06 9:59 p.m.•79 views

CVE-2016-2368

Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could result in multiple buffer overflows, potentially resulting in code execution or memory disclosure.

8.1CVSS8.4AI score0.01712EPSS

CVE•added 2017/01/06 9:59 p.m.•76 views

CVE-2016-2366

A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this vuln...

5.9CVSS6.2AI score0.01448EPSS

CVE•added 2017/01/06 9:59 p.m.•75 views

CVE-2016-2372

An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle attacker can send an invalid size for a file transfer which will trigger an ou...

5.9CVSS6.1AI score0.0154EPSS

CVE•added 2017/01/06 9:59 p.m.•74 views

CVE-2016-2369

A NULL pointer dereference vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a denial of service vulnerability. A malicious server can send a packet starting with a NULL byte triggering the vulnerability.

5.9CVSS6.2AI score0.03136EPSS

CVE•added 2017/01/06 9:59 p.m.•74 views

CVE-2016-2375

An exploitable out-of-bounds read exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT contact information sent from the server can result in memory disclosure.

5.3CVSS5.9AI score0.00473EPSS

CVE•added 2017/01/06 9:59 p.m.•73 views

CVE-2016-2377

A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent by the server could potentially result in an out-of-bounds write of one byte. A malicious server can send a negative content-length in response to a HTTP request triggering the vu...

8.1CVSS8AI score0.0125EPSS

CVE•added 2017/01/06 9:59 p.m.•72 views

CVE-2016-2378

A buffer overflow vulnerability exists in the handling of the MXIT protocol Pidgin. Specially crafted data sent via the server could potentially result in a buffer overflow, potentially resulting in memory corruption. A malicious server or an unfiltered malicious user can send negative length value...

8.1CVSS7.9AI score0.0125EPSS

CVE•added 2017/01/06 9:59 p.m.•70 views

CVE-2016-2380

An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent to the server could potentially result in an out-of-bounds read. A user could be convinced to enter a particular string which would then get converted incorrectly and could lead to a potentia...

4.3CVSS5.1AI score0.00848EPSS

CVE•added 2017/01/06 9:59 p.m.•68 views

CVE-2016-2367

An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar which will trigger an out-of-bounds rea...

5.9CVSS6.1AI score0.01445EPSS

CVE•added 2017/01/06 9:59 p.m.•65 views

CVE-2016-2373

A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or user can send an invalid mood to trigger this vulnerability.

5.9CVSS6.2AI score0.01448EPSS

CVE•added 2017/01/06 9:59 p.m.•63 views

CVE-2016-2371

An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution.

8.1CVSS8.2AI score0.0275EPSS

CVE•added 2017/01/06 9:59 p.m.•62 views

CVE-2016-2370

A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this vulnerability.

5.9CVSS6.2AI score0.01915EPSS

CVE•added 2017/01/06 9:59 p.m.•62 views

CVE-2016-2374

An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT MultiMX message sent via the server can result in an out-of-bounds write leading to memory disclosure and code execution.

8.1CVSS8.2AI score0.01157EPSS

CVE•added 2017/01/06 9:59 p.m.•62 views

CVE-2016-4323

A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide an invalid filename for a splash image trigge...

5.8CVSS5.5AI score0.03423EPSS

CVE•added 2017/07/25 6:29 p.m.•55 views

CVE-2015-1332

The oxide::JavaScriptDialogManager function in oxide-qt before 1.9.1 as packaged in Ubuntu 15.04 and Ubuntu 14.04 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted website.

8.8CVSS8.7AI score0.01138EPSS