Lucene search

K

17 matches found

CVE
CVE
added 2015/05/21 12:59 a.m.1135 views

CVE-2015-4000

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then ...

4.3CVSS4.8AI score0.93905EPSS
CVE
CVE
added 2015/05/27 10:59 a.m.151 views

CVE-2015-3331

The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibl...

9.3CVSS6.6AI score0.03564EPSS
CVE
CVE
added 2015/05/27 10:59 a.m.128 views

CVE-2015-2830

arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrat...

1.9CVSS4.8AI score0.00032EPSS
CVE
CVE
added 2015/05/01 3:59 p.m.112 views

CVE-2015-3153

The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.

5CVSS8.2AI score0.04909EPSS
CVE
CVE
added 2015/05/28 2:59 p.m.112 views

CVE-2015-3165

Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session...

4.3CVSS9.1AI score0.07299EPSS
CVE
CVE
added 2015/05/12 7:59 p.m.109 views

CVE-2015-3451

The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.

5CVSS6.4AI score0.03365EPSS
CVE
CVE
added 2015/05/01 10:59 a.m.89 views

CVE-2015-1243

Use-after-free vulnerability in the MutationObserver::disconnect function in core/dom/MutationObserver.cpp in the DOM implementation in Blink, as used in Google Chrome before 42.0.2311.135, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering ...

7.5CVSS7AI score0.01756EPSS
CVE
CVE
added 2015/05/19 6:59 p.m.75 views

CVE-2015-3409

Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module.

7.2CVSS7.3AI score0.00058EPSS
CVE
CVE
added 2015/05/29 3:59 p.m.72 views

CVE-2015-4047

racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests.

7.8CVSS6.3AI score0.03587EPSS
CVE
CVE
added 2015/05/12 7:59 p.m.69 views

CVE-2015-2170

The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file.

5CVSS6.1AI score0.01553EPSS
CVE
CVE
added 2015/05/12 7:59 p.m.67 views

CVE-2015-2221

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file.

5CVSS6.2AI score0.0178EPSS
CVE
CVE
added 2015/05/01 10:59 a.m.66 views

CVE-2015-1250

Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.135 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5CVSS6.8AI score0.01097EPSS
CVE
CVE
added 2015/05/29 3:59 p.m.62 views

CVE-2015-0847

nbd-server.c in Network Block Device (nbd-server) before 3.11 does not properly handle signals, which allows remote attackers to cause a denial of service (deadlock) via unspecified vectors.

7.8CVSS6.4AI score0.02554EPSS
CVE
CVE
added 2015/05/12 7:59 p.m.62 views

CVE-2015-2668

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file.

5CVSS6.2AI score0.01553EPSS
CVE
CVE
added 2015/05/19 6:59 p.m.62 views

CVE-2015-3408

Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest.

10CVSS7.6AI score0.04873EPSS
CVE
CVE
added 2015/05/12 7:59 p.m.60 views

CVE-2015-2222

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file.

5CVSS6.2AI score0.01553EPSS
CVE
CVE
added 2015/05/19 6:59 p.m.52 views

CVE-2015-3407

Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files.

5CVSS7.3AI score0.00415EPSS