Lucene search

K
DebianDebian Linux

24 matches found

CVE
CVE
added 2015/11/18 4:59 p.m.321 views

CVE-2015-8035

The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.

2.6CVSS6.6AI score0.01311EPSS
CVE
CVE
added 2015/11/16 11:59 a.m.224 views

CVE-2015-8104

The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.

10CVSS5.3AI score0.00346EPSS
CVE
CVE
added 2015/11/13 3:59 a.m.193 views

CVE-2015-8126

Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly ha...

7.5CVSS7.9AI score0.04755EPSS
CVE
CVE
added 2015/11/24 8:59 p.m.156 views

CVE-2015-7981

The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.

5CVSS7.9AI score0.00786EPSS
CVE
CVE
added 2015/11/16 11:59 a.m.152 views

CVE-2015-5307

The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c.

4.9CVSS6.1AI score0.00169EPSS
CVE
CVE
added 2015/11/16 11:59 a.m.123 views

CVE-2015-2925

The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack."

6.9CVSS5.8AI score0.00958EPSS
CVE
CVE
added 2015/11/18 4:59 p.m.119 views

CVE-2015-7942

The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than...

6.8CVSS6.6AI score0.01453EPSS
CVE
CVE
added 2015/11/10 5:59 p.m.118 views

CVE-2015-5212

Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code vi...

6.8CVSS8.1AI score0.44545EPSS
CVE
CVE
added 2015/11/06 6:59 p.m.114 views

CVE-2015-7696

Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value.

6.8CVSS6.6AI score0.31454EPSS
CVE
CVE
added 2015/11/06 6:59 p.m.111 views

CVE-2015-7697

Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive.

4.3CVSS5.1AI score0.30283EPSS
CVE
CVE
added 2015/11/02 7:59 p.m.106 views

CVE-2015-6031

Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the MiniUPnP client (aka MiniUPnPc) before 1.9.20150917 allows remote UPNP servers to cause a denial of service (application crash) and possibly execute arbitrary code via an "oversized" XML element name.

6.8CVSS7.8AI score0.02622EPSS
CVE
CVE
added 2015/11/10 5:59 p.m.105 views

CVE-2015-4551

LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow remote attackers to obtain sensitive information via a crafted document, which embeds data from loca...

4.3CVSS7AI score0.07995EPSS
CVE
CVE
added 2015/11/10 5:59 p.m.100 views

CVE-2015-5214

LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via an index to a non-existent bookmark in a DOC file.

6.8CVSS7.8AI score0.29516EPSS
CVE
CVE
added 2015/11/06 9:59 p.m.99 views

CVE-2015-6855

hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a d...

7.5CVSS7.4AI score0.04251EPSS
CVE
CVE
added 2015/11/09 3:59 a.m.95 views

CVE-2015-2697

The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\0' character in a long realm field within a TGS request.

4CVSS6.9AI score0.05447EPSS
CVE
CVE
added 2015/11/10 5:59 p.m.95 views

CVE-2015-5213

Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a long DOC file, which triggers a buffer overflow.

6.8CVSS8.3AI score0.07579EPSS
CVE
CVE
added 2015/11/16 11:59 a.m.83 views

CVE-2015-7312

Multiple race conditions in the Advanced Union Filesystem (aufs) aufs3-mmap.patch and aufs4-mmap.patch patches for the Linux kernel 3.x and 4.x allow local users to cause a denial of service (use-after-free and BUG) or possibly gain privileges via a (1) madvise or (2) msync system call, related to ...

4.4CVSS5.8AI score0.00039EPSS
CVE
CVE
added 2015/11/09 4:59 p.m.81 views

CVE-2015-7295

hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap interface.

5CVSS7.2AI score0.03583EPSS
CVE
CVE
added 2015/11/09 3:59 a.m.79 views

CVE-2015-2696

lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call.

7.1CVSS7AI score0.10768EPSS
CVE
CVE
added 2015/11/09 3:59 a.m.76 views

CVE-2015-2695

lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.

5CVSS7AI score0.04048EPSS
CVE
CVE
added 2015/11/02 7:59 p.m.64 views

CVE-2015-8036

Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly han...

6.8CVSS8AI score0.01704EPSS
CVE
CVE
added 2015/11/19 8:59 p.m.63 views

CVE-2015-7984

Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd param...

6.8CVSS6.6AI score0.01484EPSS
CVE
CVE
added 2015/11/02 7:59 p.m.62 views

CVE-2015-5291

Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) ex...

6.8CVSS8.4AI score0.01704EPSS
CVE
CVE
added 2015/11/06 9:59 p.m.62 views

CVE-2015-7762

rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.

5CVSS6AI score0.00472EPSS