CVE List 2015

Product
Score
Severity
Status
CVE
               
CVE Score Severity Package Description Published
CVE-2015-9253
6.5 MV Product/Version
affected:
CGE 7.0
Normal php An issue was discovered in PHP through 7.2.2. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN stream, causing this master process to consume 100% of the CPU, and consume disk space with a large volume of error logs, as demonstrated by an attack by a customer of a shared-hosting facility. February 19, 2018, 13:02 pm
CVE-2015-9096
6.1 MV Product/Version
affected:
CGE 7.0
CGX 2.0
CGX 2.2
Normal ruby Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring. June 12, 2017, 15:06 pm
CVE-2015-9019
5.3 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium libxslt In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs. April 5, 2017, 16:04 pm
CVE-2015-9004
7.8 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions. May 2, 2017, 16:05 pm
CVE-2015-8985
5.9 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium glibc The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing. March 20, 2017, 11:03 am
CVE-2015-8984
2.0 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
glibc The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read. March 20, 2017, 11:03 am
CVE-2015-8983
4.4 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
glibc Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow. March 20, 2017, 11:03 am
CVE-2015-8982
3.3 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
glibc Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. March 15, 2017, 14:03 pm
CVE-2015-8970
4.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel crypto/algif_skcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that does not supply a key, related to the lrw_crypt function in crypto/lrw.c. November 27, 2016, 21:11 pm
CVE-2015-8967
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access. December 8, 2016, 15:12 pm
CVE-2015-8966
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 4.4 allows local users to gain privileges via a crafted (1) F_OFD_GETLK, (2) F_OFD_SETLK, or (3) F_OFD_SETLKW command in an fcntl64 system call. December 8, 2016, 15:12 pm
CVE-2015-8964
5.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel before 4.5 allows local users to obtain sensitive information from kernel memory by reading a tty data structure. November 15, 2016, 23:11 pm
CVE-2015-8963
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel Race condition in kernel/events/core.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation. November 15, 2016, 23:11 pm
CVE-2015-8962
7.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call. November 15, 2016, 23:11 pm
CVE-2015-8961
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel The __ext4_journal_stop function in fs/ext4/ext4_jbd2.c in the Linux kernel before 4.3.3 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging improper access to a certain error field. November 15, 2016, 23:11 pm
CVE-2015-8956
3.6 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket. October 10, 2016, 05:10 am
CVE-2015-8955
6.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that are mishandled during a span of multiple HW PMUs. October 10, 2016, 05:10 am
CVE-2015-8953
5.4 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel fs/overlayfs/copy_up.c in the Linux kernel before 4.2.6 uses an incorrect cleanup code path, which allows local users to cause a denial of service (dentry reference leak) via filesystem operations on a large file in a lower overlayfs layer. October 16, 2016, 16:10 pm
CVE-2015-8952
4.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The mbcache feature in the ext2 and ext4 filesystem implementations in the Linux kernel before 4.6 mishandles xattr block caching, which allows local users to cause a denial of service (soft lockup) via filesystem operations in environments that use many attributes, as demonstrated by Ceph and Samba. October 16, 2016, 16:10 pm
CVE-2015-8950
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap call. October 10, 2016, 05:10 am
CVE-2015-8948
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libidn idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read. September 7, 2016, 15:09 pm
CVE-2015-8947
7.6 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious harfbuzz hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data, a different vulnerability than CVE-2016-2052. July 19, 2016, 05:07 am
CVE-2015-8944
5.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel The ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices, uses weak permissions for /proc/iomem, which allows local users to obtain sensitive information by reading this file, aka Android internal bug 28814213 and Qualcomm internal bug CR786116. NOTE: the permissions may be intentional in most non-Android contexts. August 6, 2016, 05:08 am
CVE-2015-8935
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer by leveraging (1) %0A%20 or (2) %0D%0A%20 mishandling in the header function. August 7, 2016, 05:08 am
CVE-2015-8934
5.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal libarchive The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file. September 20, 2016, 09:09 am
CVE-2015-8933
5.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal libarchive Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file. September 20, 2016, 09:09 am
CVE-2015-8932
5.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal libarchive The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift. September 20, 2016, 09:09 am
CVE-2015-8931
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious libarchive Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior. September 20, 2016, 09:09 am
CVE-2015-8930
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious libarchive bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself. September 20, 2016, 09:09 am
CVE-2015-8929
5.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal libarchive Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file. September 20, 2016, 09:09 am
CVE-2015-8928
5.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal libarchive The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. September 20, 2016, 09:09 am
CVE-2015-8927
5.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal libarchive The trad_enc_decrypt_update function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted zip file, related to reading the password. September 20, 2016, 09:09 am
CVE-2015-8926
5.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal libarchive The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive. September 20, 2016, 09:09 am
CVE-2015-8925
5.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal libarchive The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing. September 20, 2016, 09:09 am
CVE-2015-8924
5.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal libarchive The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file. September 20, 2016, 09:09 am
CVE-2015-8923
6.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal libarchive The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file. September 20, 2016, 09:09 am
CVE-2015-8922
5.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal libarchive The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct. September 20, 2016, 09:09 am
CVE-2015-8921
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious libarchive The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. September 20, 2016, 09:09 am
CVE-2015-8920
5.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal libarchive The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file. September 20, 2016, 09:09 am
CVE-2015-8919
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious libarchive The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file. September 20, 2016, 09:09 am
CVE-2015-8918
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious libarchive The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy." September 20, 2016, 09:09 am
CVE-2015-8917
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious libarchive bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file. September 20, 2016, 09:09 am
CVE-2015-8916
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libarchive bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a "split file in multivolume RAR," which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted rar file. September 20, 2016, 09:09 am
CVE-2015-8915
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libarchive bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file. September 20, 2016, 09:09 am
CVE-2015-8899
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious dnsmasq Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally. June 30, 2016, 12:06 pm
CVE-2015-8880
9.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical php Double free vulnerability in the format printer in PHP 7.x before 7.0.1 allows remote attackers to have an unspecified impact by triggering an error. May 21, 2016, 20:05 pm
CVE-2015-8879
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious php The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table. May 21, 2016, 20:05 pm
CVE-2015-8878
5.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service (race condition and heap memory corruption) by leveraging an application that performs many temporary-file accesses. May 21, 2016, 20:05 pm
CVE-2015-8877
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious php The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function. May 21, 2016, 20:05 pm
CVE-2015-8876
9.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical php Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger unintended method execution via crafted serialized data. May 21, 2016, 20:05 pm
CVE-2015-8875
6.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
gdk-pixbuf Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image, which triggers a heap-based buffer overflow. June 1, 2016, 17:06 pm
CVE-2015-8874
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious php Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call. May 16, 2016, 05:05 am
CVE-2015-8873
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious php Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault) via recursive method calls. May 16, 2016, 05:05 am
CVE-2015-8872
2.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
dosfstools The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an "off-by-two error." June 3, 2016, 09:06 am
CVE-2015-8867
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious php The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. May 21, 2016, 20:05 pm
CVE-2015-8866
9.6 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical php ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161. May 21, 2016, 20:05 pm
CVE-2015-8865
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file. May 20, 2016, 05:05 am
CVE-2015-8853
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
perl The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "ax80." May 25, 2016, 10:05 am
CVE-2015-8845
4.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application. April 27, 2016, 12:04 pm
CVE-2015-8844
4.7 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The signal implementation in the Linux kernel before 4.3.5 on powerpc platforms does not check for an MSR with both the S and T bits set, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application. April 27, 2016, 12:04 pm
CVE-2015-8842
2.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
systemd tmpfiles.d/systemd.conf in systemd before 229 uses weak permissions for /var/log/journal/%m/system.journal, which allows local users to obtain sensitive information by reading the file. April 20, 2016, 11:04 am
CVE-2015-8838
5.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152. May 16, 2016, 05:05 am
CVE-2015-8835
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service (NULL pointer dereference, type confusion, and application crash) or possibly execute arbitrary code via crafted serialized data representing a numerically indexed _cookies array, related to the SoapClient::__call method in ext/soap/soap.c. May 16, 2016, 05:05 am
CVE-2015-8830
7.2 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE: this vulnerability exists because of a CVE-2012-6701 regression. May 2, 2016, 05:05 am
CVE-2015-8818
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
The cpu_physical_memory_write_rom_internal function in exec.c in QEMU (aka Quick Emulator) does not properly skip MMIO regions, which allows local privileged guest users to cause a denial of service (guest crash) via unspecified vectors. December 29, 2016, 16:12 pm
CVE-2015-8816
7.2 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device. April 27, 2016, 12:04 pm
CVE-2015-8812
10.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets. April 27, 2016, 12:04 pm
CVE-2015-8806
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libxml2 dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document. April 13, 2016, 12:04 pm
CVE-2015-8805
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
nettle The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803. February 23, 2016, 13:02 pm
CVE-2015-8804
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
nettle x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors. February 23, 2016, 13:02 pm
CVE-2015-8803
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
nettle The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805. February 23, 2016, 13:02 pm
CVE-2015-8787
10.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The nf_nat_redirect_ipv4 function in net/netfilter/nf_nat_redirect.c in the Linux kernel before 4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by sending certain IPv4 packets to an incompletely configured interface, a related issue to CVE-2003-1604. February 7, 2016, 21:02 pm
CVE-2015-8786
6.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal rabbitmq The Management plugin in RabbitMQ before 3.6.1 allows remote authenticated users with certain privileges to cause a denial of service (resource consumption) via the (1) lengths_age or (2) lengths_incr parameter. December 9, 2016, 14:12 pm
CVE-2015-8785
4.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov. February 7, 2016, 21:02 pm
CVE-2015-8784
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif. April 13, 2016, 12:04 pm
CVE-2015-8783
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image. February 1, 2016, 15:02 pm
CVE-2015-8782
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781. February 1, 2016, 15:02 pm
CVE-2015-8781
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782. February 1, 2016, 15:02 pm
CVE-2015-8779
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
glibc Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name. April 19, 2016, 16:04 pm
CVE-2015-8778
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
glibc Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access. April 19, 2016, 16:04 pm
CVE-2015-8777
2.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
glibc The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. January 19, 2016, 23:01 pm
CVE-2015-8776
6.4 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
glibc The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value. April 19, 2016, 16:04 pm
CVE-2015-8767
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call. February 7, 2016, 21:02 pm
CVE-2015-8750
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libdwarf 20151114 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a debug_abbrev section marked NOBITS in an ELF file. February 13, 2017, 12:02 pm
CVE-2015-8746
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel fs/nfs/nfs4proc.c in the NFS client in the Linux kernel before 4.2.2 does not properly initialize memory for migration recovery operations, which allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) via crafted network traffic. May 2, 2016, 05:05 am
CVE-2015-8745
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It could occur while reading Interrupt Mask Registers (IMR). A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS. December 29, 2016, 16:12 pm
CVE-2015-8744
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS. December 29, 2016, 16:12 pm
CVE-2015-8742
5.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark The dissect_CPMSetBindings function in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.1 does not validate the column size, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8741
5.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark The dissect_ppi function in epan/dissectors/packet-ppi.c in the PPI dissector in Wireshark 2.0.x before 2.0.1 does not initialize a packet-header data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8740
5.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark The dissect_tds7_colmetadata_token function in epan/dissectors/packet-tds.c in the TDS dissector in Wireshark 2.0.x before 2.0.1 does not validate the number of columns, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8739
5.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark The ipmi_fmt_udpport function in epan/dissectors/packet-ipmi.c in the IPMI dissector in Wireshark 2.0.x before 2.0.1 improperly attempts to access a packet scope, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8738
5.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark The s7comm_decode_ud_cpu_szl_subfunc function in epan/dissectors/packet-s7comm_szl_ids.c in the S7COMM dissector in Wireshark 2.0.x before 2.0.1 does not validate the list count in an SZL response, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8737
5.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark The mp2t_open function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not validate the bit rate, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. January 3, 2016, 23:01 pm
CVE-2015-8736
5.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark The mp2t_find_next_pcr function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not reserve memory for a trailer, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file. January 3, 2016, 23:01 pm
CVE-2015-8735
5.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark The get_value function in epan/dissectors/packet-btatt.c in the Bluetooth Attribute (aka BT ATT) dissector in Wireshark 2.0.x before 2.0.1 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (invalid write operation and application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8734
5.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark The dissect_nwp function in epan/dissectors/packet-nwp.c in the NWP dissector in Wireshark 2.0.x before 2.0.1 mishandles the packet type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8733
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record lengths and record header lengths, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. January 3, 2016, 23:01 pm
CVE-2015-8732
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8731
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8730
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8728
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in the GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function, which allows remote attackers to cause a denial of service (buffer overflow and application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8727
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8726
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. January 3, 2016, 23:01 pm
CVE-2015-8725
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the IPv6 prefix length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8724
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark The AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not verify the WPA broadcast key length, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8723
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8722
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the frame pointer, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8721
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet with zlib compression. January 3, 2016, 23:01 pm
CVE-2015-8720
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
which The dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8719
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark The dissect_dns_answer function in epan/dissectors/packet-dns.c in the DNS dissector in Wireshark 1.12.x before 1.12.9 mishandles the EDNS0 Client Subnet option, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8718
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark Double free vulnerability in epan/dissectors/packet-nlm.c in the NLM dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1, when the "Match MSG/RES packets for async NLM" option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8717
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark The dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.12.x before 1.12.9 does not prevent use of a negative media count, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8716
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark The init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a conversation exists, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8715
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does not check for empty arguments, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8714
5.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark The dissect_dcom_OBJREF function in epan/dissectors/packet-dcom.c in the DCOM dissector in Wireshark 1.12.x before 1.12.9 does not initialize a certain IPv4 data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8713
5.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not properly reserve memory for channel ID mappings, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8712
5.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark The dissect_hsdsch_channel_info function in epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8711
5.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8710
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libxml2 The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment. April 11, 2016, 16:04 pm
CVE-2015-8709
6.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel ** DISPUTED ** kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor states "there is no kernel bug here." February 7, 2016, 21:02 pm
CVE-2015-8705
6.6 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
bind buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT data or (2) an ECS option. January 20, 2016, 09:01 am
CVE-2015-8704
6.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
bind apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record. January 20, 2016, 09:01 am
CVE-2015-8683
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a packed TIFF image. April 13, 2016, 12:04 pm
CVE-2015-8669
5.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. December 26, 2015, 16:12 pm
CVE-2015-8666
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator. April 11, 2017, 14:04 pm
CVE-2015-8665
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image. April 13, 2016, 12:04 pm
CVE-2015-8660
7.2 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application. December 28, 2015, 05:12 am
CVE-2015-8619
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash). April 13, 2017, 12:04 pm
CVE-2015-8618
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
golang The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors. January 27, 2016, 14:01 pm
CVE-2015-8617
9.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical php Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling. January 18, 2016, 23:01 pm
CVE-2015-8616
8.6 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious php Use-after-free vulnerability in the Collator::sortWithSortKeys function in ext/intl/collator/collator_sort.c in PHP 7.x before 7.0.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging the relationships between a key buffer and a destroyed array. January 18, 2016, 23:01 pm
CVE-2015-8613
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO command. April 11, 2017, 14:04 pm
CVE-2015-8608
9.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical perl The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument. February 7, 2017, 09:02 am
CVE-2015-8607
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
perl The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. January 13, 2016, 09:01 am
CVE-2015-8605
5.7 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
dhcp ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet. January 14, 2016, 16:01 pm
CVE-2015-8575
2.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application. February 7, 2016, 21:02 pm
CVE-2015-8569
1.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application. December 28, 2015, 05:12 am
CVE-2015-8568
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly. April 11, 2017, 14:04 pm
CVE-2015-8567
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption). April 13, 2017, 12:04 pm
CVE-2015-8560
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
cups-filters Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327. April 14, 2016, 09:04 am
CVE-2015-8558
4.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list. May 23, 2016, 14:05 pm
CVE-2015-8556
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1. March 24, 2017, 09:03 am
CVE-2015-8551
5.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka "Linux pciback missing sanity checks." April 13, 2016, 10:04 am
CVE-2015-8543
6.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application. December 28, 2015, 05:12 am
CVE-2015-8540
9.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libpng Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read. April 14, 2016, 09:04 am
CVE-2015-8539
7.2 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c. February 7, 2016, 21:02 pm
CVE-2015-8538
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV). June 7, 2017, 15:06 pm
CVE-2015-8504
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client. April 11, 2017, 14:04 pm
CVE-2015-8472
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libpng Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126. January 21, 2016, 09:01 am
CVE-2015-8467
6.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
samba The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, which allows remote authenticated users to bypass intended access restrictions by leveraging the existence of a domain with both a Samba DC and a Windows DC, a similar issue to CVE-2015-2535. December 29, 2015, 16:12 pm
CVE-2015-8461
7.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High bind Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2 allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via unspecified vectors. December 16, 2015, 09:12 am
CVE-2015-8395
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High pcre PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392. December 1, 2015, 19:12 pm
CVE-2015-8394
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High pcre PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. December 1, 2015, 19:12 pm
CVE-2015-8393
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium pcre pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client. December 1, 2015, 19:12 pm
CVE-2015-8392
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High pcre PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395. December 1, 2015, 19:12 pm
CVE-2015-8391
9.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High pcre The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. December 1, 2015, 19:12 pm
CVE-2015-8390
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High pcre PCRE before 8.38 mishandles the [: and \ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. December 1, 2015, 19:12 pm
CVE-2015-8389
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High pcre PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. December 1, 2015, 19:12 pm
CVE-2015-8388
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High pcre PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. December 1, 2015, 19:12 pm
CVE-2015-8387
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High pcre PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. December 1, 2015, 19:12 pm
CVE-2015-8386
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High pcre PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. December 1, 2015, 19:12 pm
CVE-2015-8383
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High pcre PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. December 1, 2015, 19:12 pm
CVE-2015-8382
6.4 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium pcre The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547. December 1, 2015, 19:12 pm
CVE-2015-8380
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High pcre The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a 1 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. December 1, 2015, 19:12 pm
CVE-2015-8374
2.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action. December 28, 2015, 05:12 am
CVE-2015-8370
6.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium grub2 Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error. December 16, 2015, 15:12 pm
CVE-2015-8345
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list. April 13, 2017, 12:04 pm
CVE-2015-8327
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High cups-filters Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job. December 17, 2015, 13:12 pm
CVE-2015-8325
7.2 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
openssh The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable. April 30, 2016, 20:04 pm
CVE-2015-8324
4.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The ext4 implementation in the Linux kernel before 2.6.34 does not properly track the initialization of certain data structures, which allows physically proximate attackers to cause a denial of service (NULL pointer dereference and panic) via a crafted USB device, related to the ext4_fill_super function. May 2, 2016, 05:05 am
CVE-2015-8317
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium libxml2 The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read. December 15, 2015, 15:12 pm
CVE-2015-8242
5.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium libxml2 The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. December 15, 2015, 15:12 pm
CVE-2015-8241
6.4 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium libxml2 The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. December 15, 2015, 15:12 pm
CVE-2015-8239
6.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
sudo The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed. October 10, 2017, 11:10 am
CVE-2015-8215
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 does not validate attempted changes to the MTU value, which allows context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is limited to the NetworkManager product. November 16, 2015, 15:11 pm
CVE-2015-8158
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values. January 30, 2017, 15:01 pm
CVE-2015-8140
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network. January 30, 2017, 15:01 pm
CVE-2015-8139
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors. January 30, 2017, 15:01 pm
CVE-2015-8138
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero. January 30, 2017, 15:01 pm
CVE-2015-8126
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High libpng Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. November 12, 2015, 21:11 pm
CVE-2015-8104
4.7 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium vm_virtualbox The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c. November 16, 2015, 05:11 am
CVE-2015-8100
2.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low net-snmp The net-snmp package in OpenBSD through 5.8 uses 0644 permissions for snmpd.conf, which allows local users to obtain sensitive community information by reading this file. November 9, 2015, 21:11 pm
CVE-2015-8080
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious redis Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. April 13, 2016, 10:04 am
CVE-2015-8041
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium hostapd Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read. November 9, 2015, 10:11 am
CVE-2015-8035
2.6 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low libxml2 The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data. November 18, 2015, 10:11 am
CVE-2015-8023
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal strongswan The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message. November 18, 2015, 10:11 am
CVE-2015-8019
7.2 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call. May 2, 2016, 05:05 am
CVE-2015-8000
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium bind db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute. December 16, 2015, 09:12 am
CVE-2015-7995
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium libxslt The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue. November 17, 2015, 09:11 am
CVE-2015-7990
5.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6937. December 28, 2015, 05:12 am
CVE-2015-7981
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium libpng The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read. November 24, 2015, 14:11 pm
CVE-2015-7979
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client. January 30, 2017, 15:01 pm
CVE-2015-7978
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list. January 30, 2017, 15:01 pm
CVE-2015-7977
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. January 30, 2017, 15:01 pm
CVE-2015-7976
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename. January 30, 2017, 15:01 pm
CVE-2015-7975
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash). January 30, 2017, 15:01 pm
CVE-2015-7974
2.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
ntp NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key." January 26, 2016, 13:01 pm
CVE-2015-7973
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network. January 30, 2017, 15:01 pm
CVE-2015-7942
6.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium libxml2 The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941. November 18, 2015, 10:11 am
CVE-2015-7941
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium libxml2 libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities. November 18, 2015, 10:11 am
CVE-2015-7885
2.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application. December 28, 2015, 05:12 am
CVE-2015-7884
1.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application. December 28, 2015, 05:12 am
CVE-2015-7873
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter. October 28, 2015, 05:10 am
CVE-2015-7872
2.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands. November 16, 2015, 05:11 am
CVE-2015-7871
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication. August 7, 2017, 15:08 pm
CVE-2015-7855
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value. August 7, 2017, 15:08 pm
CVE-2015-7854
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file. August 7, 2017, 15:08 pm
CVE-2015-7853
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value. August 7, 2017, 15:08 pm
CVE-2015-7852
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets. August 7, 2017, 15:08 pm
CVE-2015-7851
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. June 27, 2016, 05:06 am
CVE-2015-7850
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file. August 7, 2017, 15:08 pm
CVE-2015-7849
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets. August 7, 2017, 15:08 pm
CVE-2015-7848
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash. January 6, 2017, 15:01 pm
CVE-2015-7837
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot. September 19, 2017, 11:09 am
CVE-2015-7830
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark The pcapng_read_if_descr_block function in wiretap/pcapng.c in the pcapng parser in Wireshark 1.12.x before 1.12.8 uses too many levels of pointer indirection, which allows remote attackers to cause a denial of service (incorrect free and application crash) via a crafted packet that triggers interface-filter copying. November 14, 2015, 21:11 pm
CVE-2015-7805
9.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical libsndfile Heap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex value in the header in an AIFF file. November 17, 2015, 09:11 am
CVE-2015-7804
6.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium php Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filename in a .zip PHAR archive. December 11, 2015, 06:12 am
CVE-2015-7803
6.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium php The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist. December 11, 2015, 06:12 am
CVE-2015-7799
4.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 does not ensure that certain slot numbers are valid, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call. October 19, 2015, 05:10 am
CVE-2015-7747
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. October 30, 2015, 15:10 pm
CVE-2015-7705
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests. August 7, 2017, 15:08 pm
CVE-2015-7704
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages. August 7, 2017, 15:08 pm
CVE-2015-7703
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command. July 24, 2017, 09:07 am
CVE-2015-7702
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. August 7, 2017, 15:08 pm
CVE-2015-7701
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption). August 7, 2017, 15:08 pm
CVE-2015-7697
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium unzip Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive. November 6, 2015, 12:11 pm
CVE-2015-7696
6.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium unzip Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value. November 6, 2015, 12:11 pm
CVE-2015-7692
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. August 7, 2017, 15:08 pm
CVE-2015-7691
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. August 7, 2017, 15:08 pm
CVE-2015-7683
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal font Absolute path traversal vulnerability in Font.php in the Font plugin before 7.5.1 for WordPress allows remote administrators to read arbitrary files via a full pathname in the url parameter to AjaxProxy.php. October 16, 2015, 15:10 pm
CVE-2015-7674
6.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium gdk-pixbuf Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow. October 26, 2015, 12:10 pm
CVE-2015-7673
6.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium gdk-pixbuf io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file. October 26, 2015, 12:10 pm
CVE-2015-7665
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tails Tails before 1.7 includes the wget program but does not prevent automatic fallback from passive FTP to active FTP, which allows remote FTP servers to discover the Tor client IP address by reading a (1) PORT or (2) EPRT command. NOTE: within wget itself, the automatic fallback is not considered a vulnerability by CVE. December 27, 2015, 13:12 pm
CVE-2015-7613
6.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c. October 19, 2015, 05:10 am
CVE-2015-7575
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
nss Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. January 8, 2016, 20:01 pm
CVE-2015-7566
4.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint. February 7, 2016, 21:02 pm
CVE-2015-7560
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
samba The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content. March 13, 2016, 17:03 pm
CVE-2015-7558
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
librsvg librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document. May 20, 2016, 09:05 am
CVE-2015-7557
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
librsvg The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via an odd number of elements in a coordinate pair in an SVG document. May 20, 2016, 09:05 am
CVE-2015-7555
5.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal giflib Heap-based buffer overflow in giffix.c in giffix in giflib 5.1.1 allows attackers to cause a denial of service (program crash) via crafted image and logical screen width fields in a GIF file. April 13, 2016, 10:04 am
CVE-2015-7554
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image. January 8, 2016, 13:01 pm
CVE-2015-7551
8.4 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious ruby The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression. March 23, 2016, 20:03 pm
CVE-2015-7550
4.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls. February 7, 2016, 21:02 pm
CVE-2015-7549
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method. October 30, 2017, 09:10 am
CVE-2015-7547
6.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
big-ip_access_policy_manager Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. February 18, 2016, 15:02 pm
CVE-2015-7545
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
git The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule. April 13, 2016, 10:04 am
CVE-2015-7540
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
samba The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) via crafted packets. December 29, 2015, 16:12 pm
CVE-2015-7515
4.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints. April 27, 2016, 12:04 pm
CVE-2015-7513
4.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions. February 7, 2016, 21:02 pm
CVE-2015-7512
6.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet. January 8, 2016, 15:01 pm
CVE-2015-7511
1.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libgcrypt Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations. April 19, 2016, 16:04 pm
CVE-2015-7510
9.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical systemd Stack-based buffer overflow in the getpwnam and getgrnam functions of the NSS module nss-mymachines in systemd. September 25, 2017, 16:09 pm
CVE-2015-7509
4.4 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015. December 28, 2015, 05:12 am
CVE-2015-7504
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode. October 16, 2017, 15:10 pm
CVE-2015-7500
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium libxml2 The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags. December 15, 2015, 15:12 pm
CVE-2015-7499
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium libxml2 Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. December 15, 2015, 15:12 pm
CVE-2015-7498
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium libxml2 Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure. December 15, 2015, 15:12 pm
CVE-2015-7497
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium libxml2 Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors. December 15, 2015, 15:12 pm
CVE-2015-7313
2.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff LibTIFF allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted tiff file. March 17, 2017, 09:03 am
CVE-2015-7312
4.4 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Multiple race conditions in the Advanced Union Filesystem (aufs) aufs3-mmap.patch and aufs4-mmap.patch patches for the Linux kernel 3.x and 4.x allow local users to cause a denial of service (use-after-free and BUG) or possibly gain privileges via a (1) madvise or (2) msync system call, related to mm/madvise.c and mm/msync.c. November 16, 2015, 05:11 am
CVE-2015-7298
5.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal qt ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression. October 26, 2015, 09:10 am
CVE-2015-7295
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium qemu hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap interface. November 9, 2015, 10:11 am
CVE-2015-7236
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
solaris_operating_system Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code. October 1, 2015, 15:10 pm
CVE-2015-7183
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High nspr Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. November 4, 2015, 23:11 pm
CVE-2015-7182
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
nss Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data. November 4, 2015, 23:11 pm
CVE-2015-7181
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High nss The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue. November 4, 2015, 23:11 pm
CVE-2015-7082
10.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical git Multiple unspecified vulnerabilities in Git before 2.5.4, as used in Apple Xcode before 7.2, have unknown impact and attack vectors. NOTE: this CVE is associated only with Xcode use cases. December 11, 2015, 05:12 am
CVE-2015-6937
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. October 19, 2015, 05:10 am
CVE-2015-6908
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal openldap The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd. September 11, 2015, 11:09 am
CVE-2015-6855
10.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High qemu hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash. November 6, 2015, 15:11 pm
CVE-2015-6838
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious libxml2 php The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837. May 16, 2016, 05:05 am
CVE-2015-6837
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious php The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error checking, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6838. May 16, 2016, 05:05 am
CVE-2015-6836
7.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious php The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a "type confusion" in the serialize_function_call function. January 18, 2016, 23:01 pm
CVE-2015-6835
9.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical php The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted session content. May 16, 2016, 05:05 am
CVE-2015-6834
5.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization. May 16, 2016, 05:05 am
CVE-2015-6833
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call. January 18, 2016, 23:01 pm
CVE-2015-6832
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field. January 18, 2016, 23:01 pm
CVE-2015-6831
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization. January 18, 2016, 23:01 pm
CVE-2015-6830
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attackers to bypass a multiple-reCaptcha protection mechanism against brute-force credential guessing by providing a correct response to a single reCaptcha. September 13, 2015, 20:09 pm
CVE-2015-6607
6.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal sqlite SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586. October 6, 2015, 12:10 pm
CVE-2015-6565
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High openssh sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service (terminal disruption) or possibly have unspecified other impact by writing to a device, as demonstrated by writing an escape sequence. August 23, 2015, 20:08 pm
CVE-2015-6564
6.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium openssh Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. August 23, 2015, 20:08 pm
CVE-2015-6563
1.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low openssh The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. August 23, 2015, 20:08 pm
CVE-2015-6527
7.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious php The php_str_replace_in_subject function in ext/standard/string.c in PHP 7.x before 7.0.0 allows remote attackers to execute arbitrary code via a crafted value in the third argument to the str_ireplace function. January 18, 2016, 23:01 pm
CVE-2015-6526
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel The perf_callchain_user_64 function in arch/powerpc/perf/callchain.c in the Linux kernel before 4.0.2 on ppc64 platforms allows local users to cause a denial of service (infinite loop) via a deep 64-bit userspace backtrace. August 31, 2015, 15:08 pm
CVE-2015-6525
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High libevent Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space, or (5) evbuffer_read function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier was SPLIT from CVE-2014-6272 per ADT3 due to different affected versions. August 24, 2015, 09:08 am
CVE-2015-6496
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal conntrack-tools conntrackd in conntrack-tools 1.4.2 and earlier does not ensure that the optional kernel modules are loaded before using them, which allows remote attackers to cause a denial of service (crash) via a (1) DCCP, (2) SCTP, or (3) ICMPv6 packet. August 24, 2015, 09:08 am
CVE-2015-6252
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel before 4.1.5 allows local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers permanent file-descriptor allocation. October 19, 2015, 05:10 am
CVE-2015-6251
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium gnutls Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate. August 24, 2015, 09:08 am
CVE-2015-6249
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.7 does not prevent the conflicting use of a table for both IPv4 and IPv6 addresses, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. August 24, 2015, 18:08 pm
CVE-2015-6248
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. August 24, 2015, 18:08 pm
CVE-2015-6247
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.c in the OpenFlow dissector in Wireshark 1.12.x before 1.12.7 does not validate a certain offset value, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. August 24, 2015, 18:08 pm
CVE-2015-6246
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. August 24, 2015, 18:08 pm
CVE-2015-6245
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. August 24, 2015, 18:08 pm
CVE-2015-6244
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. August 24, 2015, 18:08 pm
CVE-2015-6243
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions. August 24, 2015, 18:08 pm
CVE-2015-6242
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 does not properly consider a certain case of multiple realloc operations that restore a memory chunk to its original size, which allows remote attackers to cause a denial of service (incorrect free operation and application crash) via a crafted packet. August 24, 2015, 18:08 pm
CVE-2015-6241
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a number within a string, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. August 24, 2015, 18:08 pm
CVE-2015-5986
7.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High bind openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted DNS response. September 4, 2015, 21:09 pm
CVE-2015-5895
10.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical sqlite Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors. September 18, 2015, 07:09 am
CVE-2015-5745
3.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low qemu ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. July 28, 2017, 18:07 pm
CVE-2015-5740
9.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical go The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers. October 18, 2017, 15:10 pm
CVE-2015-5739
9.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical go The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length." October 18, 2017, 15:10 pm
CVE-2015-5738
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
software_development_kit The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy (PFS), makes it easier for remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack. July 26, 2016, 12:07 pm
CVE-2015-5722
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High bind buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone. September 4, 2015, 21:09 pm
CVE-2015-5707
4.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request. October 19, 2015, 05:10 am
CVE-2015-5706
4.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Use-after-free vulnerability in the path_openat function in fs/namei.c in the Linux kernel 3.x and 4.x before 4.0.4 allows local users to cause a denial of service or possibly have unspecified other impact via O_TMPFILE filesystem operations that leverage a duplicate cleanup operation. August 31, 2015, 05:08 am
CVE-2015-5697
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call. August 31, 2015, 05:08 am
CVE-2015-5652
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious python Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. NOTE: the vendor says "It was determined that this is a longtime behavior of Python that cannot really be altered at this point." October 5, 2015, 20:10 pm
CVE-2015-5621
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious net-snmp The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet. August 19, 2015, 10:08 am
CVE-2015-5602
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious sudo sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt." November 17, 2015, 09:11 am
CVE-2015-5600
8.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High openssh The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. August 2, 2015, 20:08 pm
CVE-2015-5590
7.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious php Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling of an e-mail attachment by the imap PHP extension. January 18, 2016, 23:01 pm
CVE-2015-5589
9.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical php The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted TAR archive that is mishandled in a Phar::convertToData call. May 16, 2016, 05:05 am
CVE-2015-5477
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High bind named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries. July 29, 2015, 09:07 am
CVE-2015-5400
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium squid Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request. September 28, 2015, 15:09 pm
CVE-2015-5370
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
samba Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consumption), or possibly execute arbitrary code on a client system via unspecified vectors. April 24, 2016, 19:04 pm
CVE-2015-5366
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a different vulnerability than CVE-2015-5364. August 31, 2015, 05:08 am
CVE-2015-5364
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood. August 31, 2015, 05:08 am
CVE-2015-5352
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium openssh The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window. August 2, 2015, 20:08 pm
CVE-2015-5343
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious subversion Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow. April 14, 2016, 09:04 am
CVE-2015-5330
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
samba ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading (1) an error message or (2) a database value. December 29, 2015, 16:12 pm
CVE-2015-5327
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Out-of-bounds memory read in the x509_decode_time function in x509_cert_parser.c in Linux kernels 4.3-rc1 and after. September 25, 2017, 16:09 pm
CVE-2015-5316
5.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wpa_supplicant The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6, when EAP-pwd is enabled in a network configuration profile, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an EAP-pwd Confirm message followed by the Identity exchange. February 21, 2018, 10:02 am
CVE-2015-5315
5.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wpa_supplicant The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message. February 21, 2018, 10:02 am
CVE-2015-5313
2.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low libvirt Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name. April 11, 2016, 16:04 pm
CVE-2015-5312
7.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High libxml2 The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660. December 15, 2015, 15:12 pm
CVE-2015-5307
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium vm_virtualbox The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c. November 16, 2015, 05:11 am
CVE-2015-5300
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart). July 21, 2017, 09:07 am
CVE-2015-5299
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
samba The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory. December 29, 2015, 16:12 pm
CVE-2015-5296
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
samba Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c. December 29, 2015, 16:12 pm
CVE-2015-5292
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal sssd Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos authentication. October 29, 2015, 11:10 am
CVE-2015-5289
6.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal postgresql Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values. October 26, 2015, 09:10 am
CVE-2015-5288
6.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal postgresql The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt. October 26, 2015, 09:10 am
CVE-2015-5283
4.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel The sctp_init function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished. October 19, 2015, 05:10 am
CVE-2015-5279
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High qemu Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets. September 28, 2015, 11:09 am
CVE-2015-5278
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. December 30, 2016, 08:12 am
CVE-2015-5277
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious glibc The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database. December 17, 2015, 13:12 pm
CVE-2015-5276
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium gcc The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. November 17, 2015, 09:11 am
CVE-2015-5259
8.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious subversion Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read. January 8, 2016, 13:01 pm
CVE-2015-5257
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel drivers/usb/serial/whiteheat.c in the Linux kernel before 4.2.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted USB device. NOTE: this ID was incorrectly used for an Apache Cordova issue that has the correct ID of CVE-2015-8320. November 16, 2015, 05:11 am
CVE-2015-5252
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
samba vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share. December 29, 2015, 16:12 pm
CVE-2015-5247
6.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal libvirt The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool. April 14, 2016, 10:04 am
CVE-2015-5229
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors. April 8, 2016, 10:04 am
CVE-2015-5225
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High qemu Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the server display surface. November 6, 2015, 15:11 pm
CVE-2015-5224
9.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical util-linux The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks. August 23, 2017, 10:08 am
CVE-2015-5219
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious ntp The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet. July 21, 2017, 09:07 am
CVE-2015-5218
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low util-linux Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable. November 9, 2015, 10:11 am
CVE-2015-5195
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious ntp ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation. July 21, 2017, 09:07 am
CVE-2015-5194
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious ntp The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands. July 21, 2017, 09:07 am
CVE-2015-5180
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious glibc res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash). June 27, 2017, 15:06 pm
CVE-2015-5158
5.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal qemu Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAP_SYS_RAWIO permissions to cause a denial of service (instance crash) via an invalid opcode in a SCSI command descriptor block. April 11, 2016, 20:04 pm
CVE-2015-5157
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI. August 31, 2015, 05:08 am
CVE-2015-5156
6.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel before 4.2 attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets. October 19, 2015, 05:10 am
CVE-2015-5154
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious qemu Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands. August 12, 2015, 09:08 am
CVE-2015-5146
5.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal ntp ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet. August 24, 2017, 15:08 pm
CVE-2015-5073
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis. December 13, 2016, 10:12 am
CVE-2015-4913
3.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858. October 21, 2015, 19:10 pm
CVE-2015-4910
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached. October 21, 2015, 19:10 pm
CVE-2015-4905
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML. October 21, 2015, 19:10 pm
CVE-2015-4904
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to libmysqld. October 21, 2015, 19:10 pm
CVE-2015-4895
3.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. October 21, 2015, 18:10 pm
CVE-2015-4890
3.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication. October 21, 2015, 18:10 pm
CVE-2015-4879
4.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML. October 21, 2015, 18:10 pm
CVE-2015-4870
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser. October 21, 2015, 18:10 pm
CVE-2015-4866
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. October 21, 2015, 18:10 pm
CVE-2015-4864
3.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges. October 21, 2015, 18:10 pm
CVE-2015-4862
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML. October 21, 2015, 18:10 pm
CVE-2015-4861
3.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. October 21, 2015, 18:10 pm
CVE-2015-4858
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913. October 21, 2015, 18:10 pm
CVE-2015-4836
2.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP. October 21, 2015, 18:10 pm
CVE-2015-4833
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition. October 21, 2015, 18:10 pm
CVE-2015-4830
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges. October 21, 2015, 16:10 pm
CVE-2015-4826
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types. October 21, 2015, 16:10 pm
CVE-2015-4819
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious mysql Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs. October 21, 2015, 16:10 pm
CVE-2015-4816
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. October 21, 2015, 16:10 pm
CVE-2015-4815
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL. October 21, 2015, 16:10 pm
CVE-2015-4807
3.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier, when running on Windows, allows remote authenticated users to affect availability via unknown vectors related to Server : Query Cache. October 21, 2015, 16:10 pm
CVE-2015-4802
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792. October 21, 2015, 16:10 pm
CVE-2015-4800
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. October 21, 2015, 16:10 pm
CVE-2015-4792
1.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802. October 21, 2015, 16:10 pm
CVE-2015-4791
3.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges. October 21, 2015, 16:10 pm
CVE-2015-4772
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition. July 16, 2015, 06:07 am
CVE-2015-4771
3.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to RBR. July 16, 2015, 06:07 am
CVE-2015-4769
3.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4767. July 16, 2015, 06:07 am
CVE-2015-4767
1.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4769. July 16, 2015, 06:07 am
CVE-2015-4766
1.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall. October 21, 2015, 16:10 pm
CVE-2015-4761
3.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached. July 16, 2015, 06:07 am
CVE-2015-4757
3.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. July 16, 2015, 06:07 am
CVE-2015-4756
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-0439. July 16, 2015, 06:07 am
CVE-2015-4752
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S. July 16, 2015, 06:07 am
CVE-2015-4737
3.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth. July 16, 2015, 06:07 am
CVE-2015-4730
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL 5.6.20 and earlier allows remote authenticated users to affect availability via unknown vectors related to Types. October 21, 2015, 16:10 pm
CVE-2015-4700
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler. August 31, 2015, 05:08 am
CVE-2015-4692
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call. July 27, 2015, 05:07 am
CVE-2015-4652
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark epan/dissectors/packet-gsm_a_dtap.c in the GSM DTAP dissector in Wireshark 1.12.x before 1.12.6 does not properly validate digit characters, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the de_emerg_num_list and de_bcd_num functions. July 21, 2015, 20:07 pm
CVE-2015-4651
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.6 does not properly determine whether enough memory is available for storing IP address strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. July 21, 2015, 20:07 pm
CVE-2015-4646
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious squashfs (1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service (application crash) via a crafted input. April 13, 2017, 12:04 pm
CVE-2015-4645
5.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal squashfs Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow. March 17, 2017, 09:03 am
CVE-2015-4644
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious php The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352. May 16, 2016, 05:05 am
CVE-2015-4643
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022. May 16, 2016, 05:05 am
CVE-2015-4642
9.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical php The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted string to an application that accepts command-line arguments for a call to the PHP system function. May 16, 2016, 05:05 am
CVE-2015-4625
4.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal polkit Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value. October 26, 2015, 14:10 pm
CVE-2015-4620
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High bind name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted zone data and then making a query for a name in that zone. July 8, 2015, 09:07 am
CVE-2015-4605
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious php The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule. May 16, 2016, 05:05 am
CVE-2015-4604
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious php The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule. May 16, 2016, 05:05 am
CVE-2015-4603
9.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical php The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a "type confusion" issue. May 16, 2016, 05:05 am
CVE-2015-4602
9.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical php The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue. May 16, 2016, 05:05 am
CVE-2015-4601
9.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical php PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a different issue than CVE-2015-4600. May 16, 2016, 05:05 am
CVE-2015-4600
9.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical php The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in the (1) SoapClient::__getLastRequest, (2) SoapClient::__getLastResponse, (3) SoapClient::__getLastRequestHeaders, (4) SoapClient::__getLastResponseHeaders, (5) SoapClient::__getCookies, and (6) SoapClient::__setCookie methods. May 16, 2016, 05:05 am
CVE-2015-4599
9.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical php The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service (application crash), or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue. May 16, 2016, 05:05 am
CVE-2015-4598
6.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by a filename.html attack that bypasses an intended configuration in which client users may write to only .html files. May 16, 2016, 05:05 am
CVE-2015-4491
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal gdk-pixbuf Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling. August 15, 2015, 20:08 pm
CVE-2015-4335
10.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical redis Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command. June 9, 2015, 09:06 am
CVE-2015-4178
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The fs_pin implementation in the Linux kernel before 4.0.5 does not ensure the internal consistency of a certain list data structure, which allows local users to cause a denial of service (system crash) by leveraging user-namespace root access for an MNT_DETACH umount2 system call, related to fs/fs_pin.c and include/linux/fs_pin.h. May 2, 2016, 05:05 am
CVE-2015-4177
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The collect_mounts function in fs/namespace.c in the Linux kernel before 4.0.5 does not properly consider that it may execute after a path has been unmounted, which allows local users to cause a denial of service (system crash) by leveraging user-namespace root access for an MNT_DETACH umount2 system call. May 2, 2016, 05:05 am
CVE-2015-4176
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel fs/namespace.c in the Linux kernel before 4.0.2 does not properly support mount connectivity, which allows local users to read arbitrary files by leveraging user-namespace root access for deletion of a file or directory. May 2, 2016, 05:05 am
CVE-2015-4171
2.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low strongswan strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses. June 10, 2015, 13:06 pm
CVE-2015-4170
4.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_down_write deadlock) by establishing a new tty thread during shutdown of a previous tty thread. May 2, 2016, 05:05 am
CVE-2015-4167
4.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 does not validate certain length values, which allows local users to cause a denial of service (incorrect data representation or integer overflow, and OOPS) via a crafted UDF filesystem. August 5, 2015, 13:08 pm
CVE-2015-4148
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a "type confusion" issue. June 9, 2015, 13:06 pm
CVE-2015-4147
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious php The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an unexpected data type, related to a "type confusion" issue. June 9, 2015, 13:06 pm
CVE-2015-4146
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wpa_supplicant The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service (crash) via a crafted message. June 15, 2015, 10:06 am
CVE-2015-4145
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wpa_supplicant The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate a fragment is already being processed, which allows remote attackers to cause a denial of service (memory leak) via a crafted message. June 15, 2015, 10:06 am
CVE-2015-4144
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wpa_supplicant The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message. June 15, 2015, 10:06 am
CVE-2015-4143
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wpa_supplicant The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload. June 15, 2015, 10:06 am
CVE-2015-4142
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wpa_supplicant Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read. June 15, 2015, 10:06 am
CVE-2015-4141
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wpa_supplicant The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow. June 15, 2015, 10:06 am
CVE-2015-4116
9.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical php Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation. May 16, 2016, 05:05 am
CVE-2015-4106
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious qemu QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors. June 3, 2015, 15:06 pm
CVE-2015-4047
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High ipsec-tools racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests. May 29, 2015, 10:05 am
CVE-2015-4041
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. May 22, 2015, 10:05 am
CVE-2015-4037
1.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low qemu The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program. August 26, 2015, 14:08 pm
CVE-2015-4036
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel Array index error in the tcm_vhost_make_tpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted VHOST_SCSI_SET_ENDPOINT ioctl call. NOTE: the affected function was renamed to vhost_scsi_make_tpg before the vulnerability was announced. August 31, 2015, 15:08 pm
CVE-2015-4035
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious xz scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name. July 25, 2017, 13:07 pm
CVE-2015-4026
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High php The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. June 9, 2015, 13:06 pm
CVE-2015-4025
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High php PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. June 9, 2015, 13:06 pm
CVE-2015-4024
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium php Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome. June 9, 2015, 13:06 pm
CVE-2015-4022
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High php Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. June 9, 2015, 13:06 pm
CVE-2015-4021
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium php The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive. June 9, 2015, 13:06 pm
CVE-2015-4004
8.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet. June 7, 2015, 18:06 pm
CVE-2015-4003
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet. June 7, 2015, 18:06 pm
CVE-2015-4002
9.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions. June 7, 2015, 18:06 pm
CVE-2015-4001
9.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical kernel Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet. June 7, 2015, 18:06 pm
CVE-2015-4000
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
safari The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. May 20, 2015, 19:05 pm
CVE-2015-3991
9.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical strongswan strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code. September 7, 2017, 15:09 pm
CVE-2015-3906
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium wireshark The logcat_dump_text function in wiretap/logcat.c in the Android Logcat file parser in Wireshark 1.12.x before 1.12.5 does not properly handle a lack of termination, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted message in a packet, a different vulnerability than CVE-2015-3815. May 26, 2015, 10:05 am
CVE-2015-3903
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 disables X.509 certificate verification for GitHub API calls over SSL, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. May 26, 2015, 10:05 am
CVE-2015-3902
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin Multiple cross-site request forgery (CSRF) vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configuration file. May 26, 2015, 10:05 am
CVE-2015-3900
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal ruby RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack." June 24, 2015, 09:06 am
CVE-2015-3815
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium wireshark The detect_version function in wiretap/logcat.c in the Android Logcat file parser in Wireshark 1.12.x before 1.12.5 does not check the length of the payload, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a packet with a crafted payload, as demonstrated by a length of zero, a different vulnerability than CVE-2015-3906. May 26, 2015, 10:05 am
CVE-2015-3814
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium wireshark The (1) dissect_tfs_request and (2) dissect_tfs_response functions in epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 interpret a zero value as a length rather than an error condition, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. May 26, 2015, 10:05 am
CVE-2015-3813
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium wireshark The fragment_add_work function in epan/reassemble.c in the packet-reassembly feature in Wireshark 1.12.x before 1.12.5 does not properly determine the defragmentation state in a case of an insufficient snapshot length, which allows remote attackers to cause a denial of service (memory consumption) via a crafted packet. May 26, 2015, 10:05 am
CVE-2015-3812
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High wireshark Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packet-x11.c in the X11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 allow remote attackers to cause a denial of service (memory consumption) via a crafted packet. May 26, 2015, 10:05 am
CVE-2015-3811
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium wireshark epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, a different vulnerability than CVE-2015-2188. May 26, 2015, 10:05 am
CVE-2015-3810
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High wireshark epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark 1.12.x before 1.12.5 uses a recursive algorithm, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet. May 26, 2015, 10:05 am
CVE-2015-3809
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High wireshark The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not properly track the current offset, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. May 26, 2015, 10:05 am
CVE-2015-3808
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High wireshark The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not reject a zero length, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. May 26, 2015, 10:05 am
CVE-2015-3717
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious sqlite Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. July 2, 2015, 21:07 pm
CVE-2015-3644
5.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal stunnel Stunnel 5.00 through 5.13, when using the redirect option, does not redirect client connections to the expected server after the initial connection, which allows remote attackers to bypass authentication. May 13, 2015, 19:05 pm
CVE-2015-3636
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect. August 5, 2015, 20:08 pm
CVE-2015-3631
3.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low docker Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc. May 18, 2015, 10:05 am
CVE-2015-3630
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious docker Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image. May 18, 2015, 10:05 am
CVE-2015-3627
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious docker Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image. May 18, 2015, 10:05 am
CVE-2015-3622
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal libtasn1 The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate. May 12, 2015, 14:05 pm
CVE-2015-3456
7.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High qemu The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM. May 13, 2015, 13:05 pm
CVE-2015-3455
2.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low squid Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate. May 18, 2015, 10:05 am
CVE-2015-3416
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious sqlite The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement. April 24, 2015, 12:04 pm
CVE-2015-3415
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious sqlite The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement. April 24, 2015, 12:04 pm
CVE-2015-3414
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious sqlite SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement. April 24, 2015, 12:04 pm
CVE-2015-3412
5.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext/standard/streamsfuncs.c, as demonstrated by a filename.extension attack that bypasses an intended configuration in which client users may read files with only one specific extension. May 16, 2016, 05:05 am
CVE-2015-3411
6.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename.xml attack that bypasses an intended configuration in which client users may read only .xml files. May 16, 2016, 05:05 am
CVE-2015-3405
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys. August 9, 2017, 11:08 am
CVE-2015-3362
3.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low video Cross-site scripting (XSS) vulnerability in the Video module before 7.x-2.11 for Drupal, when using the video WYSIWYG plugin, allows remote authenticated users to inject arbitrary web script or HTML via a node title. April 21, 2015, 11:04 am
CVE-2015-3339
6.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped. May 27, 2015, 05:05 am
CVE-2015-3332
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through 3.16.x kernel builds, including longterm-maintenance releases and ckt (aka Canonical Kernel Team) builds. May 27, 2015, 05:05 am
CVE-2015-3331
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket. May 27, 2015, 05:05 am
CVE-2015-3330
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a "deconfigured interpreter." June 9, 2015, 13:06 pm
CVE-2015-3329
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious php Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive. June 9, 2015, 13:06 pm
CVE-2015-3308
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High gnutls Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point. September 2, 2015, 09:09 am
CVE-2015-3307
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious php The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have unspecified other impact via a crafted tar archive. June 9, 2015, 13:06 pm
CVE-2015-3306
10.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical proftpd The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands. May 18, 2015, 10:05 am
CVE-2015-3294
6.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal dnsmasq The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request. May 8, 2015, 09:05 am
CVE-2015-3291
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform does not properly determine when nested NMI processing is occurring, which allows local users to cause a denial of service (skipped NMI) by modifying the rsp register, issuing a syscall instruction, and triggering an NMI. August 31, 2015, 05:08 am
CVE-2015-3290
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window. August 31, 2015, 05:08 am
CVE-2015-3288
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel mm/memory.c in the Linux kernel before 4.1.4 mishandles anonymous pages, which allows local users to gain privileges or cause a denial of service (page tainting) via a crafted application that triggers writing to page zero. October 16, 2016, 16:10 pm
CVE-2015-3276
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal openldap The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors. December 7, 2015, 14:12 pm
CVE-2015-3256
4.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal polkit PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation." October 26, 2015, 14:10 pm
CVE-2015-3255
4.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal polkit The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions. October 26, 2015, 14:10 pm
CVE-2015-3253
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
groovy The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object. August 13, 2015, 09:08 am
CVE-2015-3248
4.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal openhpi openhpi/Makefile.am in OpenHPI before 3.6.0 uses world-writable permissions for /var/lib/openhpi directory, which allows local users, when quotas are not properly setup, to fill the filesystem hosting /var/lib and cause a denial of service (disk consumption). September 26, 2017, 10:09 am
CVE-2015-3246
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious libuser libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification. NOTE: this issue can be combined with CVE-2015-3245 to gain privileges. August 11, 2015, 09:08 am
CVE-2015-3245
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low libuser Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service (/etc/passwd corruption) via a newline character in the GECOS field. August 11, 2015, 09:08 am
CVE-2015-3239
3.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low libunwind Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes. August 26, 2015, 14:08 pm
CVE-2015-3238
5.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. August 24, 2015, 09:08 am
CVE-2015-3237
6.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal libcurl curl The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values. June 22, 2015, 14:06 pm
CVE-2015-3236
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal libcurl curl cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset (curl_easy_reset) connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors. June 22, 2015, 14:06 pm
CVE-2015-3223
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
samba The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets. December 29, 2015, 16:12 pm
CVE-2015-3218
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low polkit The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path. October 26, 2015, 14:10 pm
CVE-2015-3217
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\.|([^\\W_])?)+)+$/. December 13, 2016, 10:12 am
CVE-2015-3216
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal openssl Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establishing many TLS sessions to a multithreaded server, leading to use of a negative value for a certain length field. July 7, 2015, 05:07 am
CVE-2015-3214
6.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal linux_kernel qemu The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index. August 31, 2015, 05:08 am
CVE-2015-3213
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious clutter The gesture handling code in Clutter before 1.16.2 allows physically proximate attackers to bypass the lock screen via certain (1) mouse or (2) touch gestures. August 12, 2015, 09:08 am
CVE-2015-3212
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 allows local users to cause a denial of service (list corruption and panic) via a rapid series of system calls related to sockets, as demonstrated by setsockopt calls. August 31, 2015, 05:08 am
CVE-2015-3210
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?P<B>c)(?P<B>a(?P=B)))>WGXCREDITS)/, a different vulnerability than CVE-2015-8384. December 13, 2016, 10:12 am
CVE-2015-3209
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High junos_space Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set. June 15, 2015, 10:06 am
CVE-2015-3200
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious lighttpd mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character. June 9, 2015, 09:06 am
CVE-2015-3197
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
openssl ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions. February 14, 2016, 20:02 pm
CVE-2015-3196
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal openssl ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message. December 6, 2015, 14:12 pm
CVE-2015-3195
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
openssl The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. December 6, 2015, 14:12 pm
CVE-2015-3194
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
openssl crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter. December 6, 2015, 14:12 pm
CVE-2015-3193
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium openssl The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite. December 6, 2015, 14:12 pm
CVE-2015-3187
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium subversion The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path. August 12, 2015, 09:08 am
CVE-2015-3185
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium appache The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior. July 20, 2015, 18:07 pm
CVE-2015-3184
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium subversion mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name. August 12, 2015, 09:08 am
CVE-2015-3182
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark epan/dissectors/packet-dec-dnart.c in the DECnet NSP/RT dissector in Wireshark 1.10.12 through 1.10.14 mishandles a certain strdup return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-3170
5.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal selinux selinux-policy when sysctl fs.protected_hardlinks are set to 0 allows local users to cause a denial of service (SSH login prevention) by creating a hardlink to /etc/passwd from a directory named .config, and updating selinux-policy. July 21, 2017, 09:07 am
CVE-2015-3165
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal postgresql Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence. May 28, 2015, 09:05 am
CVE-2015-3153
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal libcurl curl The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents. May 1, 2015, 10:05 am
CVE-2015-3152
5.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql mariadb Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack. May 16, 2016, 05:05 am
CVE-2015-3148
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal libcurl curl cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. April 24, 2015, 09:04 am
CVE-2015-3145
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious libcurl curl The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character. April 24, 2015, 09:04 am
CVE-2015-3144
9.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical libcurl curl The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80." April 24, 2015, 09:04 am
CVE-2015-3143
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal libcurl curl cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015. April 24, 2015, 09:04 am
CVE-2015-3138
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious tcpdump print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash). September 27, 2017, 20:09 pm
CVE-2015-3112
10.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical bridge Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. June 24, 2015, 05:06 am
CVE-2015-3111
10.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical bridge Heap-based buffer overflow in Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 allows attackers to execute arbitrary code via unspecified vectors. June 24, 2015, 05:06 am
CVE-2015-3110
10.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical bridge Integer overflow in Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 allows attackers to execute arbitrary code via unspecified vectors. June 24, 2015, 05:06 am
CVE-2015-2987
2.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low ed Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, which makes it easier for attackers to obtain plaintext data via differential cryptanalysis of a file with an original length smaller than 128 bits. August 28, 2015, 10:08 am
CVE-2015-2925
6.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack." November 16, 2015, 05:11 am
CVE-2015-2922
3.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. May 27, 2015, 05:05 am
CVE-2015-2877
3.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel ** DISPUTED ** Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack. NOTE: the vendor states "Basically if you care about this attack vector, disable deduplication." Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and can be classified as potentially misunderstood behaviors rather than vulnerabilities. March 3, 2017, 05:03 am
CVE-2015-2830
1.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16. May 27, 2015, 05:05 am
CVE-2015-2806
10.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical libtasn1 Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors. April 10, 2015, 10:04 am
CVE-2015-2787
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious php Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231. March 30, 2015, 05:03 am
CVE-2015-2783
5.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions. June 9, 2015, 13:06 pm
CVE-2015-2781
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium hotex_billing_manager Cross-site scripting (XSS) vulnerability in cgi-bin/hotspotlogin.cgi in Hotspot Express hotEx Billing Manager 73 allows remote attackers to inject arbitrary web script or HTML via the reply parameter. April 14, 2015, 09:04 am
CVE-2015-2721
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium nss Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a "SMACK SKIP-TLS" issue. July 5, 2015, 21:07 pm
CVE-2015-2686
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel net/socket.c in the Linux kernel 3.19 before 3.19.3 does not validate certain range data for (1) sendto and (2) recvfrom system calls, which allows local users to gain privileges by leveraging a subsystem that uses the copy_from_iter function in the iov_iter interface, as demonstrated by the Bluetooth subsystem. May 2, 2016, 05:05 am
CVE-2015-2672
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The xsave/xrstor implementation in arch/x86/include/asm/xsave.h in the Linux kernel before 3.19.2 creates certain .altinstr_replacement pointers and consequently does not provide any protection against instruction faulting, which allows local users to cause a denial of service (panic) by triggering a fault, as demonstrated by an unaligned memory operand or a non-canonical address memory operand. May 2, 2016, 05:05 am
CVE-2015-2666
6.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to the initrd. May 27, 2015, 05:05 am
CVE-2015-2661
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows local users to affect availability via unknown vectors related to Client. July 16, 2015, 06:07 am
CVE-2015-2648
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML. July 16, 2015, 06:07 am
CVE-2015-2643
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. July 16, 2015, 06:07 am
CVE-2015-2641
3.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges. July 16, 2015, 06:07 am
CVE-2015-2639
3.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Firewall. July 16, 2015, 06:07 am
CVE-2015-2620
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges. July 16, 2015, 05:07 am
CVE-2015-2617
6.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Partition. July 16, 2015, 05:07 am
CVE-2015-2611
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML. July 16, 2015, 05:07 am
CVE-2015-2582
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS. July 16, 2015, 05:07 am
CVE-2015-2576
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low mysql Unspecified vulnerability in the MySQL Utilities component in Oracle MySQL 1.5.1 and earlier, when running on Windows, allows local users to affect integrity via unknown vectors related to Installation. April 16, 2015, 12:04 pm
CVE-2015-2575
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J. April 16, 2015, 12:04 pm
CVE-2015-2573
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. April 16, 2015, 12:04 pm
CVE-2015-2571
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. April 16, 2015, 12:04 pm
CVE-2015-2568
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges. April 16, 2015, 12:04 pm
CVE-2015-2567
3.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges. April 16, 2015, 12:04 pm
CVE-2015-2566
2.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML. April 16, 2015, 12:04 pm
CVE-2015-2535
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium samba Active Directory in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (service outage) by creating multiple machine accounts, aka "Active Directory Denial of Service Vulnerability." September 8, 2015, 19:09 pm
CVE-2015-2348
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected names via a crafted second argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. March 30, 2015, 05:03 am
CVE-2015-2331
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious php Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow. March 30, 2015, 05:03 am
CVE-2015-2328
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High pcre PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. December 1, 2015, 19:12 pm
CVE-2015-2327
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High pcre PCRE before 8.36 mishandles the /(((a2)|(a*)g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. December 1, 2015, 19:12 pm
CVE-2015-2304
6.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal libarchive Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive. March 15, 2015, 14:03 pm
CVE-2015-2301
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious php Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file. March 30, 2015, 05:03 am
CVE-2015-2282
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious gui Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316. June 2, 2015, 09:06 am
CVE-2015-2278
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal gui The LZH decompression implementation (CsObjectInt::BuildHufTree function in vpa108csulzh.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to look-ups of non-simple codes, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316. June 2, 2015, 09:06 am
CVE-2015-2214
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal netcat NetCat 5.01 and earlier allows remote attackers to obtain the installation path via the redirect_url parameter to netshop/post.php. March 5, 2015, 09:03 am
CVE-2015-2206
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests. March 9, 2015, 12:03 pm
CVE-2015-2192
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark Integer overflow in the dissect_osd2_cdb_continuation function in epan/dissectors/packet-scsi-osd.c in the SCSI OSD dissector in Wireshark 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet. March 7, 2015, 20:03 pm
CVE-2015-2191
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet. March 7, 2015, 20:03 pm
CVE-2015-2190
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet that is improperly handled by the LLDP dissector. March 7, 2015, 20:03 pm
CVE-2015-2189
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet. March 7, 2015, 20:03 pm
CVE-2015-2188
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium wireshark epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression. March 7, 2015, 20:03 pm
CVE-2015-2187
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code requirements, which allows remote attackers to cause a denial of service (stack memory corruption and application crash) via a crafted packet. March 7, 2015, 20:03 pm
CVE-2015-2171
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious slim Middleware/SessionCookie.php in Slim before 2.6.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted session data. March 30, 2015, 09:03 am
CVE-2015-2155
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High tcpdump The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. March 24, 2015, 12:03 pm
CVE-2015-2154
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium tcpdump The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) length, (2) offset, or (3) base pointer checksum value. March 24, 2015, 12:03 pm
CVE-2015-2153
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium tcpdump The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a crafted header length in an RPKI-RTR Protocol Data Unit (PDU). March 24, 2015, 12:03 pm
CVE-2015-2150
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response. March 12, 2015, 09:03 am
CVE-2015-2059
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High libidn The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read. August 12, 2015, 09:08 am
CVE-2015-2042
4.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry. April 21, 2015, 05:04 am
CVE-2015-2041
4.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry. April 21, 2015, 05:04 am
CVE-2015-1867
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious pacemaker Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command. August 12, 2015, 09:08 am
CVE-2015-1865
4.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal coreutils fts.c in coreutils 8.4 allows local users to delete arbitrary files. September 20, 2017, 13:09 pm
CVE-2015-1863
5.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wpa_supplicant Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries. April 28, 2015, 09:04 am
CVE-2015-1860
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal qt Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image. May 12, 2015, 14:05 pm
CVE-2015-1859
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal qt Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image. May 12, 2015, 14:05 pm
CVE-2015-1858
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal qt Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image. May 12, 2015, 14:05 pm
CVE-2015-1843
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal docker The Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic. NOTE: this vulnerability exists because of a CVE-2014-5277 regression. April 6, 2015, 10:04 am
CVE-2015-1819
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium libxml The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack. August 14, 2015, 13:08 pm
CVE-2015-1805
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun." August 8, 2015, 05:08 am
CVE-2015-1804
8.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious libxfont The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file. March 20, 2015, 09:03 am
CVE-2015-1803
8.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious libxfont The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file. March 20, 2015, 09:03 am
CVE-2015-1802
8.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious libxfont The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file. March 20, 2015, 09:03 am
CVE-2015-1799
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium ntp The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer. April 8, 2015, 05:04 am
CVE-2015-1798
1.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low ntp The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC. April 8, 2015, 05:04 am
CVE-2015-1794
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal openssl The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service (segmentation fault) via a zero p value in an anonymous Diffie-Hellman (DH) ServerKeyExchange message. December 6, 2015, 14:12 pm
CVE-2015-1793
6.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
openssl The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate. July 9, 2015, 14:07 pm
CVE-2015-1792
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium openssl The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function. June 12, 2015, 14:06 pm
CVE-2015-1791
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium openssl Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier. June 12, 2015, 14:06 pm
CVE-2015-1790
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium openssl The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data. June 12, 2015, 14:06 pm
CVE-2015-1789
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
openssl The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback. June 12, 2015, 14:06 pm
CVE-2015-1788
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium openssl The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication. June 12, 2015, 14:06 pm
CVE-2015-1787
2.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low openssl The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero. March 19, 2015, 17:03 pm
CVE-2015-1781
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium glibc Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer. September 28, 2015, 15:09 pm
CVE-2015-1779
8.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious qemu The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section. January 12, 2016, 13:01 pm
CVE-2015-1773
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal flex Cross-site scripting (XSS) vulnerability in asdoc/templates/index.html in Apache Flex before 4.14.1 allows remote attackers to inject arbitrary web script or HTML by providing a crafted URI to JavaScript code generated by the asdoc component. April 7, 2015, 20:04 pm
CVE-2015-1612
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious openflow OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to the reuse of LLDP packets, aka "LLDP Relay." April 4, 2017, 12:04 pm
CVE-2015-1611
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious openflow OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to "fake LLDP injection." April 4, 2017, 12:04 pm
CVE-2015-1593
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related to the randomize_stack_top function in fs/binfmt_elf.c and the stack_maxrandom_size function in arch/x86/mm/mmap.c. March 16, 2015, 05:03 am
CVE-2015-1573
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The nft_flush_table function in net/netfilter/nf_tables_api.c in the Linux kernel before 3.18.5 mishandles the interaction between cross-chain jumps and ruleset flushes, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability. May 2, 2016, 05:05 am
CVE-2015-1572
4.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium e2fsprogs Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247. February 24, 2015, 09:02 am
CVE-2015-1546
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal openldap Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control. February 12, 2015, 10:02 am
CVE-2015-1545
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal openldap The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request. February 12, 2015, 10:02 am
CVE-2015-1473
6.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium glibc The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call. April 8, 2015, 05:04 am
CVE-2015-1472
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High glibc The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call. April 8, 2015, 05:04 am
CVE-2015-1465
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a denial of service (memory consumption or system crash) via a flood of packets. April 5, 2015, 16:04 pm
CVE-2015-1421
10.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data. March 16, 2015, 05:03 am
CVE-2015-1420
1.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function. March 16, 2015, 05:03 am
CVE-2015-1419
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal vsftpd Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing. January 28, 2015, 05:01 am
CVE-2015-1395
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious patch Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name. August 25, 2017, 13:08 pm
CVE-2015-1379
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious socat The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b8 allow remote attackers to cause a denial of service (process freeze or crash). June 8, 2017, 16:06 pm
CVE-2015-1352
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. March 30, 2015, 05:03 am
CVE-2015-1351
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious php Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. March 30, 2015, 05:03 am
CVE-2015-1350
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program. May 2, 2016, 05:05 am
CVE-2015-1349
5.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium bind named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use. February 18, 2015, 21:02 pm
CVE-2015-1345
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low grep The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option. February 12, 2015, 10:02 am
CVE-2015-1339
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel Memory leak in the cuse_channel_release function in fs/fuse/cuse.c in the Linux kernel before 4.4 allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact by opening /dev/cuse many times. April 27, 2016, 12:04 pm
CVE-2015-1335
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious lxc lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source. October 1, 2015, 15:10 pm
CVE-2015-1334
4.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal lxc attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1) AppArmor profile or (2) SELinux label. August 12, 2015, 09:08 am
CVE-2015-1333
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel Memory leak in the __key_link_end function in security/keys/keyring.c in the Linux kernel before 4.1.4 allows local users to cause a denial of service (memory consumption) via many add_key system calls that refer to existing keys. August 31, 2015, 05:08 am
CVE-2015-1331
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal lxc lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*. August 12, 2015, 09:08 am
CVE-2015-1328
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace. November 27, 2016, 21:11 pm
CVE-2015-1315
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High unzip Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8. February 23, 2015, 11:02 am
CVE-2015-1283
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium chrome Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716. July 22, 2015, 19:07 pm
CVE-2015-1212
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android allow attackers to cause a denial of service or possibly have other impact via unknown vectors. February 6, 2015, 05:02 am
CVE-2015-1211
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker registration, which allows remote attackers to gain privileges via a filesystem: URI. February 6, 2015, 05:02 am
CVE-2015-1210
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the throwing of an exception, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. February 6, 2015, 05:02 am
CVE-2015-1209
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper handling of a shadow-root anchor. February 6, 2015, 05:02 am
CVE-2015-1197
1.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low cpio cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive. February 19, 2015, 09:02 am
CVE-2015-1196
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal patch GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file. January 21, 2015, 12:01 pm
CVE-2015-1194
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal pax pax 1:20140703 allows remote attackers to write to arbitrary files via a symlink attack in an archive. January 21, 2015, 12:01 pm
CVE-2015-1193
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal pax Multiple directory traversal vulnerabilities in pax 1:20140703 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive. January 21, 2015, 12:01 pm
CVE-2015-1191
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal pigz Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive. January 21, 2015, 12:01 pm
CVE-2015-1159
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal cups Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/. June 26, 2015, 05:06 am
CVE-2015-1158
10.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical cups The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code. June 26, 2015, 05:06 am
CVE-2015-0973
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High libpng Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495. January 18, 2015, 12:01 pm
CVE-2015-0881
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal squid CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response. February 20, 2015, 05:02 am
CVE-2015-0860
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High dpkg Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggers a stack-based buffer overflow. December 3, 2015, 14:12 pm
CVE-2015-0847
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious nbd nbd-server.c in Network Block Device (nbd-server) before 3.11 does not properly handle signals, which allows remote attackers to cause a denial of service (deadlock) via unspecified vectors. May 29, 2015, 10:05 am
CVE-2015-0840
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal dpkg The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc). April 13, 2015, 09:04 am
CVE-2015-0797
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal linux_kernel gstreamer GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file. May 14, 2015, 05:05 am
CVE-2015-0573
9.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical kernel drivers/media/platform/msm/broadcast/tsc.c in the TSC driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via a crafted application that makes a TSC_GET_CARD_STATUS ioctl call. August 7, 2016, 16:08 pm
CVE-2015-0572
9.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical kernel Multiple race conditions in drivers/char/adsprpc.c and drivers/char/adsprpc_compat.c in the ADSPRPC driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service (zero-value write) or possibly have unspecified other impact via a COMPAT_FASTRPC_IOCTL_INVOKE_FD ioctl call. October 10, 2016, 05:10 am
CVE-2015-0571
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel The WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify authorization for private SET IOCTL calls, which allows attackers to gain privileges via a crafted application, related to wlan_hdd_hostapd.c and wlan_hdd_wext.c. May 9, 2016, 05:05 am
CVE-2015-0570
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel Stack-based buffer overflow in the SET_WPS_IE IOCTL implementation in wlan_hdd_hostapd.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via a crafted application that uses a long WPS IE element. May 9, 2016, 05:05 am
CVE-2015-0569
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel Heap-based buffer overflow in the private wireless extensions IOCTL implementation in wlan_hdd_wext.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via a crafted application that establishes a packet filter. May 9, 2016, 05:05 am
CVE-2015-0568
8.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel Use-after-free vulnerability in the msm_set_crop function in drivers/media/video/msm/msm_camera.c in the MSM-Camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (memory corruption) via an application that makes a crafted ioctl call. August 7, 2016, 16:08 pm
CVE-2015-0564
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session. January 9, 2015, 20:01 pm
CVE-2015-0563
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. January 9, 2015, 20:01 pm
CVE-2015-0562
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark Multiple use-after-free vulnerabilities in epan/dissectors/packet-dec-dnart.c in the DEC DNA Routing Protocol dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory. January 9, 2015, 20:01 pm
CVE-2015-0561
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet. January 9, 2015, 20:01 pm
CVE-2015-0560
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. January 9, 2015, 20:01 pm
CVE-2015-0559
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark Multiple use-after-free vulnerabilities in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory. January 9, 2015, 20:01 pm
CVE-2015-0511
2.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : SP. April 16, 2015, 11:04 am
CVE-2015-0508
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-0506. April 16, 2015, 11:04 am
CVE-2015-0507
3.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached. April 16, 2015, 11:04 am
CVE-2015-0506
3.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2015-0508. April 16, 2015, 11:04 am
CVE-2015-0505
3.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. April 16, 2015, 11:04 am
CVE-2015-0503
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition. April 16, 2015, 11:04 am
CVE-2015-0501
5.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling. April 16, 2015, 11:04 am
CVE-2015-0500
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors. April 16, 2015, 11:04 am
CVE-2015-0499
3.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated. April 16, 2015, 11:04 am
CVE-2015-0498
1.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication. April 16, 2015, 11:04 am
CVE-2015-0441
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption. April 16, 2015, 11:04 am
CVE-2015-0439
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-4756. April 16, 2015, 11:04 am
CVE-2015-0438
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition. April 16, 2015, 11:04 am
CVE-2015-0433
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML. April 16, 2015, 11:04 am
CVE-2015-0432
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key. January 21, 2015, 13:01 pm
CVE-2015-0423
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. April 16, 2015, 11:04 am
CVE-2015-0411
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious mysql Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption. January 21, 2015, 13:01 pm
CVE-2015-0409
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. January 21, 2015, 12:01 pm
CVE-2015-0405
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA. April 16, 2015, 11:04 am
CVE-2015-0391
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. January 21, 2015, 12:01 pm
CVE-2015-0385
3.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Pluggable Auth. January 21, 2015, 12:01 pm
CVE-2015-0382
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381. January 21, 2015, 12:01 pm
CVE-2015-0381
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382. January 21, 2015, 12:01 pm
CVE-2015-0374
3.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key. January 21, 2015, 12:01 pm
CVE-2015-0312
10.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical kernel Double free vulnerability in Adobe Flash Player before 13.0.0.264 and 14.x through 16.x before 16.0.0.296 on Windows and OS X and before 11.2.202.440 on Linux allows attackers to execute arbitrary code via unspecified vectors. January 28, 2015, 16:01 pm
CVE-2015-0295
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal qt The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file. March 25, 2015, 09:03 am
CVE-2015-0293
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium openssl The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message. March 19, 2015, 17:03 pm
CVE-2015-0292
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High openssl Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow. March 19, 2015, 17:03 pm
CVE-2015-0291
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium openssl The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by using an invalid signature_algorithms extension in the ClientHello message during a renegotiation. March 19, 2015, 17:03 pm
CVE-2015-0290
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium openssl The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote attackers to cause a denial of service (pointer corruption and application crash) via unspecified vectors. March 19, 2015, 17:03 pm
CVE-2015-0289
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium openssl The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c. March 19, 2015, 17:03 pm
CVE-2015-0288
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium openssl The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key. March 19, 2015, 17:03 pm
CVE-2015-0287
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium openssl The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse. March 19, 2015, 17:03 pm
CVE-2015-0286
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium openssl The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature. March 19, 2015, 17:03 pm
CVE-2015-0285
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium openssl The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a does not ensure that the PRNG is seeded before proceeding with a handshake, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and then conducting a brute-force attack. March 19, 2015, 17:03 pm
CVE-2015-0282
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium gnutls GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors. March 24, 2015, 12:03 pm
CVE-2015-0275
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel The ext4_zero_range function in fs/ext4/extents.c in the Linux kernel before 4.1 allows local users to cause a denial of service (BUG) via a crafted fallocate zero-range request. October 19, 2015, 05:10 am
CVE-2015-0274
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel The XFS implementation in the Linux kernel before 3.15 improperly uses an old size value during remote attribute replacement, which allows local users to cause a denial of service (transaction overrun and data corruption) or possibly gain privileges by leveraging XFS filesystem access. March 16, 2015, 05:03 am
CVE-2015-0273
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious php Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function. March 30, 2015, 05:03 am
CVE-2015-0267
3.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kexec-tools The Red Hat module-setup.sh script for kexec-tools, as distributed in the kexec-tools before 2.0.7-19 packages in Red Hat Enterprise Linux, allows local users to write to arbitrary files via a symlink attack on a temporary file. May 19, 2015, 13:05 pm
CVE-2015-0261
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High tcpdump Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) or possibly execute arbitrary code via a negative length value. March 24, 2015, 12:03 pm
CVE-2015-0252
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal xerces-c internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data. March 24, 2015, 12:03 pm
CVE-2015-0251
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal subversion The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences. April 8, 2015, 13:04 pm
CVE-2015-0248
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal subversion The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers. April 8, 2015, 13:04 pm
CVE-2015-0247
4.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium e2fsprogs Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image. February 17, 2015, 09:02 am
CVE-2015-0245
1.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low d-bus D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds. February 13, 2015, 09:02 am
CVE-2015-0240
10.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High samba The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c. February 23, 2015, 19:02 pm
CVE-2015-0239
4.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction. March 2, 2015, 05:03 am
CVE-2015-0236
3.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low libvirt libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface. January 29, 2015, 09:01 am
CVE-2015-0235
10.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High glibc Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST." January 28, 2015, 13:01 pm
CVE-2015-0232
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image. January 27, 2015, 14:01 pm
CVE-2015-0231
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious php Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142. January 27, 2015, 14:01 pm
CVE-2015-0210
5.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wpa_supplicant wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack. August 28, 2017, 10:08 am
CVE-2015-0209
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium openssl Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import. March 19, 2015, 17:03 pm
CVE-2015-0208
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium openssl The ASN.1 signature-verification implementation in the rsa_item_verify function in crypto/rsa/rsa_ameth.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted RSA PSS parameters to an endpoint that uses the certificate-verification feature. March 19, 2015, 17:03 pm
CVE-2015-0207
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium openssl The dtls1_listen function in d1_lib.c in OpenSSL 1.0.2 before 1.0.2a does not properly isolate the state information of independent data streams, which allows remote attackers to cause a denial of service (application crash) via crafted DTLS traffic, as demonstrated by DTLS 1.0 traffic to a DTLS 1.2 server. March 19, 2015, 17:03 pm
CVE-2015-0206
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium openssl Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection. January 8, 2015, 20:01 pm
CVE-2015-0205
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium openssl The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support. January 8, 2015, 20:01 pm
CVE-2015-0204
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium openssl The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations. January 8, 2015, 20:01 pm
CVE-2015-0202
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious subversion The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes. April 8, 2015, 13:04 pm