CVE List 2015

Product
Score
Severity
Status
CVE
               
CVE Score Severity Package Description Published
CVE-2015-9999
4.0 MV Product/Version
affected:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. December 20, 2013, 11:12 am
CVE-2015-9261
4.3 MV Product/Version
affected:
Normal busybox huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file. July 26, 2018, 14:07 pm
CVE-2015-9253
6.5 MV Product/Version
affected:
CGE 7.0 Resolved
Normal php An issue was discovered in PHP through 7.2.2. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN stream, causing this master process to consume 100% of the CPU, and consume disk space with a large volume of error logs, as demonstrated by an attack by a customer of a shared-hosting facility. February 19, 2018, 13:02 pm
CVE-2015-9096
6.1 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal ruby Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring. June 12, 2017, 15:06 pm
CVE-2015-9019
5.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 In progress
CGX 1.8 Resolved
CGX 2.2 Resolved
Medium libxslt In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs. April 5, 2017, 16:04 pm
CVE-2015-9004
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions. May 2, 2017, 16:05 pm
CVE-2015-8994
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
High php An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/mod_php or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with the opcache.validate_permission=1 setting. The vulnerability details are as follows. In PHP SAPIs where PHP interpreters share a common parent process, Zend OpCache creates a shared memory object owned by the common parent during initialization. Child PHP processes inherit the SHM descriptor, using it to cache and retrieve compiled script bytecode (opcode in PHP jargon). Cache keys vary depending on configuration, but filename is a central key component, and compiled opcode can generally be run if a scripts filename is known or can be guessed. Many common shared-hosting configurations change EUID in child processes to enforce privilege separation among hosted users (for example using mod_ruid2 for the Apache HTTP Server, or php-fpm user settings). In these scenarios, the default Zend OpCache behavior defeats script file permissions by sharing a single SHM cache among all child PHP processes. PHP scripts often contain sensitive information: Think of CMS configurations where reading or running another users script usually means gaining privileges to the CMS database. March 2, 2017, 00:03 am
CVE-2015-8985
5.9 MV Product/Version
affected:
MVL6 Toolchain 4.4 Resolved
CGE 7.0 In progress
CGX 2.2 Resolved
MVL6 Toolchain 4.3 Resolved
CGX 2.0 In progress
CGX 1.8 Resolved
Medium glibc The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing. March 20, 2017, 11:03 am
CVE-2015-8984
2.0 MV Product/Version
affected:
MVL6 Toolchain 4.4 Resolved
CGX 2.2 Resolved
MVL6 Toolchain 4.3 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
glibc The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read. March 20, 2017, 11:03 am
CVE-2015-8983
4.4 MV Product/Version
affected:
CGE 7.0 Resolved
MVL6 Toolchain 4.4 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
MVL6 Toolchain 4.3 Resolved
glibc Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow. March 20, 2017, 11:03 am
CVE-2015-8982
3.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
MVL6 Toolchain 4.3 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
MVL6 Toolchain 4.4 Resolved
glibc Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. March 15, 2017, 14:03 pm
CVE-2015-8970
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 6.0 Resolved
kernel crypto/algif_skcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that does not supply a key, related to the lrw_crypt function in crypto/lrw.c. November 27, 2016, 21:11 pm
CVE-2015-8967
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the strict page permissions protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access. December 8, 2016, 15:12 pm
CVE-2015-8966
7.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
Serious kernel arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 4.4 allows local users to gain privileges via a crafted (1) F_OFD_GETLK, (2) F_OFD_SETLK, or (3) F_OFD_SETLKW command in an fcntl64 system call. December 8, 2016, 15:12 pm
CVE-2015-8964
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
Normal kernel The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel before 4.5 allows local users to obtain sensitive information from kernel memory by reading a tty data structure. November 15, 2016, 23:11 pm
CVE-2015-8963
7.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel Race condition in kernel/events/core.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation. November 15, 2016, 23:11 pm
CVE-2015-8962
7.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call. November 15, 2016, 23:11 pm
CVE-2015-8961
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel The __ext4_journal_stop function in fs/ext4/ext4_jbd2.c in the Linux kernel before 4.3.3 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging improper access to a certain error field. November 15, 2016, 23:11 pm
CVE-2015-8956
3.6 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
kernel The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket. October 10, 2016, 05:10 am
CVE-2015-8955
6.9 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
kernel arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that are mishandled during a span of multiple HW PMUs. October 10, 2016, 05:10 am
CVE-2015-8953
5.4 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
kernel fs/overlayfs/copy_up.c in the Linux kernel before 4.2.6 uses an incorrect cleanup code path, which allows local users to cause a denial of service (dentry reference leak) via filesystem operations on a large file in a lower overlayfs layer. October 16, 2016, 16:10 pm
CVE-2015-8952
4.9 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 In progress
CGX 2.0 In progress
kernel The mbcache feature in the ext2 and ext4 filesystem implementations in the Linux kernel before 4.6 mishandles xattr block caching, which allows local users to cause a denial of service (soft lockup) via filesystem operations in environments that use many attributes, as demonstrated by Ceph and Samba. October 16, 2016, 16:10 pm
CVE-2015-8950
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
kernel arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap call. October 10, 2016, 05:10 am
CVE-2015-8948
4.0 MV Product/Version
affected:
CGE 7.0 In progress
CGX 1.8 Resolved
CGX 2.0 Resolved
libidn idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read. September 7, 2016, 15:09 pm
CVE-2015-8947
7.6 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 1.8 Resolved
Serious harfbuzz hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data, a different vulnerability than CVE-2016-2052. July 19, 2016, 05:07 am
CVE-2015-8944
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel The ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices, uses weak permissions for /proc/iomem, which allows local users to obtain sensitive information by reading this file, aka Android internal bug 28814213 and Qualcomm internal bug CR786116. NOTE: the permissions may be intentional in most non-Android contexts. August 6, 2016, 05:08 am
CVE-2015-8935
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
php The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer by leveraging (1) %0A%20 or (2) %0D%0A%20 mishandling in the header function. August 7, 2016, 05:08 am
CVE-2015-8934
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Normal libarchive The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file. September 20, 2016, 09:09 am
CVE-2015-8933
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Normal libarchive Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file. September 20, 2016, 09:09 am
CVE-2015-8932
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.4 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal libarchive The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift. September 20, 2016, 09:09 am
CVE-2015-8931
7.8 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious libarchive Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior. September 20, 2016, 09:09 am
CVE-2015-8930
7.5 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious libarchive bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself. September 20, 2016, 09:09 am
CVE-2015-8929
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal libarchive Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file. September 20, 2016, 09:09 am
CVE-2015-8928
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal libarchive The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. September 20, 2016, 09:09 am
CVE-2015-8927
5.5 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal libarchive The trad_enc_decrypt_update function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted zip file, related to reading the password. September 20, 2016, 09:09 am
CVE-2015-8926
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.4 Resolved
CGE 7.0 Resolved
Normal libarchive The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive. September 20, 2016, 09:09 am
CVE-2015-8925
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.4 Resolved
CGE 7.0 Resolved
Normal libarchive The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing. September 20, 2016, 09:09 am
CVE-2015-8924
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal libarchive The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file. September 20, 2016, 09:09 am
CVE-2015-8923
6.5 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal libarchive The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file. September 20, 2016, 09:09 am
CVE-2015-8922
5.5 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal libarchive The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct. September 20, 2016, 09:09 am
CVE-2015-8921
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.4 Resolved
CGX 2.0 Resolved
Serious libarchive The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. September 20, 2016, 09:09 am
CVE-2015-8920
5.5 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal libarchive The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file. September 20, 2016, 09:09 am
CVE-2015-8919
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Serious libarchive The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file. September 20, 2016, 09:09 am
CVE-2015-8918
7.5 MV Product/Version
affected:
CGX 2.4 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Serious libarchive The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to overlapping memcpy. September 20, 2016, 09:09 am
CVE-2015-8917
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.4 Resolved
CGE 7.0 Resolved
Serious libarchive bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file. September 20, 2016, 09:09 am
CVE-2015-8916
4.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
libarchive bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a split file in multivolume RAR, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted rar file. September 20, 2016, 09:09 am
CVE-2015-8915
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
libarchive bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file. September 20, 2016, 09:09 am
CVE-2015-8899
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Serious dnsmasq Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally. June 30, 2016, 12:06 pm
CVE-2015-8880
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
Critical php Double free vulnerability in the format printer in PHP 7.x before 7.0.1 allows remote attackers to have an unspecified impact by triggering an error. May 21, 2016, 20:05 pm
CVE-2015-8879
7.5 MV Product/Version
affected:
Serious php The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table. May 21, 2016, 20:05 pm
CVE-2015-8878
5.9 MV Product/Version
affected:
Normal php main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service (race condition and heap memory corruption) by leveraging an application that performs many temporary-file accesses. May 21, 2016, 20:05 pm
CVE-2015-8877
7.5 MV Product/Version
affected:
Serious php The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function. May 21, 2016, 20:05 pm
CVE-2015-8876
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
Critical php Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger unintended method execution via crafted serialized data. May 21, 2016, 20:05 pm
CVE-2015-8875
6.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
gdk-pixbuf Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image, which triggers a heap-based buffer overflow. June 1, 2016, 17:06 pm
CVE-2015-8874
7.5 MV Product/Version
affected:
Serious php Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call. May 16, 2016, 05:05 am
CVE-2015-8873
7.5 MV Product/Version
affected:
Serious php Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault) via recursive method calls. May 16, 2016, 05:05 am
CVE-2015-8872
2.1 MV Product/Version
affected:
CGE 7.0 Resolved
MVL6 Kernel 2.6.32 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
dosfstools The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an off-by-two error. June 3, 2016, 09:06 am
CVE-2015-8867
7.5 MV Product/Version
affected:
Serious php The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. May 21, 2016, 20:05 pm
CVE-2015-8866
9.6 MV Product/Version
affected:
CGE 7.0 Resolved
Critical php ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161. May 21, 2016, 20:05 pm
CVE-2015-8865
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
php The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file. May 20, 2016, 05:05 am
CVE-2015-8853
5.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
perl The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by ax80. May 25, 2016, 10:05 am
CVE-2015-8845
4.9 MV Product/Version
affected:
MVL6 Kernel 2.6.32 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
kernel The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application. April 27, 2016, 12:04 pm
CVE-2015-8844
4.7 MV Product/Version
affected:
CGE 7.0 In progress
MVL6 Kernel 2.6.32 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
kernel The signal implementation in the Linux kernel before 4.3.5 on powerpc platforms does not check for an MSR with both the S and T bits set, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application. April 27, 2016, 12:04 pm
CVE-2015-8842
2.1 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
systemd tmpfiles.d/systemd.conf in systemd before 229 uses weak permissions for /var/log/journal/%m/system.journal, which allows local users to obtain sensitive information by reading the file. April 20, 2016, 11:04 am
CVE-2015-8839
1.9 MV Product/Version
affected:
CGE 7.0 Resolved
MVL6 Kernel 2.6.32 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
kernel Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different users file after unsynchronized hole punching and page-fault handling. May 2, 2016, 05:05 am
CVE-2015-8838
5.9 MV Product/Version
affected:
Normal php ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152. May 16, 2016, 05:05 am
CVE-2015-8835
7.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 In progress
CGX 2.0 Resolved
php The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service (NULL pointer dereference, type confusion, and application crash) or possibly execute arbitrary code via crafted serialized data representing a numerically indexed _cookies array, related to the SoapClient::__call method in ext/soap/soap.c. May 16, 2016, 05:05 am
CVE-2015-8830
7.2 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
MVL6 Kernel 2.6.32 Resolved
kernel Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE: this vulnerability exists because of a CVE-2012-6701 regression. May 2, 2016, 05:05 am
CVE-2015-8818
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
The cpu_physical_memory_write_rom_internal function in exec.c in QEMU (aka Quick Emulator) does not properly skip MMIO regions, which allows local privileged guest users to cause a denial of service (guest crash) via unspecified vectors. December 29, 2016, 16:12 pm
CVE-2015-8817
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
QEMU (aka Quick Emulator) built to use address_space_translate to map an address to a MemoryRegionSection is vulnerable to an OOB r/w access issue. It could occur while doing pci_dma_read/write calls. Affects QEMU versions >= 1.6.0 and <= 2.3.1. A privileged user inside guest could use this flaw to crash the guest instance resulting in DoS. December 29, 2016, 16:12 pm
CVE-2015-8816
7.2 MV Product/Version
affected:
CGE 7.0 Resolved
MVL6 Kernel 2.6.32 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
kernel The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device. April 27, 2016, 12:04 pm
CVE-2015-8812
10.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
MVL6 Kernel 2.6.28 Resolved
kernel drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets. April 27, 2016, 12:04 pm
CVE-2015-8806
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
libxml2 dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the <!DOCTYPE html substring in a crafted HTML document. April 13, 2016, 12:04 pm
CVE-2015-8805
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
nettle The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803. February 23, 2016, 13:02 pm
CVE-2015-8804
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
nettle x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors. February 23, 2016, 13:02 pm
CVE-2015-8803
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
nettle The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805. February 23, 2016, 13:02 pm
CVE-2015-8787
10.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
kernel The nf_nat_redirect_ipv4 function in net/netfilter/nf_nat_redirect.c in the Linux kernel before 4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by sending certain IPv4 packets to an incompletely configured interface, a related issue to CVE-2003-1604. February 7, 2016, 21:02 pm
CVE-2015-8786
6.5 MV Product/Version
affected:
Normal rabbitmq The Management plugin in RabbitMQ before 3.6.1 allows remote authenticated users with certain privileges to cause a denial of service (resource consumption) via the (1) lengths_age or (2) lengths_incr parameter. December 9, 2016, 14:12 pm
CVE-2015-8785
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
MVL6 Kernel 2.6.28 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
kernel The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov. February 7, 2016, 21:02 pm
CVE-2015-8784
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGE 6.0 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
tiff The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif. April 13, 2016, 12:04 pm
CVE-2015-8783
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
tiff tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image. February 1, 2016, 15:02 pm
CVE-2015-8782
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
tiff tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781. February 1, 2016, 15:02 pm
CVE-2015-8781
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 1.8 In progress
tiff tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782. February 1, 2016, 15:02 pm
CVE-2015-8779
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
glibc Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name. April 19, 2016, 16:04 pm
CVE-2015-8778
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
MVL6 Toolchain 4.4 Resolved
CGE 7.0 Resolved
glibc Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access. April 19, 2016, 16:04 pm
CVE-2015-8777
2.1 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
glibc The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. January 19, 2016, 23:01 pm
CVE-2015-8776
6.4 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
glibc The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value. April 19, 2016, 16:04 pm
CVE-2015-8767
5.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Professional PRO 5.0 Resolved
kernel net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call. February 7, 2016, 21:02 pm
CVE-2015-8750
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
MVL6 Toolchain 4.4 Resolved
libdwarf 20151114 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a debug_abbrev section marked NOBITS in an ELF file. February 13, 2017, 12:02 pm
CVE-2015-8746
5.0 MV Product/Version
affected:
CGX 2.0 Resolved
MVL6 Kernel 2.6.28 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
kernel fs/nfs/nfs4proc.c in the NFS client in the Linux kernel before 4.2.2 does not properly initialize memory for migration recovery operations, which allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) via crafted network traffic. May 2, 2016, 05:05 am
CVE-2015-8745
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It could occur while reading Interrupt Mask Registers (IMR). A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS. December 29, 2016, 16:12 pm
CVE-2015-8744
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS. December 29, 2016, 16:12 pm
CVE-2015-8743
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
QEMU (aka Quick Emulator) built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue. It could occur while performing ioport r/w operations. A privileged (CAP_SYS_RAWIO) user/process could use this flaw to leak or corrupt QEMU memory bytes. December 29, 2016, 16:12 pm
CVE-2015-8742
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal wireshark The dissect_CPMSetBindings function in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.1 does not validate the column size, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8741
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark The dissect_ppi function in epan/dissectors/packet-ppi.c in the PPI dissector in Wireshark 2.0.x before 2.0.1 does not initialize a packet-header data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8740
5.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
Normal wireshark The dissect_tds7_colmetadata_token function in epan/dissectors/packet-tds.c in the TDS dissector in Wireshark 2.0.x before 2.0.1 does not validate the number of columns, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8739
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark The ipmi_fmt_udpport function in epan/dissectors/packet-ipmi.c in the IPMI dissector in Wireshark 2.0.x before 2.0.1 improperly attempts to access a packet scope, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8738
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark The s7comm_decode_ud_cpu_szl_subfunc function in epan/dissectors/packet-s7comm_szl_ids.c in the S7COMM dissector in Wireshark 2.0.x before 2.0.1 does not validate the list count in an SZL response, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8737
5.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal wireshark The mp2t_open function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not validate the bit rate, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. January 3, 2016, 23:01 pm
CVE-2015-8736
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark The mp2t_find_next_pcr function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not reserve memory for a trailer, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file. January 3, 2016, 23:01 pm
CVE-2015-8735
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark The get_value function in epan/dissectors/packet-btatt.c in the Bluetooth Attribute (aka BT ATT) dissector in Wireshark 2.0.x before 2.0.1 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (invalid write operation and application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8734
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal wireshark The dissect_nwp function in epan/dissectors/packet-nwp.c in the NWP dissector in Wireshark 2.0.x before 2.0.1 mishandles the packet type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8733
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
wireshark The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record lengths and record header lengths, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. January 3, 2016, 23:01 pm
CVE-2015-8732
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
wireshark The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8731
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
wireshark The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8730
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
wireshark epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8729
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
wireshark The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a character at the end of a date string, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. January 3, 2016, 23:01 pm
CVE-2015-8728
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
wireshark The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in the GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function, which allows remote attackers to cause a denial of service (buffer overflow and application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8727
4.3 MV Product/Version
affected:
CGE 7.0 In progress
CGX 1.8 Resolved
CGX 2.0 Resolved
wireshark The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8726
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
wireshark wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. January 3, 2016, 23:01 pm
CVE-2015-8725
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
wireshark The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the IPv6 prefix length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8724
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
wireshark The AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not verify the WPA broadcast key length, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8723
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
wireshark The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8722
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
wireshark epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the frame pointer, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8721
4.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
wireshark Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet with zlib compression. January 3, 2016, 23:01 pm
CVE-2015-8720
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
which The dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8719
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
wireshark The dissect_dns_answer function in epan/dissectors/packet-dns.c in the DNS dissector in Wireshark 1.12.x before 1.12.9 mishandles the EDNS0 Client Subnet option, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8718
4.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
wireshark Double free vulnerability in epan/dissectors/packet-nlm.c in the NLM dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1, when the Match MSG/RES packets for async NLM option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8717
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
wireshark The dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.12.x before 1.12.9 does not prevent use of a negative media count, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8716
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 In progress
CGX 2.0 Resolved
wireshark The init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a conversation exists, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8715
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
wireshark epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does not check for empty arguments, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8714
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark The dissect_dcom_OBJREF function in epan/dissectors/packet-dcom.c in the DCOM dissector in Wireshark 1.12.x before 1.12.9 does not initialize a certain IPv4 data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8713
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal wireshark epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not properly reserve memory for channel ID mappings, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8712
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark The dissect_hsdsch_channel_info function in epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8711
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-8710
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
libxml2 The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment. April 11, 2016, 16:04 pm
CVE-2015-8709
6.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
Professional PRO 5.0 Resolved
MVL6 Kernel 2.6.28 Resolved
kernel ** DISPUTED ** kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor states there is no kernel bug here. February 7, 2016, 21:02 pm
CVE-2015-8705
6.6 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
bind buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT data or (2) an ECS option. January 20, 2016, 09:01 am
CVE-2015-8704
6.8 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 7.0 Resolved
CGE 6.0 Resolved
CGX 2.0 Resolved
bind apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record. January 20, 2016, 09:01 am
CVE-2015-8701
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
QEMU (aka Quick Emulator) built with the Rocker switch emulation support is vulnerable to an off-by-one error. It happens while processing transmit (tx) descriptors in tx_consume routine, if a descriptor was to have more than allowed (ROCKER_TX_FRAGS_MAX=16) fragments. A privileged user inside guest could use this flaw to cause memory leakage on the host or crash the QEMU process instance resulting in DoS issue. December 29, 2016, 16:12 pm
CVE-2015-8683
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
tiff The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a packed TIFF image. April 13, 2016, 12:04 pm
CVE-2015-8669
5.3 MV Product/Version
affected:
Normal phpmyadmin libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. December 26, 2015, 16:12 pm
CVE-2015-8666
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator. April 11, 2017, 14:04 pm
CVE-2015-8665
4.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 In progress
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
tiff tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image. April 13, 2016, 12:04 pm
CVE-2015-8660
7.2 MV Product/Version
affected:
CGE 7.0 Resolved
Professional PRO 5.0 Resolved
MVL6 Kernel 2.6.28 Resolved
CGX 2.0 Resolved
kernel The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application. December 28, 2015, 05:12 am
CVE-2015-8619
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash). April 13, 2017, 12:04 pm
CVE-2015-8618
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
golang The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors. January 27, 2016, 14:01 pm
CVE-2015-8617
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
Critical php Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling. January 18, 2016, 23:01 pm
CVE-2015-8616
8.6 MV Product/Version
affected:
Serious php Use-after-free vulnerability in the Collator::sortWithSortKeys function in ext/intl/collator/collator_sort.c in PHP 7.x before 7.0.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging the relationships between a key buffer and a destroyed array. January 18, 2016, 23:01 pm
CVE-2015-8613
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO command. April 11, 2017, 14:04 pm
CVE-2015-8608
9.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Critical perl The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument. February 7, 2017, 09:02 am
CVE-2015-8607
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
perl The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. January 13, 2016, 09:01 am
CVE-2015-8605
5.7 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
dhcp ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet. January 14, 2016, 16:01 pm
CVE-2015-8575
2.1 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
MVL6 Kernel 2.6.28 Resolved
kernel The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application. February 7, 2016, 21:02 pm
CVE-2015-8569
1.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
MVL6 Kernel 2.6.28 Resolved
kernel The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application. December 28, 2015, 05:12 am
CVE-2015-8568
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly. April 11, 2017, 14:04 pm
CVE-2015-8567
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption). April 13, 2017, 12:04 pm
CVE-2015-8560
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 In progress
cups-filters Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327. April 14, 2016, 09:04 am
CVE-2015-8558
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
qemu The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list. May 23, 2016, 14:05 pm
CVE-2015-8556
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1. March 24, 2017, 09:03 am
CVE-2015-8551
5.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka Linux pciback missing sanity checks. April 13, 2016, 10:04 am
CVE-2015-8543
6.9 MV Product/Version
affected:
Professional PRO 5.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
MVL6 Kernel 2.6.28 Resolved
kernel The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application. December 28, 2015, 05:12 am
CVE-2015-8540
9.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
libpng Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read. April 14, 2016, 09:04 am
CVE-2015-8539
7.2 MV Product/Version
affected:
MVL6 Kernel 2.6.28 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
kernel The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c. February 7, 2016, 21:02 pm
CVE-2015-8538
4.0 MV Product/Version
affected:
MVL6 Toolchain 4.4 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV). June 7, 2017, 15:06 pm
CVE-2015-8504
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client. April 11, 2017, 14:04 pm
CVE-2015-8472
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
libpng Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126. January 21, 2016, 09:01 am
CVE-2015-8467
6.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
samba The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, which allows remote authenticated users to bypass intended access restrictions by leveraging the existence of a domain with both a Samba DC and a Windows DC, a similar issue to CVE-2015-2535. December 29, 2015, 16:12 pm
CVE-2015-8461
7.1 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 In progress
CGX 1.8 In progress
High bind Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2 allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via unspecified vectors. December 16, 2015, 09:12 am
CVE-2015-8395
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 7.0 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 1.8 Resolved
CGX 1.8 Resolved
High pcre PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392. December 1, 2015, 19:12 pm
CVE-2015-8394
7.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
High pcre PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. December 1, 2015, 19:12 pm
CVE-2015-8393
5.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Medium pcre pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client. December 1, 2015, 19:12 pm
CVE-2015-8392
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
High pcre PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395. December 1, 2015, 19:12 pm
CVE-2015-8391
9.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
High pcre The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. December 1, 2015, 19:12 pm
CVE-2015-8390
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
High pcre PCRE before 8.38 mishandles the [: and \ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. December 1, 2015, 19:12 pm
CVE-2015-8389
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 In progress
High pcre PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. December 1, 2015, 19:12 pm
CVE-2015-8388
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 In progress
CGX 1.8 Resolved
High pcre PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. December 1, 2015, 19:12 pm
CVE-2015-8387
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
High pcre PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. December 1, 2015, 19:12 pm
CVE-2015-8386
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
High pcre PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. December 1, 2015, 19:12 pm
CVE-2015-8385
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
High pcre PCRE before 8.38 mishandles the /(?|(kPm)|(?Pm))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. December 1, 2015, 19:12 pm
CVE-2015-8384
7.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGE 7.0 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
High pcre PCRE before 8.38 mishandles the /(?J)(?d(?dg{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395. December 1, 2015, 19:12 pm
CVE-2015-8383
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
High pcre PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. December 1, 2015, 19:12 pm
CVE-2015-8382
6.4 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Medium pcre The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547. December 1, 2015, 19:12 pm
CVE-2015-8381
7.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
High pcre The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?R)(kR)|((?R)))HRkRf)|s(?R))))/ and /(?J:(?|(:(?|(?R)(z(?|(?R)(kR)|((?R)))kR)|((?R)))HAkRf)|s(?R)))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. December 1, 2015, 19:12 pm
CVE-2015-8380
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
High pcre The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a 1 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. December 1, 2015, 19:12 pm
CVE-2015-8374
2.1 MV Product/Version
affected:
CGE 7.0 Resolved
MVL6 Kernel 2.6.28 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
kernel fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action. December 28, 2015, 05:12 am
CVE-2015-8370
6.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Medium grub2 Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an Off-by-two or Out of bounds overwrite memory error. December 16, 2015, 15:12 pm
CVE-2015-8345
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list. April 13, 2017, 12:04 pm
CVE-2015-8327
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 In progress
CGE 7.0 Resolved
High cups-filters Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job. December 17, 2015, 13:12 pm
CVE-2015-8325
7.2 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
openssh The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable. April 30, 2016, 20:04 pm
CVE-2015-8324
4.9 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
kernel The ext4 implementation in the Linux kernel before 2.6.34 does not properly track the initialization of certain data structures, which allows physically proximate attackers to cause a denial of service (NULL pointer dereference and panic) via a crafted USB device, related to the ext4_fill_super function. May 2, 2016, 05:05 am
CVE-2015-8317
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGE 6.0 Resolved
Medium libxml2 The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read. December 15, 2015, 15:12 pm
CVE-2015-8242
5.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 6.0 Resolved
Medium libxml2 The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. December 15, 2015, 15:12 pm
CVE-2015-8241
6.4 MV Product/Version
affected:
CGE 7.0 Resolved
Professional PRO 4.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 6.0 Resolved
Medium libxml2 The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. December 15, 2015, 15:12 pm
CVE-2015-8239
6.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
sudo The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed. October 10, 2017, 11:10 am
CVE-2015-8215
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal kernel net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 does not validate attempted changes to the MTU value, which allows context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is limited to the NetworkManager product. November 16, 2015, 15:11 pm
CVE-2015-8158
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 6.0 Resolved
CGX 2.0 Resolved
The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values. January 30, 2017, 15:01 pm
CVE-2015-8140
4.0 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network. January 30, 2017, 15:01 pm
CVE-2015-8139
4.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGE 6.0 Resolved
ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors. January 30, 2017, 15:01 pm
CVE-2015-8138
4.0 MV Product/Version
affected:
CGE 6.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero. January 30, 2017, 15:01 pm
CVE-2015-8126
7.5 MV Product/Version
affected:
CGX 1.8 In progress
CGE 7.0 Resolved
CGE 6.0 Resolved
CGX 1.8 In progress
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
High libpng Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. November 12, 2015, 21:11 pm
CVE-2015-8104
4.7 MV Product/Version
affected:
CGX 2.0 Resolved
Medium vm_virtualbox The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c. November 16, 2015, 05:11 am
CVE-2015-8100
2.1 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Low net-snmp The net-snmp package in OpenBSD through 5.8 uses 0644 permissions for snmpd.conf, which allows local users to obtain sensitive community information by reading this file. November 9, 2015, 21:11 pm
CVE-2015-8080
7.5 MV Product/Version
affected:
CGX 2.0 In progress
CGE 7.0 Resolved
Serious redis Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. April 13, 2016, 10:04 am
CVE-2015-8041
5.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Medium hostapd Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read. November 9, 2015, 10:11 am
CVE-2015-8035
2.6 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
Low libxml2 The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data. November 18, 2015, 10:11 am
CVE-2015-8023
5.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal strongswan The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message. November 18, 2015, 10:11 am
CVE-2015-8019
7.2 MV Product/Version
affected:
MVL6 Kernel 2.6.28 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
kernel The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call. May 2, 2016, 05:05 am
CVE-2015-8000
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 6.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Medium bind db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute. December 16, 2015, 09:12 am
CVE-2015-7995
5.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Medium libxslt The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a type confusion issue. November 17, 2015, 09:11 am
CVE-2015-7990
5.9 MV Product/Version
affected:
MVL6 Kernel 2.6.30 Resolved
kernel Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6937. December 28, 2015, 05:12 am
CVE-2015-7981
5.0 MV Product/Version
affected:
CGE 6.0 Resolved
Medium libpng The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read. November 24, 2015, 14:11 pm
CVE-2015-7979
4.0 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 6.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGE 6.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client. January 30, 2017, 15:01 pm
CVE-2015-7978
4.0 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list. January 30, 2017, 15:01 pm
CVE-2015-7977
4.0 MV Product/Version
affected:
CGX 1.8 In progress
CGE 6.0 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. January 30, 2017, 15:01 pm
CVE-2015-7976
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename. January 30, 2017, 15:01 pm
CVE-2015-7975
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash). January 30, 2017, 15:01 pm
CVE-2015-7974
2.1 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
ntp NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a skeleton key. January 26, 2016, 13:01 pm
CVE-2015-7973
4.0 MV Product/Version
affected:
CGE 6.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network. January 30, 2017, 15:01 pm
CVE-2015-7942
6.8 MV Product/Version
affected:
CGE 7.0 Resolved
Professional PRO 4.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 6.0 Resolved
Medium libxml2 The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941. November 18, 2015, 10:11 am
CVE-2015-7941
4.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
Professional PRO 4.0 Resolved
CGE 6.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Medium libxml2 libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities. November 18, 2015, 10:11 am
CVE-2015-7885
2.1 MV Product/Version
affected:
MVL6 Kernel 2.6.28 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
kernel The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application. December 28, 2015, 05:12 am
CVE-2015-7884
1.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
MVL6 Kernel 2.6.28 Resolved
kernel The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application. December 28, 2015, 05:12 am
CVE-2015-7873
5.0 MV Product/Version
affected:
Normal phpmyadmin The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter. October 28, 2015, 05:10 am
CVE-2015-7872
2.1 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
MVL6 Kernel 2.6.28 Resolved
Low kernel The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands. November 16, 2015, 05:11 am
CVE-2015-7871
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 6.0 Resolved
Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication. August 7, 2017, 15:08 pm
CVE-2015-7855
4.0 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 7.0 Resolved
The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value. August 7, 2017, 15:08 pm
CVE-2015-7854
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 6.0 Resolved
Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file. August 7, 2017, 15:08 pm
CVE-2015-7853
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 6.0 Resolved
The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value. August 7, 2017, 15:08 pm
CVE-2015-7852
4.0 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 7.0 Resolved
ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets. August 7, 2017, 15:08 pm
CVE-2015-7851
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 6.0 Resolved
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. June 27, 2016, 05:06 am
CVE-2015-7850
4.0 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 7.0 Resolved
ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file. August 7, 2017, 15:08 pm
CVE-2015-7849
4.0 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 7.0 Resolved
Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets. August 7, 2017, 15:08 pm
CVE-2015-7848
4.0 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 7.0 Resolved
An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash. January 6, 2017, 15:01 pm
CVE-2015-7837
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot. September 19, 2017, 11:09 am
CVE-2015-7833
4.0 MV Product/Version
affected:
CGX 2.0 In progress
CGX 2.2 Resolved
CGX 2.0 In progress
CGE 7.0 Resolved
Normal kernel The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red Hat Enterprise Linux (RHEL) 7.1 allows physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor. October 19, 2015, 05:10 am
CVE-2015-7830
4.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark The pcapng_read_if_descr_block function in wiretap/pcapng.c in the pcapng parser in Wireshark 1.12.x before 1.12.8 uses too many levels of pointer indirection, which allows remote attackers to cause a denial of service (incorrect free and application crash) via a crafted packet that triggers interface-filter copying. November 14, 2015, 21:11 pm
CVE-2015-7805
9.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.4 Resolved
CGX 1.8 Resolved
Critical libsndfile Heap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex value in the header in an AIFF file. November 17, 2015, 09:11 am
CVE-2015-7804
6.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Medium php Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filename in a .zip PHAR archive. December 11, 2015, 06:12 am
CVE-2015-7803
6.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Medium php The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist. December 11, 2015, 06:12 am
CVE-2015-7799
4.9 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
Medium kernel The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 does not ensure that certain slot numbers are valid, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call. October 19, 2015, 05:10 am
CVE-2015-7747
4.0 MV Product/Version
affected:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. October 30, 2015, 15:10 pm
CVE-2015-7705
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 6.0 Resolved
The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests. August 7, 2017, 15:08 pm
CVE-2015-7704
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 6.0 Resolved
CGE 6.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted KOD messages. August 7, 2017, 15:08 pm
CVE-2015-7703
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 6.0 Resolved
The pidfile or driftfile directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command. July 24, 2017, 09:07 am
CVE-2015-7702
4.0 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 7.0 Resolved
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. August 7, 2017, 15:08 pm
CVE-2015-7701
4.0 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 7.0 Resolved
Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption). August 7, 2017, 15:08 pm
CVE-2015-7697
4.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
Medium unzip Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive. November 6, 2015, 12:11 pm
CVE-2015-7696
6.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Medium unzip Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value. November 6, 2015, 12:11 pm
CVE-2015-7692
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 6.0 Resolved
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. August 7, 2017, 15:08 pm
CVE-2015-7691
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 6.0 Resolved
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. August 7, 2017, 15:08 pm
CVE-2015-7683
4.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGE 7.0 Resolved
Normal font Absolute path traversal vulnerability in Font.php in the Font plugin before 7.5.1 for WordPress allows remote administrators to read arbitrary files via a full pathname in the url parameter to AjaxProxy.php. October 16, 2015, 15:10 pm
CVE-2015-7674
6.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 In progress
Medium gdk-pixbuf Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow. October 26, 2015, 12:10 pm
CVE-2015-7673
6.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Medium gdk-pixbuf io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file. October 26, 2015, 12:10 pm
CVE-2015-7665
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
tails Tails before 1.7 includes the wget program but does not prevent automatic fallback from passive FTP to active FTP, which allows remote FTP servers to discover the Tor client IP address by reading a (1) PORT or (2) EPRT command. NOTE: within wget itself, the automatic fallback is not considered a vulnerability by CVE. December 27, 2015, 13:12 pm
CVE-2015-7613
6.9 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
MVL6 Kernel 2.6.28 Resolved
CGX 2.0 Resolved
Medium kernel Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c. October 19, 2015, 05:10 am
CVE-2015-7575
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
nss Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. January 8, 2016, 20:01 pm
CVE-2015-7566
4.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Professional PRO 5.0 Resolved
MVL6 Kernel 2.6.27 Resolved
kernel The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint. February 7, 2016, 21:02 pm
CVE-2015-7560
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
samba The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content. March 13, 2016, 17:03 pm
CVE-2015-7558
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 In progress
librsvg librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document. May 20, 2016, 09:05 am
CVE-2015-7557
5.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
librsvg The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via an odd number of elements in a coordinate pair in an SVG document. May 20, 2016, 09:05 am
CVE-2015-7555
5.5 MV Product/Version
affected:
Normal giflib Heap-based buffer overflow in giffix.c in giffix in giflib 5.1.1 allows attackers to cause a denial of service (program crash) via crafted image and logical screen width fields in a GIF file. April 13, 2016, 10:04 am
CVE-2015-7554
7.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
tiff The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image. January 8, 2016, 13:01 pm
CVE-2015-7551
8.4 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 In progress
Serious ruby The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression. March 23, 2016, 20:03 pm
CVE-2015-7550
4.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
MVL6 Kernel 2.6.28 Resolved
kernel The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls. February 7, 2016, 21:02 pm
CVE-2015-7549
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method. October 30, 2017, 09:10 am
CVE-2015-7547
6.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 6.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
MVL6 Toolchain 4.4 Resolved
big-ip_access_policy_manager Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing dual A/AAAA DNS queries and the libnss_dns.so.2 NSS module. February 18, 2016, 15:02 pm
CVE-2015-7545
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 In progress
git The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule. April 13, 2016, 10:04 am
CVE-2015-7540
5.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
samba The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) via crafted packets. December 29, 2015, 16:12 pm
CVE-2015-7515
4.9 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGE 6.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
kernel The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints. April 27, 2016, 12:04 pm
CVE-2015-7513
4.9 MV Product/Version
affected:
MVL6 Kernel 2.6.28 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
kernel arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions. February 7, 2016, 21:02 pm
CVE-2015-7512
6.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 6.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
qemu Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet. January 8, 2016, 15:01 pm
CVE-2015-7511
1.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 In progress
libgcrypt Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations. April 19, 2016, 16:04 pm
CVE-2015-7510
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
Critical systemd Stack-based buffer overflow in the getpwnam and getgrnam functions of the NSS module nss-mymachines in systemd. September 25, 2017, 16:09 pm
CVE-2015-7509
4.4 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal kernel fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015. December 28, 2015, 05:12 am
CVE-2015-7504
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode. October 16, 2017, 15:10 pm
CVE-2015-7500
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 6.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Medium libxml2 The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags. December 15, 2015, 15:12 pm
CVE-2015-7499
5.0 MV Product/Version
affected:
CGE 6.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Professional PRO 4.0 Resolved
CGX 2.0 Resolved
Medium libxml2 Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. December 15, 2015, 15:12 pm
CVE-2015-7498
5.0 MV Product/Version
affected:
Professional PRO 4.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 6.0 Resolved
CGE 7.0 Resolved
Medium libxml2 Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure. December 15, 2015, 15:12 pm
CVE-2015-7497
5.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGE 6.0 Resolved
CGX 2.0 Resolved
Professional PRO 4.0 Resolved
Medium libxml2 Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors. December 15, 2015, 15:12 pm
CVE-2015-7313
2.1 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
tiff LibTIFF allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted tiff file. March 17, 2017, 09:03 am
CVE-2015-7312
4.4 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
MVL6 Kernel 2.6.28 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Medium kernel Multiple race conditions in the Advanced Union Filesystem (aufs) aufs3-mmap.patch and aufs4-mmap.patch patches for the Linux kernel 3.x and 4.x allow local users to cause a denial of service (use-after-free and BUG) or possibly gain privileges via a (1) madvise or (2) msync system call, related to mm/madvise.c and mm/msync.c. November 16, 2015, 05:11 am
CVE-2015-7298
5.1 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGE 7.0 Resolved
Normal qt ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression. October 26, 2015, 09:10 am
CVE-2015-7295
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
Medium qemu hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap interface. November 9, 2015, 10:11 am
CVE-2015-7236
5.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 In progress
solaris_operating_system Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code. October 1, 2015, 15:10 pm
CVE-2015-7183
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
High nspr Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. November 4, 2015, 23:11 pm
CVE-2015-7182
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
nss Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data. November 4, 2015, 23:11 pm
CVE-2015-7181
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
High nss The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a use-after-poison issue. November 4, 2015, 23:11 pm
CVE-2015-7082
10.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.4 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
Critical git Multiple unspecified vulnerabilities in Git before 2.5.4, as used in Apple Xcode before 7.2, have unknown impact and attack vectors. NOTE: this CVE is associated only with Xcode use cases. December 11, 2015, 05:12 am
CVE-2015-6937
7.8 MV Product/Version
affected:
CGX 1.8 Resolved
Professional PRO 5.0 Resolved
MVL6 Kernel 2.6.30 Resolved
CGE 7.0 Resolved
High kernel The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. October 19, 2015, 05:10 am
CVE-2015-6908
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal openldap The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd. September 11, 2015, 11:09 am
CVE-2015-6855
10.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
High qemu hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash. November 6, 2015, 15:11 pm
CVE-2015-6838
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
Serious libxml2 php The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837. May 16, 2016, 05:05 am
CVE-2015-6837
7.5 MV Product/Version
affected:
Serious php The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error checking, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6838. May 16, 2016, 05:05 am
CVE-2015-6836
7.3 MV Product/Version
affected:
Serious php The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a type confusion in the serialize_function_call function. January 18, 2016, 23:01 pm
CVE-2015-6835
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
Critical php The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted session content. May 16, 2016, 05:05 am
CVE-2015-6834
5.1 MV Product/Version
affected:
Normal php Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization. May 16, 2016, 05:05 am
CVE-2015-6833
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
php Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call. January 18, 2016, 23:01 pm
CVE-2015-6832
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
php Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field. January 18, 2016, 23:01 pm
CVE-2015-6831
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
php Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization. January 18, 2016, 23:01 pm
CVE-2015-6830
5.0 MV Product/Version
affected:
Normal phpmyadmin libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attackers to bypass a multiple-reCaptcha protection mechanism against brute-force credential guessing by providing a correct response to a single reCaptcha. September 13, 2015, 20:09 pm
CVE-2015-6607
6.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal sqlite SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586. October 6, 2015, 12:10 pm
CVE-2015-6565
7.2 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGE 5.1 Resolved
High openssh sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service (terminal disruption) or possibly have unspecified other impact by writing to a device, as demonstrated by writing an escape sequence. August 23, 2015, 20:08 pm
CVE-2015-6564
6.9 MV Product/Version
affected:
CGE 5.1 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
Medium openssh Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. August 23, 2015, 20:08 pm
CVE-2015-6563
1.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGE 5.1 Resolved
Low openssh The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. August 23, 2015, 20:08 pm
CVE-2015-6527
7.3 MV Product/Version
affected:
Serious php The php_str_replace_in_subject function in ext/standard/string.c in PHP 7.x before 7.0.0 allows remote attackers to execute arbitrary code via a crafted value in the third argument to the str_ireplace function. January 18, 2016, 23:01 pm
CVE-2015-6526
4.9 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal kernel The perf_callchain_user_64 function in arch/powerpc/perf/callchain.c in the Linux kernel before 4.0.2 on ppc64 platforms allows local users to cause a denial of service (infinite loop) via a deep 64-bit userspace backtrace. August 31, 2015, 15:08 pm
CVE-2015-6525
7.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
High libevent Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via insanely large inputs to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space, or (5) evbuffer_read function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier was SPLIT from CVE-2014-6272 per ADT3 due to different affected versions. August 24, 2015, 09:08 am
CVE-2015-6496
5.0 MV Product/Version
affected:
Normal conntrack-tools conntrackd in conntrack-tools 1.4.2 and earlier does not ensure that the optional kernel modules are loaded before using them, which allows remote attackers to cause a denial of service (crash) via a (1) DCCP, (2) SCTP, or (3) ICMPv6 packet. August 24, 2015, 09:08 am
CVE-2015-6252
2.1 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Low kernel The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel before 4.1.5 allows local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers permanent file-descriptor allocation. October 19, 2015, 05:10 am
CVE-2015-6251
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
Medium gnutls Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate. August 24, 2015, 09:08 am
CVE-2015-6249
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal wireshark The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.7 does not prevent the conflicting use of a table for both IPv4 and IPv6 addresses, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. August 24, 2015, 18:08 pm
CVE-2015-6248
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal wireshark The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. August 24, 2015, 18:08 pm
CVE-2015-6247
4.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.c in the OpenFlow dissector in Wireshark 1.12.x before 1.12.7 does not validate a certain offset value, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. August 24, 2015, 18:08 pm
CVE-2015-6246
4.3 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. August 24, 2015, 18:08 pm
CVE-2015-6245
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal wireshark epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. August 24, 2015, 18:08 pm
CVE-2015-6244
4.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
Normal wireshark The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. August 24, 2015, 18:08 pm
CVE-2015-6243
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal wireshark The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions. August 24, 2015, 18:08 pm
CVE-2015-6242
4.3 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 does not properly consider a certain case of multiple realloc operations that restore a memory chunk to its original size, which allows remote attackers to cause a denial of service (incorrect free operation and application crash) via a crafted packet. August 24, 2015, 18:08 pm
CVE-2015-6241
4.3 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a number within a string, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. August 24, 2015, 18:08 pm
CVE-2015-5986
7.1 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
High bind openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted DNS response. September 4, 2015, 21:09 pm
CVE-2015-5895
10.0 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
Critical sqlite Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors. September 18, 2015, 07:09 am
CVE-2015-5745
3.2 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
Low qemu ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. July 28, 2017, 18:07 pm
CVE-2015-5740
9.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
Critical go The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers. October 18, 2017, 15:10 pm
CVE-2015-5739
9.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
Critical go The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by Content Length instead of Content-Length. October 18, 2017, 15:10 pm
CVE-2015-5738
4.0 MV Product/Version
affected:
CGE 6.0 Resolved
software_development_kit The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy (PFS), makes it easier for remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack. July 26, 2016, 12:07 pm
CVE-2015-5722
7.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGE 4.0 Resolved
CGX 2.0 Resolved
CGE 6.0 Resolved
High bind buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone. September 4, 2015, 21:09 pm
CVE-2015-5707
4.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal kernel Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request. October 19, 2015, 05:10 am
CVE-2015-5706
4.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
MVL6 Kernel 2.6.28 Resolved
CGX 2.0 Resolved
Medium kernel Use-after-free vulnerability in the path_openat function in fs/namei.c in the Linux kernel 3.x and 4.x before 4.0.4 allows local users to cause a denial of service or possibly have unspecified other impact via O_TMPFILE filesystem operations that leverage a duplicate cleanup operation. August 31, 2015, 05:08 am
CVE-2015-5697
2.1 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Low kernel The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call. August 31, 2015, 05:08 am
CVE-2015-5652
7.2 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious python Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. NOTE: the vendor says It was determined that this is a longtime behavior of Python that cannot really be altered at this point. October 5, 2015, 20:10 pm
CVE-2015-5621
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Serious net-snmp The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet. August 19, 2015, 10:08 am
CVE-2015-5602
7.2 MV Product/Version
affected:
CGX 2.4 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
Serious sudo sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by /home/*/*/file.txt. November 17, 2015, 09:11 am
CVE-2015-5600
8.5 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 7.0 Resolved
High openssh The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. August 2, 2015, 20:08 pm
CVE-2015-5590
7.3 MV Product/Version
affected:
Serious php Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling of an e-mail attachment by the imap PHP extension. January 18, 2016, 23:01 pm
CVE-2015-5589
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
Critical php The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted TAR archive that is mishandled in a Phar::convertToData call. May 16, 2016, 05:05 am
CVE-2015-5477
7.8 MV Product/Version
affected:
CGE 4.0 Resolved
CGE 6.0 Resolved
High bind named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries. July 29, 2015, 09:07 am
CVE-2015-5400
6.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Medium squid Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request. September 28, 2015, 15:09 pm
CVE-2015-5370
4.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
samba Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consumption), or possibly execute arbitrary code on a client system via unspecified vectors. April 24, 2016, 19:04 pm
CVE-2015-5366
5.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a different vulnerability than CVE-2015-5364. August 31, 2015, 05:08 am
CVE-2015-5364
7.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood. August 31, 2015, 05:08 am
CVE-2015-5352
4.3 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 7.0 Resolved
Medium openssh The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window. August 2, 2015, 20:08 pm
CVE-2015-5343
7.6 MV Product/Version
affected:
CGX 2.0 In progress
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
Serious subversion Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow. April 14, 2016, 09:04 am
CVE-2015-5330
5.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
samba ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading (1) an error message or (2) a database value. December 29, 2015, 16:12 pm
CVE-2015-5327
4.0 MV Product/Version
affected:
MVL6 Kernel 2.6.28 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Out-of-bounds memory read in the x509_decode_time function in x509_cert_parser.c in Linux kernels 4.3-rc1 and after. September 25, 2017, 16:09 pm
CVE-2015-5316
5.9 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 In progress
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal wpa_supplicant The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6, when EAP-pwd is enabled in a network configuration profile, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an EAP-pwd Confirm message followed by the Identity exchange. February 21, 2018, 10:02 am
CVE-2015-5315
5.9 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 In progress
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal wpa_supplicant The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message. February 21, 2018, 10:02 am
CVE-2015-5313
2.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Low libvirt Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name. April 11, 2016, 16:04 pm
CVE-2015-5312
7.1 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 6.0 Resolved
CGX 2.0 Resolved
High libxml2 The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660. December 15, 2015, 15:12 pm
CVE-2015-5307
4.9 MV Product/Version
affected:
CGX 2.0 Resolved
Medium vm_virtualbox The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c. November 16, 2015, 05:11 am
CVE-2015-5300
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart). July 21, 2017, 09:07 am
CVE-2015-5299
5.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
samba The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory. December 29, 2015, 16:12 pm
CVE-2015-5296
4.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
samba Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c. December 29, 2015, 16:12 pm
CVE-2015-5292
6.8 MV Product/Version
affected:
Normal sssd Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos authentication. October 29, 2015, 11:10 am
CVE-2015-5289
6.4 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 In progress
CGX 2.0 Resolved
Normal postgresql Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values. October 26, 2015, 09:10 am
CVE-2015-5288
6.4 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 In progress
Normal postgresql The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a too-short salt. October 26, 2015, 09:10 am
CVE-2015-5283
4.7 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
Normal kernel The sctp_init function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished. October 19, 2015, 05:10 am
CVE-2015-5279
7.2 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
High qemu Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets. September 28, 2015, 11:09 am
CVE-2015-5278
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
qemu ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. December 30, 2016, 08:12 am
CVE-2015-5277
7.2 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
MVL6 Toolchain 4.4 Resolved
Serious glibc The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database. December 17, 2015, 13:12 pm
CVE-2015-5276
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
MVL6 Toolchain 4.4 Resolved
Medium gcc The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. November 17, 2015, 09:11 am
CVE-2015-5259
8.6 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Serious subversion Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read. January 8, 2016, 13:01 pm
CVE-2015-5257
4.9 MV Product/Version
affected:
CGX 2.0 Resolved
Medium kernel drivers/usb/serial/whiteheat.c in the Linux kernel before 4.2.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted USB device. NOTE: this ID was incorrectly used for an Apache Cordova issue that has the correct ID of CVE-2015-8320. November 16, 2015, 05:11 am
CVE-2015-5252
5.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
samba vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share. December 29, 2015, 16:12 pm
CVE-2015-5247
6.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGE 7.0 Resolved
Normal libvirt The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool. April 14, 2016, 10:04 am
CVE-2015-5229
5.0 MV Product/Version
affected:
CGE 6.0 Resolved
kernel The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors. April 8, 2016, 10:04 am
CVE-2015-5225
7.2 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
High qemu Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the server display surface. November 6, 2015, 15:11 pm
CVE-2015-5224
9.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
Critical util-linux The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks. August 23, 2017, 10:08 am
CVE-2015-5219
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious ntp The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet. July 21, 2017, 09:07 am
CVE-2015-5218
2.1 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Low util-linux Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable. November 9, 2015, 10:11 am
CVE-2015-5195
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious ntp ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation. July 21, 2017, 09:07 am
CVE-2015-5194
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Serious ntp The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands. July 21, 2017, 09:07 am
CVE-2015-5180
7.5 MV Product/Version
affected:
MVL6 Toolchain 4.4 Resolved
Serious glibc res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash). June 27, 2017, 15:06 pm
CVE-2015-5158
5.9 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal qemu Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAP_SYS_RAWIO permissions to cause a denial of service (instance crash) via an invalid opcode in a SCSI command descriptor block. April 11, 2016, 20:04 pm
CVE-2015-5157
7.2 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI. August 31, 2015, 05:08 am
CVE-2015-5156
6.1 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal kernel The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel before 4.2 attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets. October 19, 2015, 05:10 am
CVE-2015-5154
7.2 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGX 2.4 Resolved
CGX 2.0 Resolved
Serious qemu Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands. August 12, 2015, 09:08 am
CVE-2015-5146
5.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal ntp ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet. August 24, 2017, 15:08 pm
CVE-2015-5073
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 In progress
CGX 1.8 Resolved
Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis. December 13, 2016, 10:12 am
CVE-2015-4913
3.5 MV Product/Version
affected:
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858. October 21, 2015, 19:10 pm
CVE-2015-4910
2.1 MV Product/Version
affected:
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached. October 21, 2015, 19:10 pm
CVE-2015-4905
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML. October 21, 2015, 19:10 pm
CVE-2015-4904
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to libmysqld. October 21, 2015, 19:10 pm
CVE-2015-4895
3.5 MV Product/Version
affected:
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. October 21, 2015, 18:10 pm
CVE-2015-4890
3.5 MV Product/Version
affected:
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication. October 21, 2015, 18:10 pm
CVE-2015-4879
4.6 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML. October 21, 2015, 18:10 pm
CVE-2015-4870
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser. October 21, 2015, 18:10 pm
CVE-2015-4866
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. October 21, 2015, 18:10 pm
CVE-2015-4864
3.5 MV Product/Version
affected:
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges. October 21, 2015, 18:10 pm
CVE-2015-4862
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML. October 21, 2015, 18:10 pm
CVE-2015-4861
3.5 MV Product/Version
affected:
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. October 21, 2015, 18:10 pm
CVE-2015-4858
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913. October 21, 2015, 18:10 pm
CVE-2015-4836
2.8 MV Product/Version
affected:
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP. October 21, 2015, 18:10 pm
CVE-2015-4833
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition. October 21, 2015, 18:10 pm
CVE-2015-4830
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges. October 21, 2015, 16:10 pm
CVE-2015-4826
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types. October 21, 2015, 16:10 pm
CVE-2015-4819
7.2 MV Product/Version
affected:
Serious mysql Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs. October 21, 2015, 16:10 pm
CVE-2015-4816
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. October 21, 2015, 16:10 pm
CVE-2015-4815
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL. October 21, 2015, 16:10 pm
CVE-2015-4807
3.5 MV Product/Version
affected:
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier, when running on Windows, allows remote authenticated users to affect availability via unknown vectors related to Server : Query Cache. October 21, 2015, 16:10 pm
CVE-2015-4802
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792. October 21, 2015, 16:10 pm
CVE-2015-4800
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. October 21, 2015, 16:10 pm
CVE-2015-4792
1.7 MV Product/Version
affected:
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802. October 21, 2015, 16:10 pm
CVE-2015-4791
3.5 MV Product/Version
affected:
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges. October 21, 2015, 16:10 pm
CVE-2015-4772
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition. July 16, 2015, 06:07 am
CVE-2015-4771
3.5 MV Product/Version
affected:
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to RBR. July 16, 2015, 06:07 am
CVE-2015-4769
3.5 MV Product/Version
affected:
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4767. July 16, 2015, 06:07 am
CVE-2015-4767
1.7 MV Product/Version
affected:
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4769. July 16, 2015, 06:07 am
CVE-2015-4766
1.9 MV Product/Version
affected:
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall. October 21, 2015, 16:10 pm
CVE-2015-4761
3.5 MV Product/Version
affected:
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached. July 16, 2015, 06:07 am
CVE-2015-4757
3.5 MV Product/Version
affected:
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. July 16, 2015, 06:07 am
CVE-2015-4756
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-0439. July 16, 2015, 06:07 am
CVE-2015-4752
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S. July 16, 2015, 06:07 am
CVE-2015-4737
3.5 MV Product/Version
affected:
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth. July 16, 2015, 06:07 am
CVE-2015-4730
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL 5.6.20 and earlier allows remote authenticated users to affect availability via unknown vectors related to Types. October 21, 2015, 16:10 pm
CVE-2015-4700
4.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler. August 31, 2015, 05:08 am
CVE-2015-4692
4.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call. July 27, 2015, 05:07 am
CVE-2015-4652
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
Normal wireshark epan/dissectors/packet-gsm_a_dtap.c in the GSM DTAP dissector in Wireshark 1.12.x before 1.12.6 does not properly validate digit characters, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the de_emerg_num_list and de_bcd_num functions. July 21, 2015, 20:07 pm
CVE-2015-4651
5.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.6 does not properly determine whether enough memory is available for storing IP address strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. July 21, 2015, 20:07 pm
CVE-2015-4646
7.5 MV Product/Version
affected:
CGE 7.0 In progress
CGX 1.8 Resolved
CGX 2.2 In progress
CGX 2.0 Resolved
Serious squashfs (1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service (application crash) via a crafted input. April 13, 2017, 12:04 pm
CVE-2015-4645
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 In progress
CGX 1.8 Resolved
Normal squashfs Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow. March 17, 2017, 09:03 am
CVE-2015-4644
7.5 MV Product/Version
affected:
Serious php The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352. May 16, 2016, 05:05 am
CVE-2015-4643
7.5 MV Product/Version
affected:
php Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022. May 16, 2016, 05:05 am
CVE-2015-4642
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
Critical php The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted string to an application that accepts command-line arguments for a call to the PHP system function. May 16, 2016, 05:05 am
CVE-2015-4625
4.6 MV Product/Version
affected:
Normal polkit Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value. October 26, 2015, 14:10 pm
CVE-2015-4620
7.8 MV Product/Version
affected:
CGX 1.8 Resolved
High bind name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted zone data and then making a query for a name in that zone. July 8, 2015, 09:07 am
CVE-2015-4605
7.5 MV Product/Version
affected:
Serious php The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a Python script text executable rule. May 16, 2016, 05:05 am
CVE-2015-4604
7.5 MV Product/Version
affected:
Serious php The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a Python script text executable rule. May 16, 2016, 05:05 am
CVE-2015-4603
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
Critical php The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a type confusion issue. May 16, 2016, 05:05 am
CVE-2015-4602
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
Critical php The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to a type confusion issue. May 16, 2016, 05:05 am
CVE-2015-4601
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
Critical php PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to type confusion issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a different issue than CVE-2015-4600. May 16, 2016, 05:05 am
CVE-2015-4600
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
Critical php The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to type confusion issues in the (1) SoapClient::__getLastRequest, (2) SoapClient::__getLastResponse, (3) SoapClient::__getLastRequestHeaders, (4) SoapClient::__getLastResponseHeaders, (5) SoapClient::__getCookies, and (6) SoapClient::__setCookie methods. May 16, 2016, 05:05 am
CVE-2015-4599
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
Critical php The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service (application crash), or possibly execute arbitrary code via an unexpected data type, related to a type confusion issue. May 16, 2016, 05:05 am
CVE-2015-4598
6.5 MV Product/Version
affected:
Normal php PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by a filename.html attack that bypasses an intended configuration in which client users may write to only .html files. May 16, 2016, 05:05 am
CVE-2015-4491
6.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.2 In progress
CGX 2.0 In progress
CGX 1.8 Resolved
Normal gdk-pixbuf Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling. August 15, 2015, 20:08 pm
CVE-2015-4335
10.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
Critical redis Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command. June 9, 2015, 09:06 am
CVE-2015-4178
4.9 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
kernel The fs_pin implementation in the Linux kernel before 4.0.5 does not ensure the internal consistency of a certain list data structure, which allows local users to cause a denial of service (system crash) by leveraging user-namespace root access for an MNT_DETACH umount2 system call, related to fs/fs_pin.c and include/linux/fs_pin.h. May 2, 2016, 05:05 am
CVE-2015-4177
4.9 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
kernel The collect_mounts function in fs/namespace.c in the Linux kernel before 4.0.5 does not properly consider that it may execute after a path has been unmounted, which allows local users to cause a denial of service (system crash) by leveraging user-namespace root access for an MNT_DETACH umount2 system call. May 2, 2016, 05:05 am
CVE-2015-4176
2.1 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
kernel fs/namespace.c in the Linux kernel before 4.0.2 does not properly support mount connectivity, which allows local users to read arbitrary files by leveraging user-namespace root access for deletion of a file or directory. May 2, 2016, 05:05 am
CVE-2015-4171
2.6 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Low strongswan strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses. June 10, 2015, 13:06 pm
CVE-2015-4170
4.7 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Medium kernel Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_down_write deadlock) by establishing a new tty thread during shutdown of a previous tty thread. May 2, 2016, 05:05 am
CVE-2015-4167
4.7 MV Product/Version
affected:
CGE 7.0 Resolved
Medium kernel The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 does not validate certain length values, which allows local users to cause a denial of service (incorrect data representation or integer overflow, and OOPS) via a crafted UDF filesystem. August 5, 2015, 13:08 pm
CVE-2015-4148
5.0 MV Product/Version
affected:
Normal php The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a type confusion issue. June 9, 2015, 13:06 pm
CVE-2015-4147
7.5 MV Product/Version
affected:
Serious php The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an unexpected data type, related to a type confusion issue. June 9, 2015, 13:06 pm
CVE-2015-4146
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.4 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal wpa_supplicant The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service (crash) via a crafted message. June 15, 2015, 10:06 am
CVE-2015-4145
5.0 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal wpa_supplicant The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate a fragment is already being processed, which allows remote attackers to cause a denial of service (memory leak) via a crafted message. June 15, 2015, 10:06 am
CVE-2015-4144
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal wpa_supplicant The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message. June 15, 2015, 10:06 am
CVE-2015-4143
5.0 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal wpa_supplicant The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload. June 15, 2015, 10:06 am
CVE-2015-4142
4.3 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal wpa_supplicant Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read. June 15, 2015, 10:06 am
CVE-2015-4141
4.3 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal wpa_supplicant The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow. June 15, 2015, 10:06 am
CVE-2015-4116
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
Critical php Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation. May 16, 2016, 05:05 am
CVE-2015-4106
7.2 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.4 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious qemu QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors. June 3, 2015, 15:06 pm
CVE-2015-4047
7.8 MV Product/Version
affected:
CGE 7.0 In progress
High ipsec-tools racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests. May 29, 2015, 10:05 am
CVE-2015-4041
4.0 MV Product/Version
affected:
CGE 7.0 In progress
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. May 22, 2015, 10:05 am
CVE-2015-4037
1.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Low qemu The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program. August 26, 2015, 14:08 pm
CVE-2015-4036
7.2 MV Product/Version
affected:
CGE 7.0 Resolved
High kernel Array index error in the tcm_vhost_make_tpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted VHOST_SCSI_SET_ENDPOINT ioctl call. NOTE: the affected function was renamed to vhost_scsi_make_tpg before the vulnerability was announced. August 31, 2015, 15:08 pm
CVE-2015-4035
7.8 MV Product/Version
affected:
CGX 2.4 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Serious xz scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name. July 25, 2017, 13:07 pm
CVE-2015-4026
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
High php The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. June 9, 2015, 13:06 pm
CVE-2015-4025
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
High php PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. June 9, 2015, 13:06 pm
CVE-2015-4024
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
Medium php Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome. June 9, 2015, 13:06 pm
CVE-2015-4022
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
High php Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. June 9, 2015, 13:06 pm
CVE-2015-4021
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
Medium php The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive. June 9, 2015, 13:06 pm
CVE-2015-4020
7.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 In progress
Serious ruby RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a DNS hijack attack. NOTE: this vulnerability exists because to an incomplete fix for CVE-2015-3900. August 25, 2015, 12:08 pm
CVE-2015-4004
8.5 MV Product/Version
affected:
MVL6 Kernel 2.6.28 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
High kernel The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet. June 7, 2015, 18:06 pm
CVE-2015-4003
7.8 MV Product/Version
affected:
MVL6 Kernel 2.6.28 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
High kernel The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet. June 7, 2015, 18:06 pm
CVE-2015-4002
9.0 MV Product/Version
affected:
CGX 1.8 Resolved
MVL6 Kernel 2.6.28 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
High kernel drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions. June 7, 2015, 18:06 pm
CVE-2015-4001
9.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
Critical kernel Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet. June 7, 2015, 18:06 pm
CVE-2015-4000
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 7.0 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 6.0 Resolved
safari The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the Logjam issue. May 20, 2015, 19:05 pm
CVE-2015-3991
9.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
Critical strongswan strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code. September 7, 2017, 15:09 pm
CVE-2015-3906
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
Medium wireshark The logcat_dump_text function in wiretap/logcat.c in the Android Logcat file parser in Wireshark 1.12.x before 1.12.5 does not properly handle a lack of termination, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted message in a packet, a different vulnerability than CVE-2015-3815. May 26, 2015, 10:05 am
CVE-2015-3903
4.3 MV Product/Version
affected:
Normal phpmyadmin libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 disables X.509 certificate verification for GitHub API calls over SSL, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. May 26, 2015, 10:05 am
CVE-2015-3902
6.8 MV Product/Version
affected:
Normal phpmyadmin Multiple cross-site request forgery (CSRF) vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configuration file. May 26, 2015, 10:05 am
CVE-2015-3900
5.0 MV Product/Version
affected:
CGE 7.0 In progress
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal ruby RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a DNS hijack attack. June 24, 2015, 09:06 am
CVE-2015-3815
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
Medium wireshark The detect_version function in wiretap/logcat.c in the Android Logcat file parser in Wireshark 1.12.x before 1.12.5 does not check the length of the payload, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a packet with a crafted payload, as demonstrated by a length of zero, a different vulnerability than CVE-2015-3906. May 26, 2015, 10:05 am
CVE-2015-3814
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
Medium wireshark The (1) dissect_tfs_request and (2) dissect_tfs_response functions in epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 interpret a zero value as a length rather than an error condition, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. May 26, 2015, 10:05 am
CVE-2015-3813
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
Medium wireshark The fragment_add_work function in epan/reassemble.c in the packet-reassembly feature in Wireshark 1.12.x before 1.12.5 does not properly determine the defragmentation state in a case of an insufficient snapshot length, which allows remote attackers to cause a denial of service (memory consumption) via a crafted packet. May 26, 2015, 10:05 am
CVE-2015-3812
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
High wireshark Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packet-x11.c in the X11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 allow remote attackers to cause a denial of service (memory consumption) via a crafted packet. May 26, 2015, 10:05 am
CVE-2015-3811
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
Medium wireshark epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, a different vulnerability than CVE-2015-2188. May 26, 2015, 10:05 am
CVE-2015-3810
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
High wireshark epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark 1.12.x before 1.12.5 uses a recursive algorithm, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet. May 26, 2015, 10:05 am
CVE-2015-3809
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
High wireshark The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not properly track the current offset, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. May 26, 2015, 10:05 am
CVE-2015-3808
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
High wireshark The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not reject a zero length, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. May 26, 2015, 10:05 am
CVE-2015-3717
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.4 Resolved
CGE 7.0 Resolved
Serious sqlite Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. July 2, 2015, 21:07 pm
CVE-2015-3644
5.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 In progress
Normal stunnel Stunnel 5.00 through 5.13, when using the redirect option, does not redirect client connections to the expected server after the initial connection, which allows remote attackers to bypass authentication. May 13, 2015, 19:05 pm
CVE-2015-3636
4.9 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
MVL6 Kernel 2.6.28 Resolved
CGE 7.0 Resolved
Medium kernel The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect. August 5, 2015, 20:08 pm
CVE-2015-3631
3.6 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
Low docker Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc. May 18, 2015, 10:05 am
CVE-2015-3630
7.2 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
Serious docker Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image. May 18, 2015, 10:05 am
CVE-2015-3627
7.2 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
Serious docker Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image. May 18, 2015, 10:05 am
CVE-2015-3622
4.3 MV Product/Version
affected:
CGE 7.0 In progress
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal libtasn1 The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate. May 12, 2015, 14:05 pm
CVE-2015-3456
7.7 MV Product/Version
affected:
High qemu The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM. May 13, 2015, 13:05 pm
CVE-2015-3455
2.6 MV Product/Version
affected:
CGE 7.0 Resolved
Low squid Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate. May 18, 2015, 10:05 am
CVE-2015-3416
7.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Serious sqlite The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement. April 24, 2015, 12:04 pm
CVE-2015-3415
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.4 Resolved
CGX 1.8 Resolved
Serious sqlite The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement. April 24, 2015, 12:04 pm
CVE-2015-3414
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Serious sqlite SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE at the end of a SELECT statement. April 24, 2015, 12:04 pm
CVE-2015-3412
5.3 MV Product/Version
affected:
Normal php PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext/standard/streamsfuncs.c, as demonstrated by a filename.extension attack that bypasses an intended configuration in which client users may read files with only one specific extension. May 16, 2016, 05:05 am
CVE-2015-3411
6.5 MV Product/Version
affected:
Normal php PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename.xml attack that bypasses an intended configuration in which client users may read only .xml files. May 16, 2016, 05:05 am
CVE-2015-3405
4.0 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 7.0 Resolved
ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys. August 9, 2017, 11:08 am
CVE-2015-3362
3.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Low video Cross-site scripting (XSS) vulnerability in the Video module before 7.x-2.11 for Drupal, when using the video WYSIWYG plugin, allows remote authenticated users to inject arbitrary web script or HTML via a node title. April 21, 2015, 11:04 am
CVE-2015-3339
6.2 MV Product/Version
affected:
CGE 7.0 Resolved
Professional PRO 5.0 Resolved
Professional PRO 5.0 Resolved
MVL6 Kernel 2.6.27 Resolved
Medium kernel Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped. May 27, 2015, 05:05 am
CVE-2015-3332
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
Medium kernel A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through 3.16.x kernel builds, including longterm-maintenance releases and ckt (aka Canonical Kernel Team) builds. May 27, 2015, 05:05 am
CVE-2015-3331
9.3 MV Product/Version
affected:
CGE 7.0 Resolved
High kernel The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket. May 27, 2015, 05:05 am
CVE-2015-3330
6.8 MV Product/Version
affected:
Normal php The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a deconfigured interpreter. June 9, 2015, 13:06 pm
CVE-2015-3329
7.5 MV Product/Version
affected:
Serious php Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive. June 9, 2015, 13:06 pm
CVE-2015-3310
4.3 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal ppp Buffer overflow in the rc_mksid function in plugins/radius/util.c in Pauls PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is greater than 65535, allows remote attackers to cause a denial of service (crash) via a start accounting message to the RADIUS server. April 24, 2015, 09:04 am
CVE-2015-3308
7.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
High gnutls Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point. September 2, 2015, 09:09 am
CVE-2015-3307
7.5 MV Product/Version
affected:
Serious php The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have unspecified other impact via a crafted tar archive. June 9, 2015, 13:06 pm
CVE-2015-3306
10.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
Critical proftpd The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands. May 18, 2015, 10:05 am
CVE-2015-3294
6.4 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal dnsmasq The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request. May 8, 2015, 09:05 am
CVE-2015-3291
2.1 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Low kernel arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform does not properly determine when nested NMI processing is occurring, which allows local users to cause a denial of service (skipped NMI) by modifying the rsp register, issuing a syscall instruction, and triggering an NMI. August 31, 2015, 05:08 am
CVE-2015-3290
7.2 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window. August 31, 2015, 05:08 am
CVE-2015-3288
7.2 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
kernel mm/memory.c in the Linux kernel before 4.1.4 mishandles anonymous pages, which allows local users to gain privileges or cause a denial of service (page tainting) via a crafted application that triggers writing to page zero. October 16, 2016, 16:10 pm
CVE-2015-3276
5.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
Normal openldap The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors. December 7, 2015, 14:12 pm
CVE-2015-3256
4.6 MV Product/Version
affected:
Normal polkit PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to javascript rule evaluation. October 26, 2015, 14:10 pm
CVE-2015-3255
4.6 MV Product/Version
affected:
Normal polkit The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions. October 26, 2015, 14:10 pm
CVE-2015-3253
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
groovy The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object. August 13, 2015, 09:08 am
CVE-2015-3248
4.7 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
Normal openhpi openhpi/Makefile.am in OpenHPI before 3.6.0 uses world-writable permissions for /var/lib/openhpi directory, which allows local users, when quotas are not properly setup, to fill the filesystem hosting /var/lib and cause a denial of service (disk consumption). September 26, 2017, 10:09 am
CVE-2015-3246
7.2 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 In progress
Serious libuser libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification. NOTE: this issue can be combined with CVE-2015-3245 to gain privileges. August 11, 2015, 09:08 am
CVE-2015-3245
2.1 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Low libuser Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service (/etc/passwd corruption) via a newline character in the GECOS field. August 11, 2015, 09:08 am
CVE-2015-3239
3.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Low libunwind Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes. August 26, 2015, 14:08 pm
CVE-2015-3238
5.8 MV Product/Version
affected:
CGE 7.0 Resolved
kernel The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. August 24, 2015, 09:08 am
CVE-2015-3237
6.4 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal libcurl curl The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values. June 22, 2015, 14:06 pm
CVE-2015-3236
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal libcurl curl cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset (curl_easy_reset) connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors. June 22, 2015, 14:06 pm
CVE-2015-3228
4.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 In progress
CGX 2.0 Resolved
Normal ghostscript Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write. August 11, 2015, 09:08 am
CVE-2015-3223
5.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
samba The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets. December 29, 2015, 16:12 pm
CVE-2015-3218
2.1 MV Product/Version
affected:
Low polkit The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path. October 26, 2015, 14:10 pm
CVE-2015-3217
4.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\.|([^\\W_])?)+)+$/. December 13, 2016, 10:12 am
CVE-2015-3216
4.3 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.4 Resolved
Normal openssl Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establishing many TLS sessions to a multithreaded server, leading to use of a negative value for a certain length field. July 7, 2015, 05:07 am
CVE-2015-3214
6.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal linux_kernel qemu The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index. August 31, 2015, 05:08 am
CVE-2015-3213
7.2 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious clutter The gesture handling code in Clutter before 1.16.2 allows physically proximate attackers to bypass the lock screen via certain (1) mouse or (2) touch gestures. August 12, 2015, 09:08 am
CVE-2015-3212
4.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 allows local users to cause a denial of service (list corruption and panic) via a rapid series of system calls related to sockets, as demonstrated by setsockopt calls. August 31, 2015, 05:08 am
CVE-2015-3210
4.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?P<B>c)(?P<B>a(?P=B)))>WGXCREDITS)/, a different vulnerability than CVE-2015-8384. December 13, 2016, 10:12 am
CVE-2015-3209
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
High junos_space Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set. June 15, 2015, 10:06 am
CVE-2015-3202
3.6 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
Low fuse fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mounts debugging feature. July 2, 2015, 16:07 pm
CVE-2015-3200
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Serious lighttpd mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character. June 9, 2015, 09:06 am
CVE-2015-3197
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGE 6.0 Resolved
CGE 6.0 Resolved
CGX 2.0 Resolved
openssl ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions. February 14, 2016, 20:02 pm
CVE-2015-3196
4.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
Normal openssl ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message. December 6, 2015, 14:12 pm
CVE-2015-3195
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGE 6.0 Resolved
CGX 2.0 Resolved
openssl The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. December 6, 2015, 14:12 pm
CVE-2015-3194
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
openssl crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter. December 6, 2015, 14:12 pm
CVE-2015-3193
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
Medium openssl The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite. December 6, 2015, 14:12 pm
CVE-2015-3187
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
Medium subversion The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path. August 12, 2015, 09:08 am
CVE-2015-3185
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Medium appache The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior. July 20, 2015, 18:07 pm
CVE-2015-3184
5.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Medium subversion mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name. August 12, 2015, 09:08 am
CVE-2015-3183
5.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 In progress
Normal apache2 The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c. July 20, 2015, 18:07 pm
CVE-2015-3182
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
wireshark epan/dissectors/packet-dec-dnart.c in the DECnet NSP/RT dissector in Wireshark 1.10.12 through 1.10.14 mishandles a certain strdup return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. January 3, 2016, 23:01 pm
CVE-2015-3170
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
Normal selinux selinux-policy when sysctl fs.protected_hardlinks are set to 0 allows local users to cause a denial of service (SSH login prevention) by creating a hardlink to /etc/passwd from a directory named .config, and updating selinux-policy. July 21, 2017, 09:07 am
CVE-2015-3165
4.3 MV Product/Version
affected:
CGE 6.0 Resolved
Normal postgresql Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence. May 28, 2015, 09:05 am
CVE-2015-3153
5.0 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 In progress
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal libcurl curl The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents. May 1, 2015, 10:05 am
CVE-2015-3152
5.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
Normal mysql mariadb Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a BACKRONYM attack. May 16, 2016, 05:05 am
CVE-2015-3148
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGX 2.4 Resolved
CGX 1.8 Resolved
Normal libcurl curl cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. April 24, 2015, 09:04 am
CVE-2015-3145
7.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious libcurl curl The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character. April 24, 2015, 09:04 am
CVE-2015-3144
9.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.4 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
Critical libcurl curl The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by http://:80 and :80. April 24, 2015, 09:04 am
CVE-2015-3143
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal libcurl curl cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015. April 24, 2015, 09:04 am
CVE-2015-3138
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious tcpdump print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash). September 27, 2017, 20:09 pm
CVE-2015-3112
10.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Critical bridge Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. June 24, 2015, 05:06 am
CVE-2015-3111
10.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Critical bridge Heap-based buffer overflow in Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 allows attackers to execute arbitrary code via unspecified vectors. June 24, 2015, 05:06 am
CVE-2015-3110
10.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Critical bridge Integer overflow in Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 allows attackers to execute arbitrary code via unspecified vectors. June 24, 2015, 05:06 am
CVE-2015-2987
2.6 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Low ed Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, which makes it easier for attackers to obtain plaintext data via differential cryptanalysis of a file with an original length smaller than 128 bits. August 28, 2015, 10:08 am
CVE-2015-2925
6.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a double-chroot attack. November 16, 2015, 05:11 am
CVE-2015-2922
3.3 MV Product/Version
affected:
CGE 7.0 Resolved
Professional PRO 5.0 Resolved
MVL6 Kernel 2.6.27 Resolved
Professional PRO 5.0 Resolved
Low kernel The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. May 27, 2015, 05:05 am
CVE-2015-2877
3.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
Low kernel ** DISPUTED ** Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack. NOTE: the vendor states Basically if you care about this attack vector, disable deduplication. Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and can be classified as potentially misunderstood behaviors rather than vulnerabilities. March 3, 2017, 05:03 am
CVE-2015-2830
1.9 MV Product/Version
affected:
CGE 7.0 Resolved
Low kernel arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16. May 27, 2015, 05:05 am
CVE-2015-2806
10.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Critical libtasn1 Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors. April 10, 2015, 10:04 am
CVE-2015-2787
7.5 MV Product/Version
affected:
Serious php Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231. March 30, 2015, 05:03 am
CVE-2015-2783
5.8 MV Product/Version
affected:
Normal php ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions. June 9, 2015, 13:06 pm
CVE-2015-2781
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
Medium hotex_billing_manager Cross-site scripting (XSS) vulnerability in cgi-bin/hotspotlogin.cgi in Hotspot Express hotEx Billing Manager 73 allows remote attackers to inject arbitrary web script or HTML via the reply parameter. April 14, 2015, 09:04 am
CVE-2015-2730
7.1 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 In progress
CGE 7.0 Resolved
Serious nss Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors. July 5, 2015, 21:07 pm
CVE-2015-2721
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
Medium nss Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a SMACK SKIP-TLS issue. July 5, 2015, 21:07 pm
CVE-2015-2686
7.2 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
kernel net/socket.c in the Linux kernel 3.19 before 3.19.3 does not validate certain range data for (1) sendto and (2) recvfrom system calls, which allows local users to gain privileges by leveraging a subsystem that uses the copy_from_iter function in the iov_iter interface, as demonstrated by the Bluetooth subsystem. May 2, 2016, 05:05 am
CVE-2015-2672
4.9 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
kernel The xsave/xrstor implementation in arch/x86/include/asm/xsave.h in the Linux kernel before 3.19.2 creates certain .altinstr_replacement pointers and consequently does not provide any protection against instruction faulting, which allows local users to cause a denial of service (panic) by triggering a fault, as demonstrated by an unaligned memory operand or a non-canonical address memory operand. May 2, 2016, 05:05 am
CVE-2015-2666
6.9 MV Product/Version
affected:
CGE 7.0 Resolved
Medium kernel Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to the initrd. May 27, 2015, 05:05 am
CVE-2015-2661
2.1 MV Product/Version
affected:
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows local users to affect availability via unknown vectors related to Client. July 16, 2015, 06:07 am
CVE-2015-2648
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML. July 16, 2015, 06:07 am
CVE-2015-2643
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. July 16, 2015, 06:07 am
CVE-2015-2641
3.5 MV Product/Version
affected:
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges. July 16, 2015, 06:07 am
CVE-2015-2639
3.5 MV Product/Version
affected:
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Firewall. July 16, 2015, 06:07 am
CVE-2015-2620
4.3 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges. July 16, 2015, 05:07 am
CVE-2015-2617
6.5 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Partition. July 16, 2015, 05:07 am
CVE-2015-2611
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML. July 16, 2015, 05:07 am
CVE-2015-2582
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS. July 16, 2015, 05:07 am
CVE-2015-2576
2.1 MV Product/Version
affected:
Low mysql Unspecified vulnerability in the MySQL Utilities component in Oracle MySQL 1.5.1 and earlier, when running on Windows, allows local users to affect integrity via unknown vectors related to Installation. April 16, 2015, 12:04 pm
CVE-2015-2575
4.9 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J. April 16, 2015, 12:04 pm
CVE-2015-2573
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. April 16, 2015, 12:04 pm
CVE-2015-2571
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. April 16, 2015, 12:04 pm
CVE-2015-2568
5.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges. April 16, 2015, 12:04 pm
CVE-2015-2567
3.5 MV Product/Version
affected:
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges. April 16, 2015, 12:04 pm
CVE-2015-2566
2.8 MV Product/Version
affected:
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML. April 16, 2015, 12:04 pm
CVE-2015-2535
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Medium samba Active Directory in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (service outage) by creating multiple machine accounts, aka Active Directory Denial of Service Vulnerability. September 8, 2015, 19:09 pm
CVE-2015-2348
5.0 MV Product/Version
affected:
Normal php The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected names via a crafted second argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. March 30, 2015, 05:03 am
CVE-2015-2331
7.5 MV Product/Version
affected:
Serious php Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow. March 30, 2015, 05:03 am
CVE-2015-2328
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
High pcre PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. December 1, 2015, 19:12 pm
CVE-2015-2327
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
High pcre PCRE before 8.36 mishandles the /(((a2)|(a*)g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. December 1, 2015, 19:12 pm
CVE-2015-2304
6.4 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
Normal libarchive Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive. March 15, 2015, 14:03 pm
CVE-2015-2301
7.5 MV Product/Version
affected:
Serious php Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file. March 30, 2015, 05:03 am
CVE-2015-2282
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious gui Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316. June 2, 2015, 09:06 am
CVE-2015-2278
5.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal gui The LZH decompression implementation (CsObjectInt::BuildHufTree function in vpa108csulzh.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to look-ups of non-simple codes, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316. June 2, 2015, 09:06 am
CVE-2015-2265
5.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal cups The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. March 24, 2015, 12:03 pm
CVE-2015-2214
5.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Normal netcat NetCat 5.01 and earlier allows remote attackers to obtain the installation path via the redirect_url parameter to netshop/post.php. March 5, 2015, 09:03 am
CVE-2015-2206
5.0 MV Product/Version
affected:
Normal phpmyadmin libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests. March 9, 2015, 12:03 pm
CVE-2015-2192
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal wireshark Integer overflow in the dissect_osd2_cdb_continuation function in epan/dissectors/packet-scsi-osd.c in the SCSI OSD dissector in Wireshark 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet. March 7, 2015, 20:03 pm
CVE-2015-2191
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet. March 7, 2015, 20:03 pm
CVE-2015-2190
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet that is improperly handled by the LLDP dissector. March 7, 2015, 20:03 pm
CVE-2015-2189
5.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal wireshark Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet. March 7, 2015, 20:03 pm
CVE-2015-2188
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
Medium wireshark epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression. March 7, 2015, 20:03 pm
CVE-2015-2187
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code requirements, which allows remote attackers to cause a denial of service (stack memory corruption and application crash) via a crafted packet. March 7, 2015, 20:03 pm
CVE-2015-2171
7.5 MV Product/Version
affected:
Serious slim Middleware/SessionCookie.php in Slim before 2.6.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted session data. March 30, 2015, 09:03 am
CVE-2015-2155
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
High tcpdump The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. March 24, 2015, 12:03 pm
CVE-2015-2154
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
Medium tcpdump The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) length, (2) offset, or (3) base pointer checksum value. March 24, 2015, 12:03 pm
CVE-2015-2153
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
Medium tcpdump The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a crafted header length in an RPKI-RTR Protocol Data Unit (PDU). March 24, 2015, 12:03 pm
CVE-2015-2150
4.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response. March 12, 2015, 09:03 am
CVE-2015-2059
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
High libidn The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read. August 12, 2015, 09:08 am
CVE-2015-2042
4.6 MV Product/Version
affected:
CGE 7.0 Resolved
MVL6 Kernel 2.6.28 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Medium kernel net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry. April 21, 2015, 05:04 am
CVE-2015-2041
4.6 MV Product/Version
affected:
CGE 7.0 Resolved
Medium kernel net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry. April 21, 2015, 05:04 am
CVE-2015-1867
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
Serious pacemaker Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command. August 12, 2015, 09:08 am
CVE-2015-1865
4.7 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal coreutils fts.c in coreutils 8.4 allows local users to delete arbitrary files. September 20, 2017, 13:09 pm
CVE-2015-1863
5.8 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal wpa_supplicant Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries. April 28, 2015, 09:04 am
CVE-2015-1860
6.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGE 7.0 In progress
Normal qt Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image. May 12, 2015, 14:05 pm
CVE-2015-1859
6.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 In progress
Normal qt Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image. May 12, 2015, 14:05 pm
CVE-2015-1858
6.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal qt Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image. May 12, 2015, 14:05 pm
CVE-2015-1843
4.3 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal docker The Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic. NOTE: this vulnerability exists because of a CVE-2014-5277 regression. April 6, 2015, 10:04 am
CVE-2015-1819
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
Medium libxml The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack. August 14, 2015, 13:08 pm
CVE-2015-1805
7.2 MV Product/Version
affected:
Professional PRO 5.0 Resolved
CGE 4.0 Resolved
CGE 6.0 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
MVL6 Kernel 2.6.32 Resolved
MVL6 Kernel 2.6.32 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
High kernel The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an I/O vector array overrun. August 8, 2015, 05:08 am
CVE-2015-1804
8.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious libxfont The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file. March 20, 2015, 09:03 am
CVE-2015-1803
8.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious libxfont The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file. March 20, 2015, 09:03 am
CVE-2015-1802
8.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious libxfont The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file. March 20, 2015, 09:03 am
CVE-2015-1799
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
Medium ntp The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer. April 8, 2015, 05:04 am
CVE-2015-1798
1.8 MV Product/Version
affected:
CGE 7.0 Resolved
Low ntp The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC. April 8, 2015, 05:04 am
CVE-2015-1794
5.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal openssl The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service (segmentation fault) via a zero p value in an anonymous Diffie-Hellman (DH) ServerKeyExchange message. December 6, 2015, 14:12 pm
CVE-2015-1793
6.4 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 6.0 Resolved
openssl The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate. July 9, 2015, 14:07 pm
CVE-2015-1792
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 6.0 Resolved
Medium openssl The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function. June 12, 2015, 14:06 pm
CVE-2015-1791
6.8 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 7.0 Resolved
Medium openssl Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier. June 12, 2015, 14:06 pm
CVE-2015-1790
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 6.0 Resolved
Medium openssl The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data. June 12, 2015, 14:06 pm
CVE-2015-1789
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 6.0 Resolved
openssl The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback. June 12, 2015, 14:06 pm
CVE-2015-1788
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
Medium openssl The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication. June 12, 2015, 14:06 pm
CVE-2015-1787
2.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 6.0 Resolved
Low openssl The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero. March 19, 2015, 17:03 pm
CVE-2015-1781
6.8 MV Product/Version
affected:
CGX 1.8 Resolved
MVL6 Toolchain 4.4 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Medium glibc Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer. September 28, 2015, 15:09 pm
CVE-2015-1779
8.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious qemu The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section. January 12, 2016, 13:01 pm
CVE-2015-1773
4.3 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal flex Cross-site scripting (XSS) vulnerability in asdoc/templates/index.html in Apache Flex before 4.14.1 allows remote attackers to inject arbitrary web script or HTML by providing a crafted URI to JavaScript code generated by the asdoc component. April 7, 2015, 20:04 pm
CVE-2015-1612
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
Serious openflow OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to the reuse of LLDP packets, aka LLDP Relay. April 4, 2017, 12:04 pm
CVE-2015-1611
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
Serious openflow OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to fake LLDP injection. April 4, 2017, 12:04 pm
CVE-2015-1593
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
Medium kernel The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related to the randomize_stack_top function in fs/binfmt_elf.c and the stack_maxrandom_size function in arch/x86/mm/mmap.c. March 16, 2015, 05:03 am
CVE-2015-1573
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
kernel The nft_flush_table function in net/netfilter/nf_tables_api.c in the Linux kernel before 3.18.5 mishandles the interaction between cross-chain jumps and ruleset flushes, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability. May 2, 2016, 05:05 am
CVE-2015-1572
4.6 MV Product/Version
affected:
CGE 7.0 Resolved
Medium e2fsprogs Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247. February 24, 2015, 09:02 am
CVE-2015-1546
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal openldap Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control. February 12, 2015, 10:02 am
CVE-2015-1545
5.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
Normal openldap The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request. February 12, 2015, 10:02 am
CVE-2015-1473
6.4 MV Product/Version
affected:
CGE 7.0 Resolved
Medium glibc The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call. April 8, 2015, 05:04 am
CVE-2015-1472
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
High glibc The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call. April 8, 2015, 05:04 am
CVE-2015-1465
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
Professional PRO 5.0 Resolved
High kernel The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a denial of service (memory consumption or system crash) via a flood of packets. April 5, 2015, 16:04 pm
CVE-2015-1421
10.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 6.0 Resolved
High kernel Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data. March 16, 2015, 05:03 am
CVE-2015-1420
1.9 MV Product/Version
affected:
MVL6 Kernel 2.6.28 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Low kernel Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function. March 16, 2015, 05:03 am
CVE-2015-1419
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
Normal vsftpd Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing. January 28, 2015, 05:01 am
CVE-2015-1395
7.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 In progress
Serious patch Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name. August 25, 2017, 13:08 pm
CVE-2015-1379
7.5 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 In progress
Serious socat The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b8 allow remote attackers to cause a denial of service (process freeze or crash). June 8, 2017, 16:06 pm
CVE-2015-1352
5.0 MV Product/Version
affected:
Normal php The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. March 30, 2015, 05:03 am
CVE-2015-1351
7.5 MV Product/Version
affected:
Serious php Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. March 30, 2015, 05:03 am
CVE-2015-1350
2.1 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
kernel The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program. May 2, 2016, 05:05 am
CVE-2015-1349
5.4 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
Medium bind named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use. February 18, 2015, 21:02 pm
CVE-2015-1345
2.1 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Low grep The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option. February 12, 2015, 10:02 am
CVE-2015-1339
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
MVL6 Kernel 2.6.32 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
kernel Memory leak in the cuse_channel_release function in fs/fuse/cuse.c in the Linux kernel before 4.4 allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact by opening /dev/cuse many times. April 27, 2016, 12:04 pm
CVE-2015-1335
7.2 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Serious lxc lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source. October 1, 2015, 15:10 pm
CVE-2015-1334
4.6 MV Product/Version
affected:
Normal lxc attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1) AppArmor profile or (2) SELinux label. August 12, 2015, 09:08 am
CVE-2015-1333
4.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal kernel Memory leak in the __key_link_end function in security/keys/keyring.c in the Linux kernel before 4.1.4 allows local users to cause a denial of service (memory consumption) via many add_key system calls that refer to existing keys. August 31, 2015, 05:08 am
CVE-2015-1331
4.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal lxc lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*. August 12, 2015, 09:08 am
CVE-2015-1328
7.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace. November 27, 2016, 21:11 pm
CVE-2015-1315
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
High unzip Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8. February 23, 2015, 11:02 am
CVE-2015-1283
6.8 MV Product/Version
affected:
CGE 6.0 Resolved
Medium chrome Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716. July 22, 2015, 19:07 pm
CVE-2015-1212
7.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android allow attackers to cause a denial of service or possibly have other impact via unknown vectors. February 6, 2015, 05:02 am
CVE-2015-1211
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious kernel The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker registration, which allows remote attackers to gain privileges via a filesystem: URI. February 6, 2015, 05:02 am
CVE-2015-1210
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the throwing of an exception, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. February 6, 2015, 05:02 am
CVE-2015-1209
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper handling of a shadow-root anchor. February 6, 2015, 05:02 am
CVE-2015-1197
1.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Low cpio cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive. February 19, 2015, 09:02 am
CVE-2015-1196
4.3 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 In progress
Normal patch GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file. January 21, 2015, 12:01 pm
CVE-2015-1194
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal pax pax 1:20140703 allows remote attackers to write to arbitrary files via a symlink attack in an archive. January 21, 2015, 12:01 pm
CVE-2015-1193
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal pax Multiple directory traversal vulnerabilities in pax 1:20140703 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive. January 21, 2015, 12:01 pm
CVE-2015-1191
5.0 MV Product/Version
affected:
Normal pigz Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive. January 21, 2015, 12:01 pm
CVE-2015-1159
4.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 In progress
Normal cups Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/. June 26, 2015, 05:06 am
CVE-2015-1158
10.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Critical cups The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code. June 26, 2015, 05:06 am
CVE-2015-1142857
8.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 In progress
Serious dpdk On multiple SR-IOV cars it is possible for VFs assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4f87e3cad35063f1c17de5 and the DPDK before commit 3f12b9f23b6499ff66ec8b0de941fb469297e5d0, additionally Multiple vendor NIC firmware is affected. January 23, 2018, 08:01 am
CVE-2015-0973
7.5 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 4.0 Resolved
High libpng Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495. January 18, 2015, 12:01 pm
CVE-2015-0881
4.3 MV Product/Version
affected:
Normal squid CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response. February 20, 2015, 05:02 am
CVE-2015-0860
7.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
High dpkg Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an old-style Debian binary package, which triggers a stack-based buffer overflow. December 3, 2015, 14:12 pm
CVE-2015-0847
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 In progress
Serious nbd nbd-server.c in Network Block Device (nbd-server) before 3.11 does not properly handle signals, which allows remote attackers to cause a denial of service (deadlock) via unspecified vectors. May 29, 2015, 10:05 am
CVE-2015-0840
4.3 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.4 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 In progress
Normal dpkg The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc). April 13, 2015, 09:04 am
CVE-2015-0797
6.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.0 In progress
CGX 2.2 Resolved
CGX 2.0 In progress
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
Normal linux_kernel gstreamer GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file. May 14, 2015, 05:05 am
CVE-2015-0573
9.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
Critical kernel drivers/media/platform/msm/broadcast/tsc.c in the TSC driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via a crafted application that makes a TSC_GET_CARD_STATUS ioctl call. August 7, 2016, 16:08 pm
CVE-2015-0572
9.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Critical kernel Multiple race conditions in drivers/char/adsprpc.c and drivers/char/adsprpc_compat.c in the ADSPRPC driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service (zero-value write) or possibly have unspecified other impact via a COMPAT_FASTRPC_IOCTL_INVOKE_FD ioctl call. October 10, 2016, 05:10 am
CVE-2015-0571
7.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel The WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify authorization for private SET IOCTL calls, which allows attackers to gain privileges via a crafted application, related to wlan_hdd_hostapd.c and wlan_hdd_wext.c. May 9, 2016, 05:05 am
CVE-2015-0570
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel Stack-based buffer overflow in the SET_WPS_IE IOCTL implementation in wlan_hdd_hostapd.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via a crafted application that uses a long WPS IE element. May 9, 2016, 05:05 am
CVE-2015-0569
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel Heap-based buffer overflow in the private wireless extensions IOCTL implementation in wlan_hdd_wext.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via a crafted application that establishes a packet filter. May 9, 2016, 05:05 am
CVE-2015-0568
8.4 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel Use-after-free vulnerability in the msm_set_crop function in drivers/media/video/msm/msm_camera.c in the MSM-Camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (memory corruption) via an application that makes a crafted ioctl call. August 7, 2016, 16:08 pm
CVE-2015-0564
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal wireshark Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session. January 9, 2015, 20:01 pm
CVE-2015-0563
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal wireshark epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. January 9, 2015, 20:01 pm
CVE-2015-0562
5.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal wireshark Multiple use-after-free vulnerabilities in epan/dissectors/packet-dec-dnart.c in the DEC DNA Routing Protocol dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory. January 9, 2015, 20:01 pm
CVE-2015-0561
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet. January 9, 2015, 20:01 pm
CVE-2015-0560
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal wireshark The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. January 9, 2015, 20:01 pm
CVE-2015-0559
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark Multiple use-after-free vulnerabilities in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory. January 9, 2015, 20:01 pm
CVE-2015-0511
2.8 MV Product/Version
affected:
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : SP. April 16, 2015, 11:04 am
CVE-2015-0508
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-0506. April 16, 2015, 11:04 am
CVE-2015-0507
3.5 MV Product/Version
affected:
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached. April 16, 2015, 11:04 am
CVE-2015-0506
3.5 MV Product/Version
affected:
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2015-0508. April 16, 2015, 11:04 am
CVE-2015-0505
3.5 MV Product/Version
affected:
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. April 16, 2015, 11:04 am
CVE-2015-0503
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition. April 16, 2015, 11:04 am
CVE-2015-0501
5.7 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling. April 16, 2015, 11:04 am
CVE-2015-0500
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors. April 16, 2015, 11:04 am
CVE-2015-0499
3.5 MV Product/Version
affected:
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated. April 16, 2015, 11:04 am
CVE-2015-0498
1.7 MV Product/Version
affected:
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication. April 16, 2015, 11:04 am
CVE-2015-0441
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption. April 16, 2015, 11:04 am
CVE-2015-0439
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-4756. April 16, 2015, 11:04 am
CVE-2015-0438
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition. April 16, 2015, 11:04 am
CVE-2015-0433
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML. April 16, 2015, 11:04 am
CVE-2015-0432
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key. January 21, 2015, 13:01 pm
CVE-2015-0423
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. April 16, 2015, 11:04 am
CVE-2015-0411
7.5 MV Product/Version
affected:
Serious mysql Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption. January 21, 2015, 13:01 pm
CVE-2015-0409
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. January 21, 2015, 12:01 pm
CVE-2015-0405
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA. April 16, 2015, 11:04 am
CVE-2015-0391
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. January 21, 2015, 12:01 pm
CVE-2015-0385
3.5 MV Product/Version
affected:
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Pluggable Auth. January 21, 2015, 12:01 pm
CVE-2015-0382
4.3 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381. January 21, 2015, 12:01 pm
CVE-2015-0381
4.3 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382. January 21, 2015, 12:01 pm
CVE-2015-0374
3.5 MV Product/Version
affected:
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key. January 21, 2015, 12:01 pm
CVE-2015-0312
10.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Critical kernel Double free vulnerability in Adobe Flash Player before 13.0.0.264 and 14.x through 16.x before 16.0.0.296 on Windows and OS X and before 11.2.202.440 on Linux allows attackers to execute arbitrary code via unspecified vectors. January 28, 2015, 16:01 pm
CVE-2015-0295
5.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGE 7.0 In progress
Normal qt The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file. March 25, 2015, 09:03 am
CVE-2015-0293
5.0 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 7.0 Resolved
Medium openssl The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message. March 19, 2015, 17:03 pm
CVE-2015-0292
7.5 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 7.0 Resolved
High openssl Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow. March 19, 2015, 17:03 pm
CVE-2015-0291
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 6.0 Resolved
Medium openssl The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by using an invalid signature_algorithms extension in the ClientHello message during a renegotiation. March 19, 2015, 17:03 pm
CVE-2015-0290
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 6.0 Resolved
Medium openssl The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote attackers to cause a denial of service (pointer corruption and application crash) via unspecified vectors. March 19, 2015, 17:03 pm
CVE-2015-0289
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 6.0 Resolved
Medium openssl The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c. March 19, 2015, 17:03 pm
CVE-2015-0288
5.0 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 7.0 Resolved
Medium openssl The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key. March 19, 2015, 17:03 pm
CVE-2015-0287
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 6.0 Resolved
Medium openssl The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse. March 19, 2015, 17:03 pm
CVE-2015-0286
5.0 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 7.0 Resolved
Medium openssl The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature. March 19, 2015, 17:03 pm
CVE-2015-0285
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 6.0 Resolved
Medium openssl The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a does not ensure that the PRNG is seeded before proceeding with a handshake, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and then conducting a brute-force attack. March 19, 2015, 17:03 pm
CVE-2015-0282
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
Medium gnutls GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors. March 24, 2015, 12:03 pm
CVE-2015-0275
4.9 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal kernel The ext4_zero_range function in fs/ext4/extents.c in the Linux kernel before 4.1 allows local users to cause a denial of service (BUG) via a crafted fallocate zero-range request. October 19, 2015, 05:10 am
CVE-2015-0274
7.2 MV Product/Version
affected:
CGE 7.0 Resolved
MVL6 Kernel 2.6.28 Resolved
High kernel The XFS implementation in the Linux kernel before 3.15 improperly uses an old size value during remote attribute replacement, which allows local users to cause a denial of service (transaction overrun and data corruption) or possibly gain privileges by leveraging XFS filesystem access. March 16, 2015, 05:03 am
CVE-2015-0273
7.5 MV Product/Version
affected:
Serious php Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function. March 30, 2015, 05:03 am
CVE-2015-0267
3.6 MV Product/Version
affected:
CGE 7.0 Resolved
Low kexec-tools The Red Hat module-setup.sh script for kexec-tools, as distributed in the kexec-tools before 2.0.7-19 packages in Red Hat Enterprise Linux, allows local users to write to arbitrary files via a symlink attack on a temporary file. May 19, 2015, 13:05 pm
CVE-2015-0261
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
High tcpdump Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) or possibly execute arbitrary code via a negative length value. March 24, 2015, 12:03 pm
CVE-2015-0255
3.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Low xorg-xserver X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request. February 13, 2015, 09:02 am
CVE-2015-0253
2.6 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Low apache2 The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI. July 20, 2015, 18:07 pm
CVE-2015-0252
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal xerces-c internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data. March 24, 2015, 12:03 pm
CVE-2015-0251
4.0 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal subversion The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences. April 8, 2015, 13:04 pm
CVE-2015-0248
5.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal subversion The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers. April 8, 2015, 13:04 pm
CVE-2015-0247
4.6 MV Product/Version
affected:
CGE 7.0 Resolved
Medium e2fsprogs Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image. February 17, 2015, 09:02 am
CVE-2015-0245
1.9 MV Product/Version
affected:
CGE 7.0 Resolved
Low d-bus D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds. February 13, 2015, 09:02 am
CVE-2015-0240
10.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
High samba The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c. February 23, 2015, 19:02 pm
CVE-2015-0239
4.7 MV Product/Version
affected:
CGX 1.8 Resolved
MVL6 Kernel 2.6.28 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Medium kernel The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction. March 2, 2015, 05:03 am
CVE-2015-0236
3.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Low libvirt libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface. January 29, 2015, 09:01 am
CVE-2015-0235
10.0 MV Product/Version
affected:
CGE 4.0 Resolved
CGE 6.0 Resolved
CGE 7.0 Resolved
CGE 7.0 Resolved
CGE 3.1 Resolved
CGE 4.0 Resolved
MVL6 Toolchain 4.4 Resolved
CGE 6.0 Resolved
MVL6 Toolchain 4.3 Resolved
CGE 6.0 Resolved
High glibc Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka GHOST. January 28, 2015, 13:01 pm
CVE-2015-0232
6.8 MV Product/Version
affected:
Normal php The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image. January 27, 2015, 14:01 pm
CVE-2015-0231
7.5 MV Product/Version
affected:
Serious php Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142. January 27, 2015, 14:01 pm
CVE-2015-0228
5.3 MV Product/Version
affected:
CGE 7.0 Resolved
Normal accel-ppp The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function. March 7, 2015, 20:03 pm
CVE-2015-0210
5.9 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal wpa_supplicant wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack. August 28, 2017, 10:08 am
CVE-2015-0209
6.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 6.0 Resolved
Medium openssl Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import. March 19, 2015, 17:03 pm
CVE-2015-0208
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 6.0 Resolved
Medium openssl The ASN.1 signature-verification implementation in the rsa_item_verify function in crypto/rsa/rsa_ameth.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted RSA PSS parameters to an endpoint that uses the certificate-verification feature. March 19, 2015, 17:03 pm
CVE-2015-0207
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 6.0 Resolved
Medium openssl The dtls1_listen function in d1_lib.c in OpenSSL 1.0.2 before 1.0.2a does not properly isolate the state information of independent data streams, which allows remote attackers to cause a denial of service (application crash) via crafted DTLS traffic, as demonstrated by DTLS 1.0 traffic to a DTLS 1.2 server. March 19, 2015, 17:03 pm
CVE-2015-0206
5.0 MV Product/Version
affected:
Medium openssl Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection. January 8, 2015, 20:01 pm
CVE-2015-0205
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
Medium openssl The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support. January 8, 2015, 20:01 pm
CVE-2015-0204
4.3 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 7.0 Resolved
CGE 7.0 Resolved
Medium openssl The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the FREAK issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations. January 8, 2015, 20:01 pm
CVE-2015-0202
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.4 In progress
CGX 2.2 Resolved
Serious subversion The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes. April 8, 2015, 13:04 pm
CVE-2015-0005
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
Medium samba The NETLOGON service in Microsoft Windows Server 2003 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2, when a Domain Controller is configured, allows remote attackers to spoof the computer name of a secure channels endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, aka NETLOGON Spoofing Vulnerability. March 11, 2015, 05:03 am