Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7553 | 1 Redhat | 3 Enterprise Linux, Enterprise Mrg, Kernel-rt | 2023-02-12 | 4.7 MEDIUM | 4.7 MEDIUM |
| Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is loaded, allows local users to cause a denial of service (panic) by creating netlink sockets. | |||||
| CVE-2015-8504 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2023-02-12 | 3.5 LOW | 6.5 MEDIUM |
| Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client. | |||||
| CVE-2015-8745 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2023-02-12 | 2.1 LOW | 5.5 MEDIUM |
| QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It could occur while reading Interrupt Mask Registers (IMR). A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS. | |||||
| CVE-2015-8744 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2023-02-12 | 2.1 LOW | 5.5 MEDIUM |
| QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS. | |||||
| CVE-2015-8970 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| crypto/algif_skcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that does not supply a key, related to the lrw_crypt function in crypto/lrw.c. | |||||
| CVE-2015-8324 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 4.9 MEDIUM | 4.6 MEDIUM |
| The ext4 implementation in the Linux kernel before 2.6.34 does not properly track the initialization of certain data structures, which allows physically proximate attackers to cause a denial of service (NULL pointer dereference and panic) via a crafted USB device, related to the ext4_fill_super function. | |||||
| CVE-2015-8660 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 7.2 HIGH | 6.7 MEDIUM |
| The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application. | |||||
| CVE-2015-7872 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 2.1 LOW | N/A |
| The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands. | |||||
| CVE-2015-7713 | 1 Openstack | 1 Nova | 2023-02-12 | 5.0 MEDIUM | N/A |
| OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made. | |||||
| CVE-2015-7529 | 3 Canonical, Redhat, Sos Project | 8 Ubuntu Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more | 2023-02-12 | 4.6 MEDIUM | 7.8 HIGH |
| sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date. | |||||
| CVE-2015-7549 | 1 Qemu | 1 Qemu | 2023-02-12 | 2.1 LOW | 6.0 MEDIUM |
| The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method. | |||||
| CVE-2015-7544 | 1 Redhat | 1 Enterprise Virtualization Manager | 2023-02-12 | 9.0 HIGH | 9.1 CRITICAL |
| redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3.6 allows remote authenticated users with the SuperUser role on any Entity to execute arbitrary commands on any host in the RHEV environment. | |||||
| CVE-2015-7512 | 4 Debian, Oracle, Qemu and 1 more | 9 Debian Linux, Linux, Qemu and 6 more | 2023-02-12 | 6.8 MEDIUM | 9.0 CRITICAL |
| Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet. | |||||
| CVE-2015-7509 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 4.9 MEDIUM | 4.4 MEDIUM |
| fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015. | |||||
| CVE-2015-7504 | 3 Debian, Qemu, Xen | 3 Debian Linux, Qemu, Xen | 2023-02-12 | 4.6 MEDIUM | 8.8 HIGH |
| Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode. | |||||
| CVE-2015-7502 | 1 Redhat | 2 Cloudforms, Cloudforms Management Engine | 2023-02-12 | 1.9 LOW | 5.1 MEDIUM |
| Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users to obtain sensitive data and consequently gain privileges by leveraging access to (1) database exports or (2) log files. | |||||
| CVE-2015-5329 | 1 Redhat | 1 Openstack | 2023-02-12 | 7.5 HIGH | 7.3 HIGH |
| The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for remote attackers to obtain access to services in deployed overclouds by leveraging knowledge of the default credentials. | |||||
| CVE-2015-5313 | 1 Redhat | 1 Libvirt | 2023-02-12 | 1.9 LOW | 2.5 LOW |
| Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name. | |||||
| CVE-2015-5295 | 4 Fedoraproject, Openstack, Oracle and 1 more | 4 Fedora, Orchestration Api, Solaris and 1 more | 2023-02-12 | 5.5 MEDIUM | 5.4 MEDIUM |
| The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory consumption) or determine the existence of local files via the resource type in a template, as demonstrated by file:///dev/zero. | |||||
| CVE-2015-7500 | 6 Apple, Canonical, Debian and 3 more | 13 Iphone Os, Mac Os X, Tvos and 10 more | 2023-02-12 | 5.0 MEDIUM | N/A |
| The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags. | |||||