VYPR

Fedora

by Fedoraproject

CVEs (790)

  • CVE-2015-3885May 19, 2015
    risk 0.00cvss epss 0.05

    Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.

  • CVE-2015-0278May 18, 2015
    risk 0.00cvss epss 0.03

    libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors.

  • CVE-2015-3451May 12, 2015
    risk 0.00cvss epss 0.04

    The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.

  • CVE-2015-3340Apr 28, 2015
    risk 0.00cvss epss 0.01

    Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.

  • CVE-2015-0844Apr 14, 2015
    risk 0.00cvss epss 0.02

    The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file.

  • CVE-2015-2782Apr 8, 2015
    risk 0.00cvss epss 0.06

    Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ARJ archive.

  • CVE-2015-0557Apr 8, 2015
    risk 0.00cvss epss 0.03

    Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive.

  • CVE-2015-0556Apr 8, 2015
    risk 0.00cvss epss 0.04

    Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive.

  • CVE-2015-2756Apr 1, 2015
    risk 0.00cvss epss 0.00

    QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express…

  • CVE-2015-2752Apr 1, 2015
    risk 0.00cvss epss 0.00

    The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service (host CPU consumption) via a crafted request to the device model (qemu-dm).

  • CVE-2015-2751Apr 1, 2015
    risk 0.00cvss epss 0.02

    Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations.

  • CVE-2015-1827Mar 30, 2015
    risk 0.00cvss epss 0.03

    The get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (crash) via a group list request for a user that belongs to a large number…

  • CVE-2015-1609Mar 30, 2015
    risk 0.00cvss epss 0.03

    MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request.

  • CVE-2015-2157Mar 27, 2015
    risk 0.00cvss epss 0.01

    The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory.

  • CVE-2015-2317Mar 25, 2015
    risk 0.00cvss epss 0.05

    The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a control character in a URL, as…

  • CVE-2015-2316Mar 25, 2015
    risk 0.00cvss epss 0.05

    The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the input string.

  • CVE-2015-0252Mar 24, 2015
    risk 0.00cvss epss 0.40

    internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data.

  • CVE-2015-2152Mar 18, 2015
    risk 0.00cvss epss 0.00

    Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when…

  • CVE-2015-0778Mar 16, 2015
    risk 0.00cvss epss 0.04

    osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file.

  • CVE-2015-1782Mar 13, 2015
    risk 0.00cvss epss 0.04

    The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet.

Page 29 of 40