Max CVSS | 10.0 | Min CVSS | 1.9 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2015-0240 | 10.0 |
The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execu
|
13-02-2023 - 00:45 | 24-02-2015 - 01:59 | |
CVE-2015-0239 | 4.4 |
The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering u
|
13-02-2023 - 00:45 | 02-03-2015 - 11:59 | |
CVE-2014-8160 | 5.0 |
net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass in
|
13-02-2023 - 00:43 | 02-03-2015 - 11:59 | |
CVE-2014-7822 | 7.2 |
The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unsp
|
13-02-2023 - 00:42 | 16-03-2015 - 10:59 | |
CVE-2015-1421 | 10.0 |
Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by tri
|
03-11-2022 - 20:23 | 16-03-2015 - 10:59 | |
CVE-2014-8559 | 4.9 |
The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application.
|
13-08-2020 - 17:42 | 10-11-2014 - 11:55 | |
CVE-2014-9585 | 2.1 |
The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the
|
21-05-2020 - 20:35 | 09-01-2015 - 21:59 | |
CVE-2014-9644 | 2.1 |
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes)
|
21-05-2020 - 13:11 | 02-03-2015 - 11:59 | |
CVE-2013-7421 | 2.1 |
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644.
|
19-05-2020 - 14:32 | 02-03-2015 - 11:59 | |
CVE-2015-1414 | 7.8 |
Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. 10.0 before p18, and 10.1 before p6 allows remote attackers to cause a denial of service (crash) via a crafted IGMP packet, which triggers an incorrect size calculation and allocation of
|
30-05-2019 - 14:57 | 27-02-2015 - 15:59 | |
CVE-2015-0831 | 6.8 |
Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a d
|
22-04-2019 - 17:48 | 25-02-2015 - 11:59 | |
CVE-2014-9679 | 6.8 |
Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow.
|
30-10-2018 - 16:27 | 19-02-2015 - 15:59 | |
CVE-2015-1593 | 5.0 |
The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predictin
|
05-01-2018 - 02:30 | 16-03-2015 - 10:59 | |
CVE-2003-0195 | 5.0 |
CUPS before 1.1.19 allows remote attackers to cause a denial of service via a partial printing request to the IPP port (631), which does not time out.
|
11-10-2017 - 01:29 | 16-06-2003 - 04:00 | |
CVE-2015-2091 | 5.0 |
The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and earlier does not validate client certificates when "GnuTLSClientVerify require" is set, which allows remote attackers to spoof clients via a crafted certificate.
|
19-09-2017 - 01:36 | 13-03-2015 - 14:59 | |
CVE-2015-1420 | 1.9 |
Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of
|
28-12-2016 - 02:59 | 16-03-2015 - 10:59 | |
CVE-2014-9683 | 3.6 |
Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain pri
|
24-12-2016 - 02:59 | 03-03-2015 - 11:59 | |
CVE-2015-0836 | 7.5 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or poss
|
24-12-2016 - 02:59 | 25-02-2015 - 11:59 | |
CVE-2015-0822 | 4.3 |
The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code.
|
24-12-2016 - 02:59 | 25-02-2015 - 11:59 | |
CVE-2015-0827 | 4.3 |
Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to obtain sensitive information from uninitialized process memory via
|
24-12-2016 - 02:59 | 25-02-2015 - 11:59 | |
CVE-2014-9472 | 7.1 |
The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted email.
|
23-08-2016 - 17:45 | 09-03-2015 - 14:59 | |
CVE-2015-1165 | 5.0 |
RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors.
|
28-10-2015 - 02:16 | 09-03-2015 - 14:59 | |
CVE-2015-1464 | 6.4 |
RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL.
|
28-10-2015 - 02:15 | 09-03-2015 - 14:59 | |
CVE-2015-2063 | 4.3 |
Integer overflow in unace 1.2b allows remote attackers to cause a denial of service (crash) via a small file header in an ace archive, which triggers a buffer overflow.
|
09-04-2015 - 18:23 | 09-03-2015 - 14:59 |