Search Results (322822 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-1869 1 Redhat 2 Automatic Bug Reporting Tool, Enterprise Linux 2024-11-21 7.8 High
The default event handling scripts in Automatic Bug Reporting Tool (ABRT) allow local users to gain privileges as demonstrated by a symlink attack on a var_log_messages file.
CVE-2015-1862 1 Abrt Project 1 Abrt 2024-11-21 N/A
The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directory in a namedspaced environment.
CVE-2015-1857 1 Linuxfoundation 1 Opendaylight 2024-11-21 5.3 Medium
The odl-mdsal-apidocs feature in OpenDaylight Helium allow remote attackers to obtain sensitive information by leveraging missing AAA restrictions.
CVE-2015-1855 3 Debian, Puppet, Ruby-lang 5 Debian Linux, Puppet Agent, Puppet Enterprise and 2 more 2024-11-21 5.9 Medium
verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.
CVE-2015-1853 2 Redhat, Tuxfamily 2 Enterprise Linux, Chrony 2024-11-21 6.5 Medium
chrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowledge of NTP peering to cause a denial of service (inability to synchronize) via random timestamps in crafted NTP data packets.
CVE-2015-1811 2 Jenkins, Redhat 2 Cloudbees, Openshift 2024-11-21 7.5 High
XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document.
CVE-2015-1809 2 Jenkins, Redhat 2 Cloudbees, Openshift 2024-11-21 7.5 High
XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query.
CVE-2015-1785 1 Imagely 1 Nextgen Gallery 2024-11-21 6.5 Medium
In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests.
CVE-2015-1784 1 Imagely 1 Nextgen Gallery 2024-11-21 8.8 High
In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests.
CVE-2015-1780 1 Redhat 2 Ovirt-engine, Virtualization 2024-11-21 6.5 Medium
oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center
CVE-2015-1777 1 Redhat 3 Enterprise Linux, Gluster Storage, Rhn-client-tools 2024-11-21 N/A
rhnreg_ks in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Gluster Storage 2.1 and Enterprise Linux (RHEL) 5, 6, and 7 does not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to prevent system registration via a man-in-the-middle attack.
CVE-2015-1607 2 Canonical, Gnupg 2 Ubuntu Linux, Gnupg 2024-11-21 5.5 Medium
kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "memcpy with overlapping ranges."
CVE-2015-1606 2 Debian, Gnupg 2 Debian Linux, Gnupg 2024-11-21 5.5 Medium
The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.
CVE-2015-1583 1 Atutor 1 Atutor 2024-11-21 8.8 High
Multiple cross-site request forgery (CSRF) vulnerabilities in ATutor 2.2 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account via a request to mods/_core/users/admins/create.php or (2) create a user account via a request to mods/_core/users/create_user.php.
CVE-2015-1530 1 Google 1 Android 2024-11-21 7.8 High
media/libmedia/IAudioPolicyService.cpp in Android before 5.1 allows attackers to execute arbitrary code with media_server privileges or cause a denial of service (integer overflow) via a crafted application that provides an invalid array size.
CVE-2015-1525 1 Google 1 Android 2024-11-21 5.5 Medium
audio/AudioPolicyManagerBase.cpp in Android before 5.1 allows attackers to cause a denial of service (audio_policy application outage) via a crafted application that provides a NULL device address.
CVE-2015-1503 1 Icewarp 1 Mail Server 2024-11-21 N/A
Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the file parameter to a webmail/client/skins/default/css/css.php page or .../. (dot dot dot slash dot) in the (2) script or (3) style parameter to webmail/old/calendar/minimizer/index.php.
CVE-2015-1425 1 Jakweb 1 Gecko Cms 2024-11-21 9.8 Critical
JAKWEB Gecko CMS has Multiple Input Validation Vulnerabilities
CVE-2015-1418 1 Freebsd 1 Freebsd 2024-11-21 N/A
The do_ed_script function in pch.c in GNU patch through 2.7.6, and patch in FreeBSD 10.1 before 10.1-RELEASE-p17, 10.2 before 10.2-BETA2-p3, 10.2-RC1 before 10.2-RC1-p2, and 0.2-RC2 before 10.2-RC2-p1, allows remote attackers to execute arbitrary commands via a crafted patch file, because a '!' character can be passed to the ed program.
CVE-2015-1416 1 Freebsd 1 Freebsd 2024-11-21 N/A
Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bitrig; GNU patch before 2.2.5; and possibly other patch variants allow remote attackers to execute arbitrary shell commands via a crafted patch file.