Skip to main content
CVE-2015-5165 CRITICAL PATCH Act Now

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 13.2%.

Information Disclosure Xen Fedora Linux Enterprise Debuginfo Linux Enterprise Server +20
NVD
CVSS 2.0
9.3
EPSS
13.2%
CVE-2015-3213 HIGH POC This Week

The gesture handling code in Clutter before 1.16.2 allows physically proximate attackers to bypass the lock screen via certain (1) mouse or (2) touch gestures. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Clutter
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2013-7443 MEDIUM POC This Month

Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows remote attackers to cause a denial of service (crash) via crafted SQL statements. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Ubuntu Linux Sqlite
NVD
CVSS 2.0
5.0
EPSS
1.3%
CVE-2015-1331 MEDIUM POC This Month

lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lxc
NVD GitHub
CVSS 2.0
4.9
EPSS
0.0%
CVE-2015-3184 MEDIUM This Month

mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 17.0% and no vendor patch available.

Information Disclosure Apache Xcode Subversion
NVD
CVSS 2.0
5.0
EPSS
17.0%
CVE-2015-5718 MEDIUM POC This Month

Stack-based buffer overflow in the handle_debug_network function in the manager in Websense Content Gateway before 8.0.0 HF02 allows remote administrators to cause a denial of service (crash) via a. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Content Gateway
NVD
CVSS 2.0
4.0
EPSS
0.7%
CVE-2015-2059 HIGH PATCH This Week

The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Libidn Opensuse Fedora
NVD GitHub
CVSS 2.0
7.5
EPSS
0.8%
CVE-2015-1867 HIGH This Week

Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Enterprise Linux High Availability Enterprise Linux Resilient Storage Pacemaker
NVD GitHub
CVSS 2.0
7.5
EPSS
0.7%
CVE-2015-5154 HIGH PATCH This Week

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

RCE Buffer Overflow Xen Linux Enterprise Debuginfo Linux Enterprise Desktop +5
NVD
CVSS 2.0
7.2
EPSS
0.4%
CVE-2015-5166 HIGH PATCH This Week

Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Privilege Escalation Fedora Xen
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2015-3283 MEDIUM This Month

OpenAFS before 1.6.13 allows remote attackers to spoof bos commands via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Openafs
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2015-2058 MEDIUM This Month

c2s/c2s.c in Jabber Open Source Server 2.3.2 and earlier truncates data without ensuring it remains valid UTF-8, which allows remote authenticated users to read system memory or possibly have other. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jabberd2
NVD GitHub
CVSS 2.0
6.5
EPSS
0.6%
CVE-2015-0851 MEDIUM This Month

XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Xmltooling
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2015-1334 MEDIUM This Month

attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lxc
NVD GitHub
CVSS 2.0
4.6
EPSS
0.1%
CVE-2015-3286 MEDIUM This Month

Buffer overflow in the Solaris kernel extension in OpenAFS before 1.6.13 allows local users to cause a denial of service (panic or deadlock) or possibly have other unspecified impact via a large. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Openafs
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2015-3282 MEDIUM This Month

vos in OpenAFS before 1.6.13, when updating VLDB entries, allows remote attackers to obtain stack data by sniffing the network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Openafs
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-3908 MEDIUM PATCH This Month

Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Ansible
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-3187 MEDIUM This Month

The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apache Subversion Xcode
NVD
CVSS 2.0
4.0
EPSS
0.9%
CVE-2015-3285 LOW Monitor

The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wrong pointer when writing the results of the RPC, which allows local users to cause a denial of service (memory corruption and. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Openafs
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-3284 LOW Monitor

pioctls in OpenAFS 1.6.x before 1.6.13 allows local users to read kernel memory via crafted commands. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openafs
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy