Vulnerabilities (CVE)

Filtered by vendor Canonical Subscribe
Total 4203 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-8899 2 Canonical, Thekelleys 2 Ubuntu Linux, Dnsmasq 2024-11-21 5.0 MEDIUM 7.5 HIGH
Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally.
CVE-2015-8872 3 Canonical, Dosfstools Project, Opensuse 4 Ubuntu Linux, Dosfstools, Leap and 1 more 2024-11-21 2.1 LOW 6.2 MEDIUM
The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an "off-by-two error."
CVE-2015-8868 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2024-11-21 9.3 HIGH 7.8 HIGH
Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document.
CVE-2015-8867 2 Canonical, Php 2 Ubuntu Linux, Php 2024-11-21 5.0 MEDIUM 7.5 HIGH
The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
CVE-2015-8866 4 Canonical, Opensuse, Php and 1 more 6 Ubuntu Linux, Leap, Opensuse and 3 more 2024-11-21 6.8 MEDIUM 9.6 CRITICAL
ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161.
CVE-2015-8839 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2024-11-21 1.9 LOW 5.1 MEDIUM
Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user's file after unsynchronized hole punching and page-fault handling.
CVE-2015-8812 3 Canonical, Linux, Novell 3 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Real Time Extension 2024-11-21 10.0 HIGH 9.8 CRITICAL
drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets.
CVE-2015-8806 3 Canonical, Debian, Xmlsoft 3 Ubuntu Linux, Debian Linux, Libxml2 2024-11-21 5.0 MEDIUM 7.5 HIGH
dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document.
CVE-2015-8805 3 Canonical, Nettle Project, Opensuse 4 Ubuntu Linux, Nettle, Leap and 1 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.
CVE-2015-8804 3 Canonical, Nettle Project, Opensuse 4 Ubuntu Linux, Nettle, Leap and 1 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.
CVE-2015-8803 3 Canonical, Nettle Project, Opensuse 4 Ubuntu Linux, Nettle, Leap and 1 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
CVE-2015-8779 6 Canonical, Debian, Fedoraproject and 3 more 10 Ubuntu Linux, Debian Linux, Fedora and 7 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.
CVE-2015-8778 6 Canonical, Debian, Fedoraproject and 3 more 10 Ubuntu Linux, Debian Linux, Fedora and 7 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.
CVE-2015-8776 6 Canonical, Debian, Fedoraproject and 3 more 10 Ubuntu Linux, Debian Linux, Fedora and 7 more 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.
CVE-2015-8768 2 Canonical, Click Project 2 Ubuntu Linux, Click 2024-11-21 7.5 HIGH 9.8 CRITICAL
click/install.py in click does not require files in package filesystem tarballs to start with ./ (dot slash), which allows remote attackers to install an alternate security policy and gain privileges via a crafted package, as demonstrated by the test.mmrow app for Ubuntu phone.
CVE-2015-8767 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2024-11-21 4.9 MEDIUM 6.2 MEDIUM
net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
CVE-2015-8607 3 Canonical, Debian, Perl 3 Ubuntu Linux, Debian Linux, Pathtools 2024-11-21 7.5 HIGH 7.3 HIGH
The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
CVE-2015-8605 4 Canonical, Debian, Isc and 1 more 4 Ubuntu Linux, Debian Linux, Dhcp and 1 more 2024-11-21 5.7 MEDIUM 6.5 MEDIUM
ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.
CVE-2015-8567 6 Canonical, Debian, Fedoraproject and 3 more 10 Ubuntu Linux, Debian Linux, Fedora and 7 more 2024-11-21 6.8 MEDIUM 7.7 HIGH
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).
CVE-2015-8560 3 Canonical, Debian, Linuxfoundation 4 Ubuntu Linux, Debian Linux, Cups-filters and 1 more 2024-11-21 7.5 HIGH 7.3 HIGH
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327.