Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-08-12 | CVE-2015-5166 | Permissions, Privileges, and Access Controls vulnerability in multiple products Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice. | 7.2 |
2015-08-12 | CVE-2015-3908 | Insufficient Verification of Data Authenticity vulnerability in Redhat Ansible Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 4.3 |
2015-08-12 | CVE-2015-3286 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Openafs Buffer overflow in the Solaris kernel extension in OpenAFS before 1.6.13 allows local users to cause a denial of service (panic or deadlock) or possibly have other unspecified impact via a large group list when joining a PAG. | 4.6 |
2015-08-12 | CVE-2015-3285 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Openafs The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wrong pointer when writing the results of the RPC, which allows local users to cause a denial of service (memory corruption and kernel panic) via a crafted OSD FS command. | 2.1 |
2015-08-12 | CVE-2015-3284 | Information Exposure vulnerability in Openafs pioctls in OpenAFS 1.6.x before 1.6.13 allows local users to read kernel memory via crafted commands. | 2.1 |
2015-08-12 | CVE-2015-3283 | Permissions, Privileges, and Access Controls vulnerability in Openafs OpenAFS before 1.6.13 allows remote attackers to spoof bos commands via unspecified vectors. | 6.8 |
2015-08-12 | CVE-2015-3282 | Information Exposure vulnerability in Openafs vos in OpenAFS before 1.6.13, when updating VLDB entries, allows remote attackers to obtain stack data by sniffing the network. | 4.3 |
2015-08-12 | CVE-2015-3187 | Information Exposure vulnerability in multiple products The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path. | 4.0 |
2015-08-12 | CVE-2015-3184 | Information Exposure vulnerability in multiple products mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name. | 5.0 |
2015-08-12 | CVE-2015-2059 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read. | 7.5 |