High

DATE	CVE	VULNERABILITY TITLE	RISK
2015-09-08	CVE-2015-5199	Path Traversal vulnerability in multiple products Directory traversal vulnerability in dlopen in libvdpau before 1.1.1 allows local users to gain privileges via the VDPAU_DRIVER environment variable. local low complexity canonical libvdpau-project CWE-22	7.2
2015-09-08	CVE-2015-5198	Permissions, Privileges, and Access Controls vulnerability in multiple products libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to gain privileges via unspecified vectors, related to the VDPAU_DRIVER_PATH environment variable. local low complexity libvdpau-project canonical CWE-264	7.2
2015-09-02	CVE-2015-3308	Denial of Service vulnerability in GnuTLS 'x509_ext.c' Use After Free Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point. network low complexity gnu canonical	7.5
2015-08-08	CVE-2015-4495	The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015. network low complexity mozilla oracle canonical redhat suse opensuse	8.8
2015-07-14	CVE-2015-5143	Resource Management Errors vulnerability in multiple products The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys. network low complexity djangoproject debian oracle canonical CWE-399	7.8
2015-07-14	CVE-2015-3279	Numeric Errors vulnerability in multiple products Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow. network low complexity linuxfoundation canonical debian CWE-189	7.5
2015-06-08	CVE-2015-3905	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in the set_cs_start function in t1disasm.c in t1utils before 1.39 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. network low complexity canonical t1utils-project CWE-119	7.5
2015-05-29	CVE-2015-4047	NULL Pointer Dereference vulnerability in multiple products racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests. network low complexity ipsec-tools canonical fedoraproject f5 debian CWE-476	7.8
2015-05-29	CVE-2015-0847	Code vulnerability in multiple products nbd-server.c in Network Block Device (nbd-server) before 3.11 does not properly handle signals, which allows remote attackers to cause a denial of service (deadlock) via unspecified vectors. network low complexity canonical wouter-verhelst CWE-17	7.8
2015-05-19	CVE-2015-3409	Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module. local low complexity module-signature-project canonical	7.2