Vulnerabilities > Canonical > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-06-25 | CVE-2015-1851 | Information Exposure vulnerability in multiple products OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command. | 6.8 |
2015-06-03 | CVE-2015-4106 | Incorrect Authorization vulnerability in multiple products QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors. | 4.6 |
2015-05-28 | CVE-2015-3165 | Remote Denial Of Service vulnerability in PostgreSQL Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence. | 4.3 |
2015-05-19 | CVE-2015-3407 | Improper Access Control vulnerability in multiple products Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files. | 5.0 |
2015-05-12 | CVE-2015-3451 | XXE vulnerability in multiple products The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function. | 5.0 |
2015-05-12 | CVE-2015-2668 | Resource Management Errors vulnerability in multiple products ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file. | 5.0 |
2015-05-12 | CVE-2015-2222 | Resource Management Errors vulnerability in multiple products ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file. | 5.0 |
2015-05-12 | CVE-2015-2221 | Resource Management Errors vulnerability in multiple products ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file. | 5.0 |
2015-05-12 | CVE-2015-2170 | Resource Management Errors vulnerability in multiple products The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file. | 5.0 |
2015-05-01 | CVE-2015-3153 | Information Exposure vulnerability in multiple products The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents. | 5.0 |