CVEs from 2015
Total
7,262
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat_reader 878
- acrobat 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-2694 | medium | — | 5.8 | 11y ago | The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an int… | |||
| CVE-2015-3644 | medium | — | 5.8 | 11y ago | Stunnel 5.00 through 5.13, when using the redirect option, does not redirect client connections to the expected server after the initial connection, which allows remote attackers to bypass authentica… | |||
| CVE-2015-1863 | medium | — | 5.8 | 11y ago | Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information… | |||
| CVE-2015-0706 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in Cisco FireSIGHT System Software 5.3.1.1, 5.3.1.2, and 6.0.0 in FireSIGHT Management Center allows remote attackers to redirect users to arbitrary web sites and conduct … | |||
| CVE-2015-3393 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in the Commerce WeDeal module before 7.x-1.3 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified pa… | |||
| CVE-2015-3388 | medium | — | 5.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in the Commerce Balanced Payments module for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete th… | |||
| CVE-2015-3383 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in the Node basket module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||
| CVE-2015-3382 | medium | — | 5.8 | 11y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Node basket module for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add or (2)… | |||
| CVE-2015-3380 | medium | — | 5.8 | 11y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Feature Set module for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable or (… | |||
| CVE-2015-3375 | medium | — | 5.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in the Shibboleth Authentication module before 6.x-4.1 and 7.x-4.x before 7.x-4.1 for Drupal allows remote attackers to hijack the authentication of ad… | |||
| CVE-2015-3374 | medium | — | 5.8 | 11y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Corner module for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable or (2) di… | |||
| CVE-2015-3371 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destination param… | |||
| CVE-2015-3366 | medium | — | 5.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in the Alfresco module before 6.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete an al… | |||
| CVE-2015-3358 | medium | — | 5.8 | 11y ago | Multiple open redirect vulnerabilities in the Tadaa! module before 7.x-1.4 for Drupal allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a desti… | |||
| CVE-2015-3354 | medium | — | 5.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in the Wishlist module before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal allows remote attackers to hijack the authentication of arbitrary users for… | |||
| CVE-2015-3342 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in the Ubercart Currency Conversion module before 6.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a UR… | |||
| CVE-2015-0480 | medium | — | 5.8 | 11y ago | Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools. | |||
| CVE-2015-0906 | medium | — | 5.8 | 11y ago | Directory traversal vulnerability in Lhaplus before 1.70 allows remote attackers to write to arbitrary files via a crafted archive. | |||
| CVE-2015-0697 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in the login page in Cisco TC Software before 6.3-26 and 7.x before 7.3.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to re… | |||
| CVE-2015-1638 | medium | — | 5.8 | 11y ago | Microsoft Active Directory Federation Services (AD FS) 3.0 on Windows Server 2012 R2 does not properly handle logoff actions, which allows remote attackers to bypass intended access restrictions by l… | |||
| CVE-2015-0557 | medium | — | 5.8 | 11y ago | Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multipl… | |||
| CVE-2015-0556 | medium | — | 5.8 | 11y ago | Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive. | |||
| CVE-2015-2167 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in the 3PI Manager in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to redirect users to arbitrary web sites and conduct phish… | |||
| CVE-2015-1596 | medium | — | 5.8 | 11y ago | The Siemens SPCanywhere application for Android and iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive in… | |||
| CVE-2015-2215 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in the Services single sign-on server helper (services_sso_server_helper) module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct ph… | |||
| CVE-2015-0878 | medium | — | 5.8 | 11y ago | Directory traversal vulnerability in CREAR AL-Mail32 before 1.13d allows remote attackers to write to arbitrary files via a crafted filename of an attachment. | |||
| CVE-2015-1042 | medium | — | 5.8 | 12y ago | The string_sanitize_url function in core/string_api.php in MantisBT 1.2.0a3 through 1.2.18 uses an incorrect regular expression, which allows remote attackers to conduct open redirect and phishing at… | |||
| CVE-2015-0512 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in EMC Unisphere Central before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter. | |||
| CVE-2015-1038 | medium | — | 5.8 | 12y ago | p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive. | |||
| CVE-2015-0406 | medium | — | 5.8 | 12y ago | Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment. | |||
| CVE-2015-1051 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in the Context UI module in the Context module 7.x-3.x before 7.x-3.6 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing atta… | |||
| CVE-2015-6286 | medium | — | 5.7 | 11y ago | Cisco Application Visibility and Control (AVC) 15.3(3)JA, when FlexConnect is enabled, allows remote attackers to cause a denial of service (access-point outage) via a crafted UDP packet, aka Bug ID … | |||
| CVE-2015-4205 | medium | — | 5.7 | 11y ago | Cisco IOS XR 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (NPU chip reset or line-card reload) by sending crafted IEEE 802.3x flow-control PAUSE frames on the local … | |||
| CVE-2015-0501 | medium | — | 5.7 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling. | |||
| CVE-2015-0632 | medium | — | 5.7 | 11y ago | Race condition in the Neighbor Discovery (ND) protocol implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service via a flood of Router Solicitation messages on the l… | |||
| CVE-2015-0060 | medium | — | 5.7 | 12y ago | The font mapper in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Se… | |||
| CVE-2015-0578 | medium | — | 5.7 | 12y ago | Cisco Adaptive Security Appliance (ASA) Software, when a DHCPv6 relay is configured, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets on the local network… | |||
| CVE-2015-7515 | medium | 4.6 | 5.6 | 10y ago | The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash… | |||
| CVE-2015-7566 | medium | 4.6 | 5.6 | 11y ago | The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system cras… | |||
| CVE-2015-1985 | medium | 5.6 | 5.6 | 11y ago | The queue manager on IBM MQ M2000 appliances before 8.0.0.4 allows local users to bypass an intended password requirement and read private keys by leveraging the existence of a stash file. | |||
| CVE-2015-7020 | medium | — | 5.6 | 11y ago | The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read… | |||
| CVE-2015-7019 | medium | — | 5.6 | 11y ago | The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read… | |||
| CVE-2015-1674 | medium | — | 5.6 | 11y ago | The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate an unspecified address, which allows local users to bypass the … | |||
| CVE-2015-2572 | medium | — | 5.6 | 11y ago | Unspecified vulnerability in the Oracle Hyperion Smart View for Office component in Oracle Hyperion 11.1.2.5.216 and earlier, when running on Windows, allows local users to affect confidentiality, in… | |||
| CVE-2015-0095 | medium | — | 5.6 | 11y ago | The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Window… | |||
| CVE-2015-8366 | medium | — | 5.5 | — | Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes. | |||
| CVE-2015-8367 | medium | — | 5.5 | — | The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization. | |||
| CVE-2015-8011 | medium | — | 5.5 | — | Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code vi… | |||
| CVE-2015-9253 | medium | — | 5.5 | — | denial of service in php-fpm | |||
| CVE-2015-9252 | medium | — | 5.5 | — | An issue was discovered in QPDF before 7.0.0. Endless recursion causes stack exhaustion in QPDFTokenizer::resolveLiteral() in QPDFTokenizer.cc, related to the QPDF::resolve function in QPDF.cc. | |||
| CVE-2015-20107 | medium | — | 5.5 | 4y ago | RHSA-2022:7593: python27:2.7 security update (Moderate) | |||
| CVE-2015-9541 | medium | — | 5.5 | 6y ago | RHSA-2020:4690: qt5-qtbase and qt5-qtwebsockets security and bug fix update (Moderate) | |||
| CVE-2015-9251 | medium | — | 5.5 | 9y ago | RHSA-2020:4847: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2015-1206 | medium | 5.5 | 5.5 | 9y ago | Heap-based buffer overflow in Google Chrome before M40 allows remote attackers to cause a denial of service (unpaged memory write and process crash) via a crafted MP4 file. | |||
| CVE-2015-1526 | medium | 5.5 | 5.5 | 9y ago | The media_server component in Android allows remote attackers to cause a denial of service via a crafted application. | |||
| CVE-2015-7837 | medium | 5.5 | 5.5 | 9y ago | The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot re… | |||
| CVE-2015-3211 | medium | 5.5 | 5.5 | 9y ago | php-fpm allows local users to write to or create arbitrary files via a symlink attack. | |||
| CVE-2015-3156 | medium | 5.5 | 5.5 | 9y ago | Openstack DBaaS (Trove) Improper Link Resolution Before File Access | |||
| CVE-2015-8621 | medium | 5.5 | 5.5 | 9y ago | t-coffee before 11.00.8cbe486-2 allows local users to write to ~/.t_coffee globally. | |||
| CVE-2015-3839 | medium | 5.5 | 5.5 | 9y ago | The updateMessageStatus function in Android 5.1.1 and earlier allows local users to cause a denial of service (NULL pointer exception and process crash). | |||
| CVE-2015-5203 | medium | 5.5 | 5.5 | 9y ago | Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. | |||
| CVE-2015-5221 | medium | 5.5 | 5.5 | 9y ago | Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) vi… | |||
| CVE-2015-3243 | medium | 5.5 | 5.5 | 9y ago | rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron. | |||
| CVE-2015-3171 | medium | 5.5 | 5.5 | 9y ago | sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive. | |||
| CVE-2015-3149 | medium | 5.5 | 5.5 | 9y ago | The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a symlink attack. | |||
| CVE-2015-3170 | medium | 5.5 | 5.5 | 9y ago | selinux-policy when sysctl fs.protected_hardlinks are set to 0 allows local users to cause a denial of service (SSH login prevention) by creating a hardlink to /etc/passwd from a directory named .con… | |||
| CVE-2015-1323 | medium | 5.5 | 5.5 | 9y ago | The simulate dbus method in aptdaemon before 1.1.1+bzr982-0ubuntu3.1 as packaged in Ubuntu 15.04, before 1.1.1+bzr980-0ubuntu1.1 as packaged in Ubuntu 14.10, before 1.1.1-1ubuntu5.2 as packaged in Ub… | |||
| CVE-2015-8697 | medium | 5.5 | 5.5 | 9y ago | stalin 0.11-5 allows local users to write to arbitrary files. | |||
| CVE-2015-3840 | medium | 5.5 | 5.5 | 9y ago | The MessageStatusReceiver service in the AndroidManifest.XML in Android 5.1.1 and earlier allows local users to alter sent/received statuses of SMS and MMS messages without the associated "WRITE_SMS"… | |||
| CVE-2015-1870 | medium | 5.5 | 5.5 | 9y ago | The event scripts in Automatic Bug Reporting Tool (ABRT) uses world-readable permission on a copy of sosreport file in problem directories, which allows local users to obtain sensitive information fr… | |||
| CVE-2015-9101 | medium | 5.5 | 5.5 | 9y ago | The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.98.4, 3.98.2, 3.98, 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4 and 3.99.5 allows remote attackers to cause a denial of service (heap-ba… | |||
| CVE-2015-9100 | medium | 5.5 | 5.5 | 9y ago | The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio fi… | |||
| CVE-2015-9099 | medium | 5.5 | 5.5 | 9y ago | The lame_init_params function in lame.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file with a negati… | |||
| CVE-2015-9024 | medium | 5.5 | 5.5 | 9y ago | In all Android releases from CAF using the Linux kernel, some interfaces were improperly exposed to QTEE applications. | |||
| CVE-2015-9021 | medium | 5.5 | 5.5 | 9y ago | In all Android releases from CAF using the Linux kernel, access control to SMEM memory was not enabled. | |||
| CVE-2015-8326 | medium | 5.5 | 5.5 | 9y ago | The IPTables-Parse module before 1.6 for Perl allows local users to write to arbitrary files owned by the current user. | |||
| CVE-2015-9001 | medium | 5.5 | 5.5 | 9y ago | In TrustZone an information exposure vulnerability can potentially occur in all Android releases from CAF using the Linux kernel. | |||
| CVE-2015-8223 | medium | 5.5 | 5.5 | 9y ago | Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B85, and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) by leveraging camera permissions and vi… | |||
| CVE-2015-7740 | medium | 5.5 | 5.5 | 9y ago | Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B851 and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) via vectors involving an application th… | |||
| CVE-2015-8276 | medium | 5.5 | 5.5 | 9y ago | LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow attackers to read arbitrary files via crafted EDOC files. | |||
| CVE-2015-8275 | medium | 5.5 | 5.5 | 9y ago | LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow attackers to write to arbitrary files via crafted EDOC files. | |||
| CVE-2015-7847 | medium | 5.5 | 5.5 | 9y ago | Huawei MBB (Mobile Broadband) product E3272s with software versions earlier than E3272s-153TCPU-V200R002B491D09SP00C00 has a Denial of Service (DoS) vulnerability. An attacker could send a malicious … | |||
| CVE-2015-8234 | medium | 5.5 | 5.5 | 9y ago | The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision. | |||
| CVE-2015-8678 | medium | 5.5 | 5.5 | 9y ago | The ION driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 … | |||
| CVE-2015-7313 | medium | 5.5 | 5.5 | 9y ago | LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted tiff file. | |||
| CVE-2015-4645 | medium | 5.5 | 5.5 | 9y ago | Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which tr… | |||
| CVE-2015-8898 | medium | 5.5 | 5.5 | 9y ago | The WriteImages function in magick/constitute.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image file. | |||
| CVE-2015-8897 | medium | 5.5 | 5.5 | 9y ago | The SpliceImage function in MagickCore/transform.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (application crash) via a crafted png file. | |||
| CVE-2015-8894 | medium | 5.5 | 5.5 | 9y ago | Double free vulnerability in coders/tga.c in ImageMagick 7.0.0 and later allows remote attackers to cause a denial of service (application crash) via a crafted tga file. | |||
| CVE-2015-8986 | medium | 5.5 | 5.5 | 9y ago | Sandbox detection evasion vulnerability in hardware appliances in McAfee (now Intel Security) Advanced Threat Defense (MATD) 3.4.2.32 and earlier allows attackers to detect the sandbox environment, t… | |||
| CVE-2015-8900 | medium | 5.5 | 5.5 | 9y ago | The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file. | |||
| CVE-2015-1976 | medium | 5.5 | 5.5 | 9y ago | IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash. | |||
| CVE-2015-5013 | medium | 5.5 | 5.5 | 9y ago | The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access. | |||
| CVE-2015-5677 | medium | 5.5 | 5.5 | 9y ago | bsnmpd, as used in FreeBSD 9.3, 10.1, and 10.2, uses world-readable permissions on the snmpd.config file, which allows local users to obtain the secret key for USM authentication by reading the file. | |||
| CVE-2015-8818 | medium | 5.5 | 5.5 | 10y ago | The cpu_physical_memory_write_rom_internal function in exec.c in QEMU (aka Quick Emulator) does not properly skip MMIO regions, which allows local privileged guest users to cause a denial of service … | |||
| CVE-2015-8817 | medium | 5.5 | 5.5 | 10y ago | QEMU (aka Quick Emulator) built to use 'address_space_translate' to map an address to a MemoryRegionSection is vulnerable to an OOB r/w access issue. It could occur while doing pci_dma_read/write cal… | |||
| CVE-2015-8745 | medium | 5.5 | 5.5 | 10y ago | QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It could occur while reading Interrupt Mask Registers (IMR). A privileged (CAP_SYS… | |||
| CVE-2015-8744 | medium | 5.5 | 5.5 | 10y ago | QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged … | |||
| CVE-2015-8970 | medium | 5.5 | 5.5 | 10y ago | crypto/algif_skcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allows local u… | |||
| CVE-2015-8964 | medium | 5.5 | 5.5 | 10y ago | The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel before 4.5 allows local users to obtain sensitive information from kernel memory by reading a tty data structure. |