Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2015-11-26 | CVE-2015-8364 | Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via crafted image dimensions in Indeo Video Interactive data. | Ubuntu_linux, Ffmpeg | N/A | ||
2015-11-26 | CVE-2015-8365 | The smka_decode_frame function in libavcodec/smacker.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not verify that the data size is consistent with the number of channels, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Smacker data. | Ubuntu_linux, Ffmpeg | N/A | ||
2015-12-06 | CVE-2015-3194 | crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter. | Ubuntu_linux, Debian_linux, Node\.js, Openssl | 7.5 | ||
2015-12-06 | CVE-2015-3195 | The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. | Mac_os_x, Ubuntu_linux, Debian_linux, Fedora, Openssl, Leap, Opensuse, Api_gateway, Communications_webrtc_session_controller, Exalogic_infrastructure, Http_server, Integrated_lights_out_manager_firmware, Life_sciences_data_hub, Linux, Solaris, Sun_ray_software, Transportation_management, Vm_server, Vm_virtualbox, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Linux_enterprise_server | 5.3 | ||
2015-12-06 | CVE-2015-3196 | ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message. | Ubuntu_linux, Debian_linux, Fedora, Icewall_sso, Icewall_sso_agent_option, Openssl, Vm_virtualbox, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | N/A | ||
2015-12-29 | CVE-2015-5252 | vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share. | Ubuntu_linux, Debian_linux, Samba | 7.2 | ||
2015-12-29 | CVE-2015-5296 | Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c. | Ubuntu_linux, Debian_linux, Samba | 5.4 | ||
2015-12-29 | CVE-2015-5299 | The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory. | Ubuntu_linux, Debian_linux, Samba | 5.3 | ||
2015-12-29 | CVE-2015-7540 | The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) via crafted packets. | Ubuntu_linux, Debian_linux, Samba | 7.5 | ||
2015-12-29 | CVE-2015-8467 | The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, which allows remote authenticated users to bypass intended access restrictions by leveraging the existence of a domain with both a Samba DC and a Windows DC, a similar issue to CVE-2015-2535. | Ubuntu_linux, Debian_linux, Samba | 7.5 |