CVE-2015-7611 (james_server)

Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors.

Source: CVE-2015-7611 (james_server)

CVE-2015-7611

Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors.

Source: CVE-2015-7611

CVE-2015-5723 (annotations, cache, common, debian_linux, doctrinemongodbbundle, mongodb-odm, object_relational_mapper, zend-cache, zend_framework, zf-apigility-doctrine)

Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.

Source: CVE-2015-5723 (annotations, cache, common, debian_linux, doctrinemongodbbundle, mongodb-odm, object_relational_mapper, zend-cache, zend_framework, zf-apigility-doctrine)

CVE-2015-5723

Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM to before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.

Source: CVE-2015-5723

CVE-2015-5261 (debian_linux, enterprise_linux_desktop, enterprise_linux_hpc_node, enterprise_linux_hpc_node_eus, enterprise_linux_server, enterprise_linux_server_eus, enterprise_linux_workstation, spice, ubuntu_linux)

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.

Source: CVE-2015-5261 (debian_linux, enterprise_linux_desktop, enterprise_linux_hpc_node, enterprise_linux_hpc_node_eus, enterprise_linux_server, enterprise_linux_server_eus, enterprise_linux_workstation, spice, ubuntu_linux)

CVE-2015-5261

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.

Source: CVE-2015-5261

CVE-2015-5260 (debian_linux, enterprise_linux_desktop, enterprise_linux_hpc_node, enterprise_linux_hpc_node_eus, enterprise_linux_server, enterprise_linux_server_eus, enterprise_linux_workstation, spice, ubuntu_linux)

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.

Source: CVE-2015-5260 (debian_linux, enterprise_linux_desktop, enterprise_linux_hpc_node, enterprise_linux_hpc_node_eus, enterprise_linux_server, enterprise_linux_server_eus, enterprise_linux_workstation, spice, ubuntu_linux)

CVE-2015-5231 (criu, opensuse)

The service daemon in CRIU does not properly restrict access to non-dumpable processes, which allows local users to obtain sensitive information via (1) process dumps or (2) ptrace access.

Source: CVE-2015-5231 (criu, opensuse)

CVE-2015-5231

The service daemon in CRIU does not properly restrict access to non-dumpable processes, which allows local users to obtain sensitive information via (1) process dumps or (2) ptrace access.

Source: CVE-2015-5231

CVE-2015-5228 (criu, opensuse)

The service daemon in CRIU creates log and dump files insecurely, which allows local users to create arbitrary files and take ownership of existing files via unspecified vectors related to a directory path.

Source: CVE-2015-5228 (criu, opensuse)