Vulnerabilities (CVE)

Filtered by CWE-119
Total 13622 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-5368 1 Hp 39 Elite X2 1010 G2, Elitebook 1040 G1, Elitebook 1040 G2 and 36 more 2026-06-17 7.8 HIGH N/A
The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows remote attackers to modify data or cause a denial of service, or execute arbitrary code, via unspecified vectors.
CVE-2015-5343 2 Apache, Debian 2 Subversion, Debian Linux 2026-06-17 8.0 HIGH 7.6 HIGH
Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow.
CVE-2015-5315 2 Debian, W1.fi 2 Debian Linux, Wpa Supplicant 2026-06-17 4.3 MEDIUM 5.9 MEDIUM
The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message.
CVE-2015-5314 2 Debian, W1.fi 2 Debian Linux, Wpa Supplicant 2026-06-17 4.3 MEDIUM 5.9 MEDIUM
The eap_pwd_process function in eap_server/eap_server_pwd.c in hostapd 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when used with (1) an internal EAP server or (2) a RADIUS server and EAP-pwd is enabled in a runtime configuration, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message.
CVE-2015-5295 4 Fedoraproject, Openstack, Oracle and 1 more 4 Fedora, Orchestration Api, Solaris and 1 more 2026-06-17 5.5 MEDIUM 5.4 MEDIUM
The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory consumption) or determine the existence of local files via the resource type in a template, as demonstrated by file:///dev/zero.
CVE-2015-5291 5 Debian, Fedoraproject, Opensuse and 2 more 6 Debian Linux, Fedora, Leap and 3 more 2026-06-17 6.8 MEDIUM N/A
Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message. NOTE: this identifier has been SPLIT per ADT3 due to different affected version ranges. See CVE-2015-8036 for the session ticket issue that was introduced in 1.3.0.
CVE-2015-5290 1 Ratbox 1 Ircd-ratbox 2026-06-17 5.0 MEDIUM 7.5 HIGH
A Denial of Service vulnerability exists in ircd-ratbox 3.0.9 in the MONITOR Command Handler.
CVE-2015-5289 3 Canonical, Debian, Postgresql 3 Ubuntu Linux, Debian Linux, Postgresql 2026-06-17 6.4 MEDIUM N/A
Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values.
CVE-2015-5283 1 Linux 1 Linux Kernel 2026-06-17 4.7 MEDIUM N/A
The sctp_init function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished.
CVE-2015-5279 1 Qemu 1 Qemu 2026-06-17 7.2 HIGH N/A
Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
CVE-2015-5277 3 Canonical, Gnu, Redhat 6 Ubuntu Linux, Glibc, Enterprise Linux Desktop and 3 more 2026-06-17 7.2 HIGH N/A
The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.
CVE-2015-5261 4 Canonical, Debian, Redhat and 1 more 9 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 6 more 2026-06-17 3.6 LOW 7.1 HIGH
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.
CVE-2015-5260 4 Canonical, Debian, Redhat and 1 more 9 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 6 more 2026-06-17 7.2 HIGH 7.8 HIGH
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.
CVE-2015-5259 1 Apache 1 Subversion 2026-06-17 9.0 HIGH 8.6 HIGH
Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read.
CVE-2015-5225 3 Fedoraproject, Qemu, Redhat 3 Fedora, Qemu, Openstack 2026-06-17 7.2 HIGH N/A
Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the server display surface.
CVE-2015-5220 1 Redhat 2 Jboss Enterprise Application Platform, Jboss Wildfly Application Server 2026-06-17 5.0 MEDIUM N/A
The Web Console in Red Hat Enterprise Application Platform (EAP) before 6.4.4 and WildFly (formerly JBoss Application Server) allows remote attackers to cause a denial of service (memory consumption) via a large request header.
CVE-2015-5218 3 Kernel, Opensuse, Opensuse Project 3 Util-linux, Opensuse, Leap 2026-06-17 2.1 LOW N/A
Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.
CVE-2015-5214 4 Apache, Canonical, Debian and 1 more 4 Openoffice, Ubuntu Linux, Debian Linux and 1 more 2026-06-17 6.8 MEDIUM N/A
LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via an index to a non-existent bookmark in a DOC file.
CVE-2015-5156 1 Linux 1 Linux Kernel 2026-06-17 6.1 MEDIUM N/A
The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel before 4.2 attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets.
CVE-2015-5154 4 Fedoraproject, Qemu, Suse and 1 more 8 Fedora, Qemu, Linux Enterprise Debuginfo and 5 more 2026-06-17 7.2 HIGH N/A
Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.