Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying entries 1 - 10 of 65548 in total

DSA-3236-1 libreoffice -- security update Vulnerability

  • Severity: 4
  • Published: April 24, 2015

It was discovered that missing input sanitising in Libreoffice's filter for HWP documents may result in the execution of arbitrary code if a malformed document is opened.

DSA-3233-1 wpa -- security update Vulnerability

  • Severity: 4
  • Published: April 23, 2015

The Google security team and the smart hardware research group of Alibaba security team discovered a flaw in how wpa_supplicant used SSID information when creating or updating P2P peer entries. A remote attacker can use this flaw to cause wpa_supplicant to crash, expose memory contents, and potentially execute arbitrary code.

USN-2571-1: Firefox vulnerability Vulnerability

  • Severity: 4
  • Published: April 23, 2015

Robert Kaiser discovered a use-after-free during plugin initialization insome circumstances. If a user were tricked in to opening a speciallycrafted website, an attacker could potentially exploit this to cause adenial of service via application crash or execute arbitrary code with theprivileges of the user invoking Firefox. (CVE-2015-270...

USN-2576-2: usb-creator vulnerability Vulnerability

  • Severity: 4
  • Published: April 22, 2015

USN-2576-1 fixed a vulnerability in usb-creator. This update provides thecorresponding fix for Ubuntu 15.04. Original advisory details: Tavis Ormandy discovered that usb-creator was missing an authentication check. A local attacker could use this issue to gain elevated privileges. The problem can be corrected by updating your system to...

USN-2576-1: usb-creator vulnerability Vulnerability

  • Severity: 4
  • Published: April 22, 2015

Tavis Ormandy discovered that usb-creator was missing an authenticationcheck. A local attacker could use this issue to gain elevated privileges. The problem can be corrected by updating your system to the following package version: To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After...

USN-2577-1: wpa_supplicant vulnerability Vulnerability

  • Severity: 4
  • Published: April 22, 2015

It was discovered that wpa_supplicant incorrectly handled SSID informationwhen creating or updating P2P peer entries. A remote attacker could usethis issue to cause wpa_supplicant to crash, resulting in a denial ofservice, expose memory contents, or possibly execute arbitrary code. The problem can be corrected by updating your system to...

DSA-3232-1 curl -- security update Vulnerability

  • Severity: 4
  • Published: April 21, 2015

cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.

FreeBSD: wpa_supplicant -- P2P SSID processing vulnerability (CVE-2015-1863) Vulnerability

  • Severity: 4
  • Published: April 21, 2015

Jouni Malinen reports: A vulnerability was found in how wpa_supplicant uses SSID information parsed from management frames that create or update P2P peer entries (e.g., Probe Response frame or number of P2P Public Action frames). SSID field has valid length range of 0-32 octets. However, it is transmitted ...

FreeBSD: wordpress -- multiple vulnabilities Vulnerability

  • Severity: 4
  • Published: April 20, 2015

Gary Pendergast reports: WordPress 4.1.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could enable ano...