Live-Hack-CVE/CVE-2015-5295 The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory consumption) or determine the existence of local files via the resource type in a template, as demonstrated by file:///dev/ze CVE project by @Sn0wAlice Create: 2023-02-13 10:27:29 +0000 UTC Push: 2023-02-13 10:27:31 +0000 UTC |

Live-Hack-CVE/CVE-2015-5313 Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in CVE project by @Sn0wAlice Create: 2023-02-13 10:27:26 +0000 UTC Push: 2023-02-13 10:27:27 +0000 UTC |

Live-Hack-CVE/CVE-2015-5292 Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos a CVE project by @Sn0wAlice Create: 2023-02-13 10:27:22 +0000 UTC Push: 2023-02-13 10:27:24 +0000 UTC |

Live-Hack-CVE/CVE-2015-5302 libreport 2.0.7 before 2.6.3 only saves changes to the first file when editing a crash report, which allows remote attackers to obtain sensitive information via unspecified vectors related to the (1) backtrace, (2) cmdline, (3) environ, (4) open_fds, (5) maps, (6) smaps, (7) hostname, (8) remote, (9) ks.cfg, or (10) an CVE project by @Sn0wAlice Create: 2023-02-13 10:27:19 +0000 UTC Push: 2023-02-13 10:27:21 +0000 UTC |

Live-Hack-CVE/CVE-2015-7502 Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users to obtain sensitive data and consequently gain privileges by leveraging access to (1) database exports or (2) log files. CVE project by @Sn0wAlice Create: 2023-02-13 10:27:16 +0000 UTC Push: 2023-02-13 10:27:17 +0000 UTC |

Live-Hack-CVE/CVE-2015-7500 The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags. CVE project by @Sn0wAlice Create: 2023-02-13 10:27:12 +0000 UTC Push: 2023-02-13 10:27:14 +0000 UTC |

Live-Hack-CVE/CVE-2015-7499 Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. CVE project by @Sn0wAlice Create: 2023-02-13 10:27:09 +0000 UTC Push: 2023-02-13 10:27:11 +0000 UTC |

Live-Hack-CVE/CVE-2015-7504 Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode. CVE project by @Sn0wAlice Create: 2023-02-13 10:27:05 +0000 UTC Push: 2023-02-13 10:27:07 +0000 UTC |

Live-Hack-CVE/CVE-2015-7512 Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet. CVE project by @Sn0wAlice Create: 2023-02-13 10:27:02 +0000 UTC Push: 2023-02-13 10:27:04 +0000 UTC |

Live-Hack-CVE/CVE-2015-7544 redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3.6 allows remote authenticated users with the SuperUser role on any Entity to execute arbitrary commands on any host in the RHEV environment. CVE project by @Sn0wAlice Create: 2023-02-13 10:26:59 +0000 UTC Push: 2023-02-13 10:27:01 +0000 UTC |

Live-Hack-CVE/CVE-2015-7549 The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method. CVE project by @Sn0wAlice Create: 2023-02-13 10:26:55 +0000 UTC Push: 2023-02-13 10:26:57 +0000 UTC |

Live-Hack-CVE/CVE-2015-7529 sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date. CVE project by @Sn0wAlice Create: 2023-02-13 10:26:52 +0000 UTC Push: 2023-02-13 10:26:54 +0000 UTC |

Live-Hack-CVE/CVE-2015-7509 fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015. CVE project by @Sn0wAlice Create: 2023-02-13 10:26:48 +0000 UTC Push: 2023-02-13 10:26:50 +0000 UTC |

Live-Hack-CVE/CVE-2015-8504 Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client. CVE project by @Sn0wAlice Create: 2023-02-13 10:26:45 +0000 UTC Push: 2023-02-13 10:26:47 +0000 UTC |

Live-Hack-CVE/CVE-2015-8744 QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS. CVE project by @Sn0wAlice Create: 2023-02-13 10:26:41 +0000 UTC Push: 2023-02-13 10:26:43 +0000 UTC |

Live-Hack-CVE/CVE-2015-8324 The ext4 implementation in the Linux kernel before 2.6.34 does not properly track the initialization of certain data structures, which allows physically proximate attackers to cause a denial of service (NULL pointer dereference and panic) via a crafted USB device, related to the ext4_fill_super function. CVE project by @Sn0wAlice Create: 2023-02-13 10:26:37 +0000 UTC Push: 2023-02-13 10:26:40 +0000 UTC |

Live-Hack-CVE/CVE-2015-7553 Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is loaded, allows local users to cause a denial of service (panic) by creating netlink sockets. CVE project by @Sn0wAlice Create: 2023-02-13 10:26:34 +0000 UTC Push: 2023-02-13 10:26:36 +0000 UTC |

Live-Hack-CVE/CVE-2015-7872 The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands. CVE project by @Sn0wAlice Create: 2023-02-13 10:26:30 +0000 UTC Push: 2023-02-13 10:26:33 +0000 UTC |

Live-Hack-CVE/CVE-2015-8660 The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application. CVE project by @Sn0wAlice Create: 2023-02-13 10:26:27 +0000 UTC Push: 2023-02-13 10:26:29 +0000 UTC |

Live-Hack-CVE/CVE-2015-7713 OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made. CVE project by @Sn0wAlice Create: 2023-02-13 10:26:23 +0000 UTC Push: 2023-02-13 10:26:25 +0000 UTC |