The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2015-1341 | Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path. | HIGH | May 7, 2019 |
| CVE-2015-1340 | LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker\'s choice. | MEDIUM | Apr 29, 2019 |
| CVE-2015-1339 | Memory leak in the cuse_channel_release function in fs/fuse/cuse.c in the Linux kernel before 4.4 allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact by opening /dev/cuse many times. | Medium | Apr 28, 2016 |
| CVE-2015-1338 | kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log. | High | Oct 2, 2015 |
| CVE-2015-1337 | Simple Streams (simplestreams) does not properly verify the GPG signatures of disk image files, which allows remote mirror servers to spoof disk images and have unspecified other impact via a 403 (aka Forbidden) response. | Medium | Oct 9, 2015 |
| CVE-2015-1336 | The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use. | HIGH | Sep 28, 2017 |
| CVE-2015-1335 | lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source. | High | Oct 2, 2015 |
| CVE-2015-1334 | attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a poc filesystem with a crafted (1) AppArmor profile or (2) SELinux label. | Medium | Aug 12, 2015 |
| CVE-2015-1333 | Memory leak in the __key_link_end function in security/keys/keyring.c in the Linux kernel before 4.1.4 allows local users to cause a denial of service (memory consumption) via many add_key system calls that refer to existing keys. | Medium | Aug 31, 2015 |
| CVE-2015-1332 | The oxide::JavaScriptDialogManager function in oxide-qt before 1.9.1 as packaged in Ubuntu 15.04 and Ubuntu 14.04 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted website. | MEDIUM | Jul 25, 2017 |
| CVE-2015-1331 | lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*. | Medium | Aug 12, 2015 |
| CVE-2015-1330 | unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vectors. | Medium | Jul 2, 2015 |
| CVE-2015-1329 | Use-after-free vulnerability in oxide::qt::URLRequestDelegatedJob in oxide-qt in Ubuntu 15.04 and 14.04 LTS might allow remote attackers to execute arbitrary code. | HIGH | Sep 20, 2017 |
| CVE-2015-1328 | The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace. | High | Nov 29, 2016 |
| CVE-2015-1327 | Content Hub before version 0.0+15.04.20150331-0ubuntu1.0 DBUS API only requires a file path for a content item, it doesn\'t actually require the confined app have access to the file to create a transfer. This could allow a malicious application using the DBUS API to export file:///etc/passwd which would then send a copy of that file to another app. | MEDIUM | Apr 30, 2019 |
| CVE-2015-1326 | python-dbusmock before version 0.15.1 AddTemplate() D-Bus method call or DBusTestCase.spawn_server_template() method could be tricked into executing malicious code if an attacker supplies a .pyc file. | High | Apr 27, 2019 |
| CVE-2015-1325 | Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, or before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allows local users to write to arbitrary files and gain root privileges. | MEDIUM | Aug 25, 2017 |
| CVE-2015-1324 | apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, or before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allows local users to write to arbitrary files and gain root privileges. | HIGH | Aug 25, 2017 |
| CVE-2015-1323 | The simulate dbus method in aptdaemon before 1.1.1+bzr982-0ubuntu3.1 as packaged in Ubuntu 15.04, before 1.1.1+bzr980-0ubuntu1.1 as packaged in Ubuntu 14.10, before 1.1.1-1ubuntu5.2 as packaged in Ubuntu 14.04 LTS, before 0.43+bzr805-0ubuntu10 as packaged in Ubuntu 12.04 LTS allows local users to obtain sensitive information, or access files with root permissions. | MEDIUM | Jul 21, 2017 |
| CVE-2015-1322 | Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or ready arbitrary files via a .. (dot dot) in the file name in a request to read modem device contexts (com.canonical.NMOfono.ReadImsiContexts). | Medium | Apr 30, 2015 |
| CVE-2015-1321 | Use-after-free vulnerability in the file picker implementation in Oxide before 1.6.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted webpage.<a href=http://cwe.mitre.org/data/definitions/416.html>CWE-416: Use After Free</a> | Medium | Apr 30, 2015 |
| CVE-2015-1320 | The SeaMicro provisioning of Ubuntu MAAS logs credentials, including username and password, for the management interface. This issue affects Ubuntu MAAS versions prior to 1.9.2. | MEDIUM | Apr 29, 2019 |
| CVE-2015-1319 | The Unity Settings Daemon before 14.04.0+14.04.20150825-0ubuntu2 and 15.04.x before 15.04.1+15.04.20150408-0ubuntu1.2 does not properly detect if the screen is locked, which allows physically proximate attackers to mount removable media while the screen is locked as demonstrated by inserting a USB thumb drive. | Low | Sep 21, 2015 |
| CVE-2015-1318 | The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container). | High | Apr 20, 2015 |
| CVE-2015-1317 | Use-after-free vulnerability in Oxide before 1.5.6 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code by deleting all WebContents while a RenderProcessHost instance still exists.<a href=http://cwe.mitre.org/data/definitions/416.html>CWE-416: Use After Free</a> | High | Apr 13, 2015 |
| CVE-2015-1316 | Juju Core\'s Joyent provider before version 1.25.5 uploads the user\'s private ssh key. | MEDIUM | Apr 29, 2019 |
| CVE-2015-1315 | Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8. | High | Feb 24, 2015 |
| CVE-2015-1314 | The USAA Mobile Banking application before 7.10.1 for Android displays the most recently-used screen before prompting the user for login, which might allow physically proximate users to obtain banking account numbers and balances. | Low | Apr 17, 2015 |
| CVE-2015-1313 | JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request. | -- | Jun 29, 2023 |
| CVE-2015-1312 | The Dealer Portal in SAP ERP does not properly restrict access, which allows remote attackers to obtain sensitive information, gain privileges, and possibly have other unspecified impact via unknown vectors, aka SAP Note 2000401. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | High | Jan 25, 2015 |
| CVE-2015-1311 | The Extended Application Services (XS) in SAP HANA allows remote attackers to inject arbitrary ABAP code via unspecified vectors, aka SAP Note 2098906. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | High | Jan 25, 2015 |
| CVE-2015-1310 | SQL injection vulnerability in SAP Adaptive Server Enterprise (Sybase ASE) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Note 2113333. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | High | Jan 25, 2015 |
| CVE-2015-1309 | XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML request, related to ECATT_DISPLAY_XMLSTRING_REMOTE, aka SAP Note 2016638.<a href=http://cwe.mitre.org/data/definitions/611.html>CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a> | Medium | Jan 25, 2015 |
| CVE-2015-1308 | kde-workspace 4.2.0 and plasma-workspace before 5.1.95 allows remote attackers to obtain input events, and consequently obtain passwords, by leveraging access to the X server when the screen is locked. | Medium | Jan 26, 2015 |
| CVE-2015-1307 | plasma-workspace before 5.1.95 allows remote attackers to obtain passwords via a Trojan horse Look and Feel package. | Medium | Jan 26, 2015 |
| CVE-2015-1306 | The newsletter posting area in the web interface in Sympa 6.0.x before 6.0.10 and 6.1.x before 6.1.24 allows remote attackers to read arbitrary files via unspecified vectors. | Medium | Jan 23, 2015 |
| CVE-2015-1305 | McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted (1) 0x00224014 or (2) 0x0022c018 IOCTL call. | Medium | Feb 19, 2015 |
| CVE-2015-1304 | object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Origin Policy via a (1) observe or (2) getNotifier call. | High | Oct 13, 2015 |
| CVE-2015-1303 | bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document containing an IFRAME element. | High | Oct 13, 2015 |
| CVE-2015-1302 | The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin loading, related to pdf.js and out_of_process_instance.cc. | HIGH | Nov 11, 2015 |
| CVE-2015-1301 | Multiple unspecified vulnerabilities in Google Chrome before 45.0.2454.85 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | High | Sep 4, 2015 |
| CVE-2015-1300 | The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to obtain sensitive information via crafted JavaScript code that leverages a history.back call. | Medium | Sep 4, 2015 |
| CVE-2015-1299 | Use-after-free vulnerability in the shared-timer implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging erroneous timer firing, related to ThreadTimers.cpp and Timer.cpp.<a href=http://cwe.mitre.org/data/definitions/416.html>CWE-416: Use After Free</a> | High | Sep 4, 2015 |
| CVE-2015-1298 | The RuntimeEventRouter::OnExtensionUninstalled function in extensions/browser/api/runtime/runtime_api.cc in Google Chrome before 45.0.2454.85 does not ensure that the setUninstallURL preference corresponds to the URL of a web site, which allows user-assisted remote attackers to trigger access to an arbitrary URL via a crafted extension that is uninstalled. | Medium | Sep 4, 2015 |
| CVE-2015-1297 | The WebRequest API implementation in extensions/browser/api/web_request/web_request_api.cc in Google Chrome before 45.0.2454.85 does not properly consider a request's source before accepting the request, which allows remote attackers to bypass intended access restrictions via a crafted (1) app or (2) extension. | High | Sep 4, 2015 |
| CVE-2015-1296 | The UnescapeURLWithAdjustmentsImpl implementation in net/base/escape.cc in Google Chrome before 45.0.2454.85 does not prevent display of Unicode LOCK characters in the omnibox, which makes it easier for remote attackers to spoof the SSL lock icon by placing one of these characters at the end of a URL, as demonstrated by the omnibox in localizations for right-to-left languages. | Medium | Sep 4, 2015 |
| CVE-2015-1295 | Multiple use-after-free vulnerabilities in the PrintWebViewHelper class in components/printing/renderer/print_web_view_helper.cc in Google Chrome before 45.0.2454.85 allow user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact by triggering nested IPC messages during preparation for printing, as demonstrated by messages associated with PDF documents in conjunction with messages about printer capabilities.<a href=http://cwe.mitre.org/data/definitions/416.html>CWE-416: Use After Free</a> | High | Sep 4, 2015 |
| CVE-2015-1294 | Use-after-free vulnerability in the SkMatrix::invertNonIdentity function in core/SkMatrix.cpp in Skia, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering the use of matrix elements that lead to an infinite result during an inversion calculation.<a href=http://cwe.mitre.org/data/definitions/416.html>CWE-416: Use After Free</a> | High | Sep 4, 2015 |
| CVE-2015-1293 | The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | Medium | Sep 4, 2015 |
| CVE-2015-1292 | The NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker.cpp in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy by accessing a Service Worker. | Medium | Sep 4, 2015 |
