Branch sisyphus update bulletin.

Package qt5-webkit updated to version 5.4.0-alt1 for branch sisyphus in task 136769.

Published: 2017-09-07
Modified: 2024-11-21

CVE-2015-8079

qt5-qtwebkit before 5.4 records private browsing URLs to its favicon database, WebpageIcons.db.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Package qt5-wayland updated to version 5.4.0-alt1 for branch sisyphus in task 136769.

Published: 2015-05-12
Modified: 2024-11-21

CVE-2015-1858

Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.

Severity: MEDIUM (6.8)

References:

Published: 2015-05-12
Modified: 2024-11-21

CVE-2015-1859

Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.

Severity: MEDIUM (6.8)

References:

Published: 2015-05-12
Modified: 2024-11-21

CVE-2015-1860

Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.

Severity: MEDIUM (6.8)

References:

Published: 2015-10-26
Modified: 2024-11-21

CVE-2015-7298

ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression.

Severity: MEDIUM (5.1)

References:

Package unbound updated to version 1.5.1-alt1 for branch sisyphus in task 136971.

Published: 2014-12-11
Modified: 2024-11-21

CVE-2014-8602

iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals.

Severity: MEDIUM (4.3)

References:

Package libvirt updated to version 1.2.11-alt1 for branch sisyphus in task 137019.

Published: 2015-01-05

BDU:2015-06009

Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: MEDIUM (6.8)

References:

Published: 2015-01-05

BDU:2015-06010

Severity: MEDIUM (6.8)

References:

Published: 2015-01-05

BDU:2015-06011

Severity: MEDIUM (6.8)

References:

Published: 2015-01-05

BDU:2015-06012

Severity: MEDIUM (6.8)

References:

Published: 2015-01-05

BDU:2015-06013

Severity: MEDIUM (6.8)

References:

Published: 2015-01-05

BDU:2015-07119

Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность и доступность защищаемой информации

Severity: MEDIUM (5.8)

References:

Published: 2015-01-05

BDU:2015-07120

Severity: MEDIUM (5.8)

References:

Published: 2015-01-05

BDU:2015-07121

Severity: MEDIUM (5.8)

References:

Published: 2015-01-05

BDU:2015-07122

Severity: MEDIUM (5.8)

References:

Published: 2015-01-05

BDU:2015-07123

Severity: MEDIUM (5.8)

References:

Published: 2015-01-05

BDU:2015-07124

Severity: MEDIUM (5.8)

References:

Published: 2015-01-05

BDU:2015-07125

Severity: MEDIUM (5.8)

References:

Published: 2015-01-05

BDU:2015-07126

Severity: MEDIUM (5.8)

References:

Published: 2015-01-05

BDU:2015-07127

Severity: MEDIUM (5.8)

References:

Published: 2015-01-05

BDU:2015-07128

Severity: MEDIUM (5.8)

References:

Published: 2015-01-05

BDU:2015-07129

Severity: MEDIUM (5.8)

References:

Published: 2015-01-05

BDU:2015-07130

Severity: MEDIUM (5.8)

References:

Published: 2015-01-05

BDU:2015-07131

Severity: MEDIUM (5.8)

References:

Published: 2015-01-05

BDU:2015-07132

Severity: MEDIUM (5.8)

References:

Published: 2015-01-05

BDU:2015-07133

Severity: MEDIUM (5.8)

References:

Published: 2015-01-05

BDU:2015-07134

Severity: MEDIUM (5.8)

References:

Published: 2015-01-05

BDU:2015-07135

Severity: MEDIUM (5.8)

References:

Published: 2015-01-05

BDU:2015-07136

Severity: MEDIUM (5.8)

References:

Published: 2015-01-05

BDU:2015-07137

Severity: MEDIUM (5.8)

References:

Published: 2015-01-05

BDU:2015-07138

Severity: MEDIUM (5.8)

References:

Published: 2015-01-05

BDU:2015-07139

Severity: MEDIUM (5.8)

References:

Published: 2015-01-05

BDU:2015-09147

Уязвимости операционной системы CentOS, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: MEDIUM (6.8)

References:

Published: 2015-01-05

BDU:2015-09148

Severity: MEDIUM (6.8)

References:

Published: 2015-01-05

BDU:2015-09149

Severity: MEDIUM (6.8)

References:

Published: 2015-01-05

BDU:2015-09150

Severity: MEDIUM (6.8)

References:

Published: 2015-01-05

BDU:2015-09151

Severity: MEDIUM (6.8)

References:

Published: 2015-01-05

BDU:2015-09254

Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность и доступность защищаемой информации

Severity: MEDIUM (5.8)

References:

Published: 2015-01-05

BDU:2015-09255

Severity: MEDIUM (5.8)

References:

Published: 2015-01-05

BDU:2015-09256

Severity: MEDIUM (5.8)

References:

Published: 2015-01-05

BDU:2015-09257

Severity: MEDIUM (5.8)

References:

Published: 2015-01-05

BDU:2015-09258

Severity: MEDIUM (5.8)

References:

Published: 2015-01-05

BDU:2015-09259

Severity: MEDIUM (5.8)

References:

Published: 2015-01-05

BDU:2015-09260

Severity: MEDIUM (5.8)

References:

Published: 2015-01-05

BDU:2015-09261

Severity: MEDIUM (5.8)

References:

Published: 2015-01-05

BDU:2015-09262

Severity: MEDIUM (5.8)

References:

Published: 2015-01-05

BDU:2015-09263

Severity: MEDIUM (5.8)

References:

Published: 2015-01-05

BDU:2015-09264

Severity: MEDIUM (5.8)

References:

Published: 2015-01-05

BDU:2015-09265

Severity: MEDIUM (5.8)

References:

Published: 2015-01-05

BDU:2015-09266

Severity: MEDIUM (5.8)

References:

Published: 2015-01-05

BDU:2015-09267

Severity: MEDIUM (5.8)

References:

Published: 2015-01-05

BDU:2015-09268

Severity: MEDIUM (5.8)

References:

Published: 2015-01-05

BDU:2015-09269

Severity: MEDIUM (5.8)

References:

Published: 2015-01-05

BDU:2015-09270

Severity: MEDIUM (5.8)

References:

Published: 2015-01-05

BDU:2015-09271

Severity: MEDIUM (5.8)

References:

Published: 2015-01-05

BDU:2015-09272

Severity: MEDIUM (5.8)

References:

Published: 2015-01-05

BDU:2015-09273

Severity: MEDIUM (5.8)

References:

Published: 2015-01-05

BDU:2015-09274

Severity: MEDIUM (5.8)

References:

Published: 2014-11-14
Modified: 2024-11-21

CVE-2014-7823

The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag.

Severity: MEDIUM (5.0)

References:

Published: 2015-01-06
Modified: 2024-11-21

CVE-2014-8131

The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access.

Severity: MEDIUM (4.0)

References:

Published: 2014-12-19
Modified: 2024-11-21

CVE-2014-8135

The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted offset value in a "virsh vol-upload" command.

Severity: LOW (2.1)

References:

Published: 2014-12-19
Modified: 2024-11-21

CVE-2014-8136

The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.

Severity: LOW (2.1)

References:

Version: 2.1.0

ALT-BU-2014-3170-1

Closed vulnerabilities

Closed vulnerabilities

Closed vulnerabilities

Closed vulnerabilities