CVE-2015-3339
- EPSS 0.32%
- Veröffentlicht 27.05.2015 10:59:11
- Zuletzt bearbeitet 06.05.2026 22:30:45
Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but t...
CVE-2015-3332
- EPSS 0.38%
- Veröffentlicht 27.05.2015 10:59:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiti...
CVE-2015-3331
- EPSS 10.11%
- Veröffentlicht 27.05.2015 10:59:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of serv...
CVE-2015-2830
- EPSS 0.41%
- Veröffentlicht 27.05.2015 10:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the...
CVE-2015-2922
- EPSS 3.05%
- Veröffentlicht 27.05.2015 10:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value ...
CVE-2015-4000
- EPSS 99.86%
- Veröffentlicht 21.05.2015 00:59:00
- Zuletzt bearbeitet 27.05.2026 17:16:21
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a Clie...
CVE-2015-1265
- EPSS 7.86%
- Veröffentlicht 20.05.2015 10:59:17
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple unspecified vulnerabilities in Google Chrome before 43.0.2357.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2015-1264
- EPSS 1.18%
- Veröffentlicht 20.05.2015 10:59:16
- Zuletzt bearbeitet 06.05.2026 22:30:45
Cross-site scripting (XSS) vulnerability in Google Chrome before 43.0.2357.65 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted data that is improperly handled by the Bookmarks feature.
CVE-2015-1263
- EPSS 0.99%
- Veröffentlicht 20.05.2015 10:59:15
- Zuletzt bearbeitet 06.05.2026 22:30:45
The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecifie...
CVE-2015-1262
- EPSS 1.58%
- Veröffentlicht 20.05.2015 10:59:14
- Zuletzt bearbeitet 06.05.2026 22:30:45
platform/fonts/shaping/HarfBuzzShaper.cpp in Blink, as used in Google Chrome before 43.0.2357.65, does not initialize a certain width field, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via craf...