CVE-2015-5296
- EPSS 7.26%
- Veröffentlicht 29.12.2015 22:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-s...
CVE-2015-5252
- EPSS 13.27%
- Veröffentlicht 29.12.2015 22:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points o...
CVE-2015-8327
- EPSS 10.17%
- Veröffentlicht 17.12.2015 19:59:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job.
CVE-2015-5277
- EPSS 0.59%
- Veröffentlicht 17.12.2015 19:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS...
- EPSS 5.91%
- Veröffentlicht 15.12.2015 21:59:09
- Zuletzt bearbeitet 06.05.2026 22:30:45
The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds ...
CVE-2015-8242
- EPSS 4.27%
- Veröffentlicht 15.12.2015 21:59:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive informati...
CVE-2015-8241
- EPSS 5.44%
- Veröffentlicht 15.12.2015 21:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML dat...
- EPSS 5.92%
- Veröffentlicht 15.12.2015 21:59:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.
- EPSS 6.46%
- Veröffentlicht 15.12.2015 21:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.
- EPSS 7.02%
- Veröffentlicht 15.12.2015 21:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.