- EPSS 7.21%
- Veröffentlicht 15.12.2015 21:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.
CVE-2015-5312
- EPSS 4.54%
- Veröffentlicht 15.12.2015 21:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerab...
CVE-2015-1344
- EPSS 0.38%
- Veröffentlicht 07.12.2015 20:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
The do_write_pids function in lxcfs.c in LXCFS before 0.12 does not properly check permissions, which allows local users to gain privileges by writing a pid to the tasks file.
CVE-2015-1342
- EPSS 0.47%
- Veröffentlicht 07.12.2015 20:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
LXCFS before 0.12 does not properly enforce directory escapes, which might allow local users to gain privileges by (1) querying or (2) updating a cgroup.
CVE-2015-3196
- EPSS 12.81%
- Veröffentlicht 06.12.2015 20:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (...
CVE-2015-3195
- EPSS 38.71%
- Veröffentlicht 06.12.2015 20:59:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to ob...
CVE-2015-3194
- EPSS 44.02%
- Veröffentlicht 06.12.2015 20:59:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function p...
CVE-2015-3193
- EPSS 25.14%
- Veröffentlicht 06.12.2015 20:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for r...
CVE-2015-0860
- EPSS 5.04%
- Veröffentlicht 03.12.2015 20:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "...
CVE-2015-8365
- EPSS 2.08%
- Veröffentlicht 26.11.2015 17:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
The smka_decode_frame function in libavcodec/smacker.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not verify that the data size is consistent with the number of channels, which allows remote attackers to cause a denial o...