CVE-2015-8364
- EPSS 2.07%
- Veröffentlicht 26.11.2015 17:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspe...
- EPSS 6.36%
- Veröffentlicht 24.11.2015 20:59:15
- Zuletzt bearbeitet 06.05.2026 22:30:45
The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which trigge...
CVE-2015-7869
- EPSS 0.4%
- Veröffentlicht 24.11.2015 20:59:13
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple integer overflows in the kernel mode driver for the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows and R304 before 304.131, R340 before 340.96, R352 before 352.63, and R358 before 358.16 ...
- EPSS 2.84%
- Veröffentlicht 19.11.2015 20:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable.
CVE-2015-8035
- EPSS 3.2%
- Veröffentlicht 18.11.2015 16:59:09
- Zuletzt bearbeitet 06.05.2026 22:30:45
The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.
- EPSS 2.58%
- Veröffentlicht 18.11.2015 16:59:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success messag...
CVE-2015-7942
- EPSS 4.74%
- Veröffentlicht 18.11.2015 16:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via...
CVE-2015-7941
- EPSS 3.07%
- Veröffentlicht 18.11.2015 16:59:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSect...
CVE-2015-8222
- EPSS 0.38%
- Veröffentlicht 17.11.2015 15:59:24
- Zuletzt bearbeitet 06.05.2026 22:30:45
The lxd-unix.socket systemd unit file in the Ubuntu lxd package before 0.20-0ubuntu4.1 uses world-readable permissions for /var/lib/lxd/unix.socket, which allows local users to gain privileges via unspecified vectors.
- EPSS 5.06%
- Veröffentlicht 17.11.2015 15:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215.