CVE-2015-6820
- EPSS 2.41%
- Veröffentlicht 06.09.2015 02:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which allows remote attackers to cause a denial of service (...
CVE-2015-6818
- EPSS 2.41%
- Veröffentlicht 06.09.2015 02:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR (aka image header) chunk in a PNG image, which allows remote attackers to cause a denial of service (out-of-bounds array access) or p...
CVE-2015-3308
- EPSS 3.92%
- Veröffentlicht 02.09.2015 14:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point.
- EPSS 2.32%
- Veröffentlicht 01.09.2015 14:59:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.
CVE-2015-5706
- EPSS 0.44%
- Veröffentlicht 31.08.2015 10:59:16
- Zuletzt bearbeitet 06.05.2026 22:30:45
Use-after-free vulnerability in the path_openat function in fs/namei.c in the Linux kernel 3.x and 4.x before 4.0.4 allows local users to cause a denial of service or possibly have unspecified other impact via O_TMPFILE filesystem operations that lev...
CVE-2015-5364
- EPSS 6.27%
- Veröffentlicht 31.08.2015 10:59:12
- Zuletzt bearbeitet 06.05.2026 22:30:45
The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet f...
- EPSS 4.93%
- Veröffentlicht 24.08.2015 14:59:09
- Zuletzt bearbeitet 06.05.2026 22:30:45
The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote...
- EPSS 5.16%
- Veröffentlicht 24.08.2015 14:59:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record remova...
- EPSS 2.75%
- Veröffentlicht 16.08.2015 23:59:25
- Zuletzt bearbeitet 06.05.2026 22:30:45
The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allow...
CVE-2015-3749
- EPSS 2.67%
- Veröffentlicht 16.08.2015 23:59:22
- Zuletzt bearbeitet 06.05.2026 22:30:45
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site...