CVE-2015-1803
- EPSS 4.86%
- Veröffentlicht 20.03.2015 14:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer der...
CVE-2015-2296
- EPSS 3.41%
- Veröffentlicht 18.03.2015 16:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.
- EPSS 9.83%
- Veröffentlicht 16.03.2015 10:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by tri...
CVE-2014-8159
- EPSS 0.44%
- Veröffentlicht 16.03.2015 10:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary p...
CVE-2015-2304
- EPSS 4.89%
- Veröffentlicht 15.03.2015 19:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.
CVE-2015-0254
- EPSS 13.26%
- Veröffentlicht 09.03.2015 14:59:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag.
CVE-2015-2238
- EPSS 0.64%
- Veröffentlicht 09.03.2015 00:59:28
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple unspecified vulnerabilities in Google V8 before 4.1.0.21, as used in Google Chrome before 41.0.2272.76, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2015-1231
- EPSS 1.3%
- Veröffentlicht 09.03.2015 00:59:23
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple unspecified vulnerabilities in Google Chrome before 41.0.2272.76 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
- EPSS 0.95%
- Veröffentlicht 09.03.2015 00:59:22
- Zuletzt bearbeitet 06.05.2026 22:30:45
net/http/proxy_client_socket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 (aka Proxy Authentication Required) HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection...
CVE-2015-1230
- EPSS 2.12%
- Veröffentlicht 09.03.2015 00:59:22
- Zuletzt bearbeitet 06.05.2026 22:30:45
The getHiddenProperty function in bindings/core/v8/V8EventListenerList.h in Blink, as used in Google Chrome before 41.0.2272.76, has a name conflict with the AudioContext class, which allows remote attackers to cause a denial of service or possibly h...