CVE-2015-5166
- EPSS 0.43%
- Veröffentlicht 12.08.2015 14:59:25
- Zuletzt bearbeitet 06.05.2026 22:30:45
Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.
CVE-2015-5165
- EPSS 13.29%
- Veröffentlicht 12.08.2015 14:59:24
- Zuletzt bearbeitet 06.05.2026 22:30:45
The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.
CVE-2015-5154
- EPSS 0.63%
- Veröffentlicht 12.08.2015 14:59:23
- Zuletzt bearbeitet 06.05.2026 22:30:45
Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.
CVE-2015-2059
- EPSS 3.19%
- Veröffentlicht 12.08.2015 14:59:09
- Zuletzt bearbeitet 06.05.2026 22:30:45
The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bou...
- EPSS 4.4%
- Veröffentlicht 26.07.2015 22:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a di...
CVE-2015-4588
- EPSS 9.22%
- Veröffentlicht 01.07.2015 14:59:10
- Zuletzt bearbeitet 06.05.2026 22:30:45
Heap-based buffer overflow in the DecodeImage function in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted "run-length count" in an image in a WMF file.
CVE-2015-0848
- EPSS 8.54%
- Veröffentlicht 01.07.2015 14:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image.
CVE-2015-4454
- EPSS 2.25%
- Veröffentlicht 17.06.2015 18:59:09
- Zuletzt bearbeitet 06.05.2026 22:30:45
SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graph_template_id parameter to graph_templates.php.
CVE-2015-4342
- EPSS 3.23%
- Veröffentlicht 17.06.2015 18:59:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id.
CVE-2015-2665
- EPSS 2.16%
- Veröffentlicht 17.06.2015 18:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.