- EPSS 4.01%
- Veröffentlicht 12.05.2015 19:59:21
- Zuletzt bearbeitet 06.05.2026 22:30:45
The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.
CVE-2015-1860
- EPSS 8.74%
- Veröffentlicht 12.05.2015 19:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.
CVE-2015-1859
- EPSS 7.19%
- Veröffentlicht 12.05.2015 19:59:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code ...
CVE-2015-1858
- EPSS 7.22%
- Veröffentlicht 12.05.2015 19:59:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted B...
CVE-2015-3340
- EPSS 0.79%
- Veröffentlicht 28.04.2015 14:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.
CVE-2015-1774
- EPSS 7.65%
- Veröffentlicht 28.04.2015 14:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-...
- EPSS 17.94%
- Veröffentlicht 24.04.2015 14:59:11
- Zuletzt bearbeitet 06.05.2026 22:30:45
cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.
CVE-2015-3145
- EPSS 37.63%
- Veröffentlicht 24.04.2015 14:59:10
- Zuletzt bearbeitet 06.05.2026 22:30:45
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via...
- EPSS 2.32%
- Veröffentlicht 14.04.2015 18:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file.
- EPSS 7.8%
- Veröffentlicht 10.04.2015 15:00:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.