CVE-2015-2782
- EPSS 5.89%
- Veröffentlicht 08.04.2015 18:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ARJ archive.
CVE-2015-0557
- EPSS 3.37%
- Veröffentlicht 08.04.2015 18:59:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive.
CVE-2015-0556
- EPSS 3.84%
- Veröffentlicht 08.04.2015 18:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive.
CVE-2015-2756
- EPSS 0.45%
- Veröffentlicht 01.04.2015 14:59:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O ...
CVE-2015-2752
- EPSS 0.45%
- Veröffentlicht 01.04.2015 14:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service (host CPU consumption) via a crafted request to the devi...
CVE-2015-2751
- EPSS 2.28%
- Veröffentlicht 01.04.2015 14:59:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations.
- EPSS 2.64%
- Veröffentlicht 30.03.2015 14:59:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
The get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (crash) via a group list request for a user th...
- EPSS 16.34%
- Veröffentlicht 30.03.2015 14:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
The get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot before 3.2.22 allows remote attackers to execute arbitrary commands via shell metacharacters in a file name.
- EPSS 2.78%
- Veröffentlicht 30.03.2015 14:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request.
CVE-2015-2331
- EPSS 27.69%
- Veröffentlicht 30.03.2015 10:59:12
- Zuletzt bearbeitet 06.05.2026 22:30:45
Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial ...