CVE-2015-2045
- EPSS 0.47%
- Veröffentlicht 12.03.2015 14:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors.
- EPSS 1.69%
- Veröffentlicht 10.03.2015 14:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by re...
- EPSS 2.11%
- Veröffentlicht 10.03.2015 14:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors.
- EPSS 3.26%
- Veröffentlicht 09.03.2015 17:59:10
- Zuletzt bearbeitet 06.05.2026 22:30:45
libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, ...
CVE-2015-1464
- EPSS 1.99%
- Veröffentlicht 09.03.2015 14:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL.
- EPSS 2.12%
- Veröffentlicht 09.03.2015 14:59:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors.
CVE-2014-9472
- EPSS 2.83%
- Veröffentlicht 09.03.2015 14:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted email.
- EPSS 4.8%
- Veröffentlicht 28.02.2015 02:59:35
- Zuletzt bearbeitet 06.05.2026 22:30:45
Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maxi...
- EPSS 3.36%
- Veröffentlicht 19.02.2015 15:59:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading ...
CVE-2015-0247
- EPSS 0.9%
- Veröffentlicht 17.02.2015 15:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.