apache — cordova_file_transfer |
CRLF injection vulnerability in the Apache Cordova File Transfer Plugin (cordova-plugin-file-transfer) for Android before 1.3.0 allows remote attackers to inject arbitrary headers via CRLF sequences in the filename of an uploaded file. |
2015-12-17 |
4.3 |
CVE-2015-5204 CONFIRM BID |
autodesk — design_review |
Integer overflow in Autodesk Design Review (ADR) before 2013 Hotfix 2 allows remote attackers to execute arbitrary code via a crafted biClrUsed value in a BMP file, which triggers a buffer overflow. |
2015-12-15 |
6.8 |
CVE-2015-8571 CONFIRM MISC |
autodesk — design_review |
Multiple buffer overflows in Autodesk Design Review (ADR) before 2013 Hotfix 2 allow remote attackers to execute arbitrary code via crafted RLE data in a (1) BMP or (2) FLI file, (3) encoded scan lines in a PCX file, or (4) DataSubBlock or (5) GlobalColorTable in a GIF file. |
2015-12-15 |
6.8 |
CVE-2015-8572 CONFIRM MISC MISC MISC MISC MISC |
avg — internet_security |
AVG Internet Security 2015 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses when protecting user-mode processes, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors. |
2015-12-16 |
6.4 |
CVE-2015-8578 MISC MISC MISC |
bitrix — xscan |
Directory traversal vulnerability in the bitrix.xscan module before 1.0.4 for Bitrix allows remote authenticated users to rename arbitrary files, and consequently obtain sensitive information or cause a denial of service, via a .. (dot dot) in the file parameter to admin/bitrix.xscan_worker.php. |
2015-12-16 |
6.5 |
CVE-2015-8357 MISC CONFIRM BUGTRAQ MISC |
cacti — cacti |
SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted serialized data in the selected_graphs_array parameter in a save action. |
2015-12-15 |
6.5 |
CVE-2015-8377 FULLDISC |
chat_room_project — chat_room |
The Chat Room module 7.x-2.x before 7.x-2.2 for Drupal does not properly check permissions when setting up a websocket for chat messages, which allows remote attackers to bypass intended access restrictions and read messages from arbitrary Chat Rooms via unspecified vectors. |
2015-12-17 |
5.0 |
CVE-2015-8601 MISC CONFIRM |
cisco — unified_communications_manager |
Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266. |
2015-12-15 |
4.3 |
CVE-2015-4206 CISCO |
cisco — ios |
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS 15.3(3)S0.1 on ASR devices mishandles internal tables, which allows remote attackers to cause a denial of service (memory consumption or device crash) via a flood of crafted ND messages, aka Bug ID CSCup28217. |
2015-12-15 |
6.1 |
CVE-2015-6359 CISCO |
cisco — dpc3939_wireless_residential_voice_gateway_firmware |
The administrative web interface on Cisco DPC3939 (XB3) devices with firmware 121109aCMCST allows remote authenticated users to execute arbitrary commands via unspecified fields, aka Bug ID CSCuw86170. |
2015-12-12 |
6.5 |
CVE-2015-6361 CISCO |
cisco — dpq3925_8x4_docsis_3.0_wireless_residential_
gateway_with_embedded_digital_voice_adapter
|
Cross-site request forgery (CSRF) vulnerability on Cisco DPQ3925 devices with EDVA 5.5.2 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv05943. |
2015-12-13 |
6.8 |
CVE-2015-6378 CISCO |
cisco — prime_service_catalog |
Cisco Prime Service Catalog 10.0, 10.0(R2), 10.1, and 11.0 does not properly restrict access to web pages, which allows remote attackers to modify the configuration via a direct request, aka Bug ID CSCuw48188. |
2015-12-12 |
6.5 |
CVE-2015-6395 CISCO |
cisco — integrated_management_controller_supervisor |
The Supervisor 1.0.0.0 and 1.0.0.1 in Cisco Integrated Management Controller (IMC) before 2.0(9) allows remote authenticated users to cause a denial of service (IP interface outage) via crafted parameters in an HTTP request, aka Bug ID CSCuv38286. |
2015-12-15 |
6.8 |
CVE-2015-6399 CISCO |
cisco — emergency_responder |
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 10.5(1a) allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug ID CSCuv25547. |
2015-12-12 |
4.3 |
CVE-2015-6400 CISCO |
cisco — epc3928_docsis_3.0_8x4_wireless_residential_
gateway_with_embedded_digital_voice_adapter
|
Cross-site scripting (XSS) vulnerability in the management interface on Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCux24935. |
2015-12-13 |
4.3 |
CVE-2015-6402 CISCO |
cisco — hosted_collaboration_solution |
Cisco Hosted Collaboration Mediation Fulfillment 10.6(3) does not use RBAC, which allows remote authenticated users to obtain sensitive credential information by leveraging admin access and making SOAP API requests, aka Bug ID CSCuw84374. |
2015-12-15 |
4.0 |
CVE-2015-6404 CISCO |
cisco — emergency_responder |
Cross-site request forgery (CSRF) vulnerability in Cisco Emergency Responder 10.5(1) and 10.5(1a) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv26501. |
2015-12-12 |
6.8 |
CVE-2015-6405 CISCO |
cisco — emergency_responder |
Directory traversal vulnerability in the Tools menu in Cisco Emergency Responder 10.5(1.10000.5) allows remote authenticated users to write to arbitrary files via a crafted filename, aka Bug ID CSCuv21781. |
2015-12-12 |
4.0 |
CVE-2015-6406 CISCO |
cisco — emergency_responder |
Cisco Emergency Responder 10.5(3.10000.9) allows remote attackers to upload files to arbitrary locations via a crafted parameter, aka Bug ID CSCuv25501. |
2015-12-12 |
4.0 |
CVE-2015-6407 CISCO |
cisco — unity_connection |
Cross-site request forgery (CSRF) vulnerability in Cisco Unity Connection 11.5(0.98) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux24578. |
2015-12-12 |
6.8 |
CVE-2015-6408 CISCO |
cisco — telepresence_video_communication_server_software |
The Mobile and Remote Access (MRA) services implementation in Cisco Unified Communications Manager mishandles edge-device identity validation, which allows remote attackers to bypass intended call-reception and call-setup restrictions by spoofing a user, aka Bug ID CSCuu97283. |
2015-12-13 |
4.0 |
CVE-2015-6410 CISCO |
cisco — firepower_management_center |
Cisco FirePOWER Management Center 5.4.1.3, 6.0.0, and 6.0.1 provides verbose responses to requests for help files, which allows remote attackers to obtain potentially sensitive version information by reading an unspecified field, aka Bug ID CSCux37061. |
2015-12-15 |
5.0 |
CVE-2015-6411 CISCO |
cisco — telepresence_video_communication_server_software |
Cisco TelePresence Video Communication Server (VCS) Expressway X8.6 allows remote authenticated users to bypass intended read-only restrictions and upload Tandberg Linux Package (TLP) files by visiting an administrative page, aka Bug ID CSCuw55651. |
2015-12-12 |
4.0 |
CVE-2015-6413 CISCO |
cisco — unified_web_and_e-mail_interaction_manager |
Cross-site scripting (XSS) vulnerability in Cisco Unified Email Interaction Manager and Unified Web Interaction Manager 11.0(1) allows remote attackers to inject arbitrary web script or HTML a crafted URL, aka Bug ID CSCuw24479. |
2015-12-13 |
4.3 |
CVE-2015-6416 CISCO |
cisco — videoscape_distribution_suite_service_manager |
Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.4.0 and earlier does not always use RBAC for backend database access, which allows remote authenticated users to read or write to database entries via (1) the GUI or (2) a crafted HTTP request, aka Bug ID CSCuv87025. |
2015-12-12 |
6.5 |
CVE-2015-6417 CISCO |
cisco — rv016_multi-wan_vpn_firmware |
The random-number generator on Cisco Small Business RV routers 4.x and SA500 security appliances 2.2.07 does not have sufficient entropy, which makes it easier for remote attackers to determine a TLS key pair via unspecified computations upon handshake key-exchange data, aka Bug ID CSCus15224. |
2015-12-12 |
4.3 |
CVE-2015-6418 CISCO |
cisco — firesight_system_software |
Cisco FireSIGHT Management Center with software 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote authenticated users to read arbitrary files via a crafted GET request, aka Bug ID CSCur25410. |
2015-12-12 |
6.8 |
CVE-2015-6419 CISCO |
cisco — unified_communications_domain_manager |
The self-service application in Cisco Unified Communications Domain Manager (CUCDM) 10.6(1) allows remote authenticated users to cause a denial of service (subapplication outage) via malformed requests, aka Bug ID CSCuu10981. |
2015-12-13 |
4.0 |
CVE-2015-6422 CISCO |
cisco — unified_communications_manager |
The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session tokens, aka Bug ID CSCul83786. |
2015-12-16 |
5.0 |
CVE-2015-6425 CISCO |
cisco — firesight_system_software |
Cisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detection feature and avoid triggering Snort IDS rules via an SSL session that is mishandled after decryption, aka Bug ID CSCux53437. |
2015-12-18 |
5.0 |
CVE-2015-6427 CISCO |
cisco — dpq3925_8x4_docsis_3.0_wireless_residential_
gateway_with_embedded_digital_voice_adapter
|
Cisco DPQ3925 devices with EDVA r1 Base allow remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCuv03958. |
2015-12-18 |
5.0 |
CVE-2015-6428 CISCO |
foxitsoftware — phantompdf |
Multiple use-after-free vulnerabilities in the (1) Print method and (2) App object handling in Foxit Reader before 7.2.2 and Foxit PhantomPDF before 7.2.2 allow remote attackers to execute arbitrary code via a crafted PDF document. |
2015-12-16 |
6.8 |
CVE-2015-8580 CONFIRM MISC MISC |
gnu — grub2 |
Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an “Off-by-two” or “Out of bounds overwrite” memory error. |
2015-12-16 |
6.9 |
CVE-2015-8370 BUGTRAQ MLIST FEDORA MISC |
google — chrome |
The WebPageSerializerImpl::openTagToString function in WebKit/Source/web/WebPageSerializerImpl.cpp in the page serializer in Google Chrome before 47.0.2526.80 does not properly use HTML entities, which might allow remote attackers to inject arbitrary web script or HTML via a crafted document, as demonstrated by a double-quote character inside a single-quoted string. |
2015-12-14 |
4.3 |
CVE-2015-6790 CONFIRM CONFIRM CONFIRM |
ibm — websphere_application_server |
The Edge Component Caching Proxy in IBM WebSphere Application Server (WAS) 8.0 before 8.0.0.12 and 8.5 before 8.5.5.8 does not properly encrypt data, which allows remote authenticated users to obtain sensitive information via unspecified vectors. |
2015-12-15 |
4.0 |
CVE-2015-5004 CONFIRM AIXAPAR |
isc — bind |
db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute. |
2015-12-16 |
5.0 |
CVE-2015-8000 CONFIRM |
joomla — joomla! |
Cross-site request forgery (CSRF) vulnerability in the com_templates component in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. |
2015-12-16 |
6.8 |
CVE-2015-8563 CONFIRM BID |
kaspersky — total_security_2015 |
Kaspersky Total Security 2015 15.0.2.361 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses when protecting user-mode processes, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors. |
2015-12-16 |
6.4 |
CVE-2015-8579 MISC MISC |
mozilla — firefox |
Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments. |
2015-12-16 |
6.8 |
CVE-2015-7204 CONFIRM CONFIRM |
mozilla — firefox |
Mozilla Firefox before 43.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls, a related issue to CVE-2015-1300. |
2015-12-16 |
5.0 |
CVE-2015-7207 MISC CONFIRM CONFIRM |
mozilla — firefox |
Mozilla Firefox before 43.0 stores cookies containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers. |
2015-12-16 |
5.0 |
CVE-2015-7208 CONFIRM CONFIRM |
mozilla — firefox |
Mozilla Firefox before 43.0 mishandles the # (number sign) character in a data: URI, which allows remote attackers to spoof web sites via unspecified vectors. |
2015-12-16 |
5.0 |
CVE-2015-7211 CONFIRM CONFIRM |
mozilla — firefox |
Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow. |
2015-12-16 |
6.8 |
CVE-2015-7213 CONFIRM CONFIRM |
mozilla — firefox |
Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs. |
2015-12-16 |
5.0 |
CVE-2015-7214 CONFIRM CONFIRM |
mozilla — firefox |
The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure after a rethrow. |
2015-12-16 |
5.0 |
CVE-2015-7215 MISC MISC MISC CONFIRM CONFIRM |
mozilla — firefox |
The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the JasPer decoder, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG 2000 image. |
2015-12-16 |
6.8 |
CVE-2015-7216 CONFIRM CONFIRM |
mozilla — firefox |
The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the TGA decoder, which allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted Truevision TGA image. |
2015-12-16 |
4.3 |
CVE-2015-7217 CONFIRM CONFIRM |
mozilla — firefox |
The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a single-byte header frame that triggers incorrect memory allocation. |
2015-12-16 |
5.0 |
CVE-2015-7218 CONFIRM CONFIRM |
mozilla — firefox |
The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a malformed PushPromise frame that triggers decompressed-buffer length miscalculation and incorrect memory allocation. |
2015-12-16 |
5.0 |
CVE-2015-7219 CONFIRM CONFIRM |
mozilla — firefox |
Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocation and application crash) via an MP4 video file with crafted covr metadata that triggers a buffer overflow. |
2015-12-16 |
6.8 |
CVE-2015-7222 CONFIRM CONFIRM |
mozilla — firefox |
The WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and possibly obtain sensitive information or conduct cross-site scripting (XSS) attacks, via a crafted web site. |
2015-12-16 |
4.0 |
CVE-2015-7223 CONFIRM CONFIRM |
ntop — ntopng |
ntopng (aka ntop) before 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/password_reset.lua. |
2015-12-17 |
6.0 |
CVE-2015-8368 EXPLOIT-DB FULLDISC MISC |
php — php |
The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist. |
2015-12-11 |
6.8 |
CVE-2015-7803 CONFIRM CONFIRM CONFIRM MLIST APPLE CONFIRM |
php — php |
Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filename in a .zip PHAR archive. |
2015-12-11 |
6.8 |
CVE-2015-7804 CONFIRM CONFIRM CONFIRM MLIST APPLE CONFIRM |
phpmailer_project — phpmailer |
Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF sequences in an (1) email address to the validateAddress function in class.phpmailer.php or (2) SMTP command to the sendCommand function in class.smtp.php, a different vulnerability than CVE-2012-0796. |
2015-12-16 |
5.0 |
CVE-2015-8476 CONFIRM CONFIRM BID MLIST MLIST DEBIAN |
schneider-electric — proclima |
Multiple buffer overflows in the F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allow remote attackers to execute arbitrary code via the (1) Attach, (2) DefinedName, (3) DefinedNameLocal, (4) ODBCPrepareEx, (5) ObjCreatePolygon, (6) SetTabbedTextEx, or (7) SetValidationRule method, a different vulnerability than CVE-2015-8561. |
2015-12-15 |
6.8 |
CVE-2015-7918 MISC MISC MISC MISC MISC MISC MISC MISC CONFIRM |
schneider-electric — proclima |
The F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted integer value to the (1) AttachToSS, (2) CopyAll, (3) CopyRange, (4) CopyRangeEx, or (5) SwapTable method, a different vulnerability than CVE-2015-7918. |
2015-12-15 |
6.8 |
CVE-2015-8561 MISC MISC MISC MISC MISC CONFIRM |
synnefoims — internet_management_software |
Cross-site scripting (XSS) vulnerability in synnefoclient in Synnefo Internet Management Software (IMS) 2015 allows remote attackers to inject arbitrary web script or HTML via the plan_name parameter to packagehistory/listusagesdata. |
2015-12-15 |
4.3 |
CVE-2015-8247 BUGTRAQ FULLDISC |
theforeman — foreman |
Multiple cross-site scripting (XSS) vulnerabilities in information popups in Foreman before 1.10.0 allow remote attackers to inject arbitrary web script or HTML via (1) global parameters, (2) smart class parameters, or (3) smart variables in the (a) host or (b) hostgroup edit forms. |
2015-12-17 |
4.3 |
CVE-2015-7518 MLIST CONFIRM CONFIRM |
xen — xen |
The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host crash) via unspecified vectors related to domain teardown. |
2015-12-17 |
4.7 |
CVE-2015-8339 CONFIRM CONFIRM |
xen — xen |
The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host crash) via unspecified vectors, related to XENMEM_exchange error handling. |
2015-12-17 |
4.7 |
CVE-2015-8340 CONFIRM CONFIRM |
xmlsoft — libxml2 |
Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors. |
2015-12-15 |
5.0 |
CVE-2015-7497 CONFIRM CONFIRM CONFIRM UBUNTU REDHAT REDHAT |
xmlsoft — libxml2 |
Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure. |
2015-12-15 |
5.0 |
CVE-2015-7498 CONFIRM CONFIRM CONFIRM UBUNTU REDHAT REDHAT |
xmlsoft — libxml2 |
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. |
2015-12-15 |
5.0 |
CVE-2015-7499 CONFIRM CONFIRM CONFIRM CONFIRM UBUNTU REDHAT REDHAT |
xmlsoft — libxml2 |
The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags. |
2015-12-15 |
5.0 |
CVE-2015-7500 CONFIRM CONFIRM CONFIRM UBUNTU REDHAT REDHAT |
xmlsoft — libxml2 |
The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. |
2015-12-15 |
6.4 |
CVE-2015-8241 CONFIRM CONFIRM CONFIRM UBUNTU MLIST MLIST REDHAT REDHAT |
xmlsoft — libxml2 |
The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. |
2015-12-15 |
5.8 |
CVE-2015-8242 CONFIRM CONFIRM CONFIRM CONFIRM UBUNTU MLIST MLIST REDHAT REDHAT |
xmlsoft — libxml2 |
The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read. |
2015-12-15 |
5.0 |
CVE-2015-8317 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM MISC UBUNTU MLIST MLIST REDHAT |