VDB
CVE-2015-1283
CVE-2015-1283
PUBLISHED
Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.
EPSS 0.52% · 67.3th percentile
Risk Scores
EPSS Score
0.52%
67.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Salesforce | flow | |
| Ubuntu:25.10 | xmlrpc-c | 1.59.03-7, 1.59.03-10, 1.59.03-9 |
| Ubuntu:16.04:LTS | cableswig | 0.1.0+git20150808-1, 0, * |
| Ubuntu:18.04:LTS | xmlrpc-c | 1.33.14-8build1, 1.33.14-8, 0 |
| Ubuntu:25.10 | matanza | 0, * |
| Ubuntu:20.04:LTS | matanza | *, 0.13+ds2-1, 0 |
| Ubuntu:Pro:22.04:LTS | libxmltok | 0, 1.2-4, 1.2-4ubuntu0.22.04.1~esm1 |
| Ubuntu:Pro:20.04:LTS | libxmltok | *, 1.2-4ubuntu0.20.04.1~esm1, 1.2-4 |
| Ubuntu:14.04:LTS | chromium-browser | 29.0.1547.65-0ubuntu2, 38.0.2125.111-0ubuntu0.14.04.1.1061, 40.0.2214.111-0ubuntu0.14.04.1.1069 |
| Ubuntu:25.10 | cadaver | 0.26+dfsg-2, 0 |
| Ubuntu:22.04:LTS | xmlrpc-c | 1.33.14-10, 1.33.14-9, 0 |
| Ubuntu:20.04:LTS | coin3 | 4.0.0~CMake~6f54f1602475+ds1-3, 0, 4.0.0+ds-1build1 |
| Ubuntu:20.04:LTS | xmlrpc-c | 0, 1.33.14-8build1, 1.33.14-8build2 |
| Ubuntu:20.04:LTS | cadaver | 0, 0.23.3-2.1build1 |
| Ubuntu:16.04:LTS | swish-e | 2.4.7-4build1, 0, 2.4.7-4 |
| Ubuntu:18.04:LTS | vnc4 | 0, * |
| Ubuntu:16.04:LTS | matanza | 0, 0.13+ds1-5 |
| Ubuntu:24.04:LTS | xmlrpc-c | 0, 1.33.14-11, 1.33.14-12build1 |
| Ubuntu:Pro:14.04:LTS | vnc4 | 4.1.1+xorg4.3.0-37ubuntu5.0.2, 4.1.1+xorg4.3.0-37ubuntu5, 0 |
| Ubuntu:22.04:LTS | matanza | 0.13+ds2-1, 0 |
…and 28 more
Exploit Intelligence
- Supervisord远程命令执行漏洞脚本 (github-poc)
- Supervisord远程命令执行漏洞脚本 (github-poc)
- Supervisord远程命令执行漏洞脚本 (github-poc)
- Supervisord远程命令执行漏洞脚本 (github-poc)
- Supervisord远程命令执行漏洞脚本 (github-poc)
- Supervisord远程命令执行漏洞脚本 (github-poc)
- Supervisord远程命令执行漏洞脚本 (github-poc)
- Standalone Python ≥3.6 RCE Unauthenticated exploit for Supervisor 3.0a1 to 3.3.2 (github-poc)
- Standalone Python ≥3.6 RCE Unauthenticated exploit for Supervisor 3.0a1 to 3.3.2 (github-poc)
- Standalone Python ≥3.6 RCE Unauthenticated exploit for Supervisor 3.0a1 to 3.3.2 (github-poc)
…and 4 more exploits
Timeline
- Jul 22, 2015 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2015-1283 third-party-advisory
- http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html third-party-advisory
- https://ubuntu.com/security/notices/USN-2677-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-2726-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-3013-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-5455-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-4772-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2015-1283 third-party-advisory
- https://ubuntu.com/security/notices/USN-7199-1 vendor-advisory