Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-qcbz-21vm-eqfd
Vulnerability ID VCID-qcbz-21vm-eqfd
Aliases CVE-2015-1283
Summary Multiple vulnerabilities have been found in Expat, the worst of which may allow execution of arbitrary code.
Status Published
Exploitability 0.5
Weighted Severity 3.4
Risk 1.7
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-122 Heap-based Buffer Overflow
System Score Found at
epss 0.00521 https://api.first.org/data/v1/epss?cve=CVE-2015-1283
epss 0.00521 https://api.first.org/data/v1/epss?cve=CVE-2015-1283
epss 0.00521 https://api.first.org/data/v1/epss?cve=CVE-2015-1283
epss 0.00521 https://api.first.org/data/v1/epss?cve=CVE-2015-1283
epss 0.00521 https://api.first.org/data/v1/epss?cve=CVE-2015-1283
epss 0.00521 https://api.first.org/data/v1/epss?cve=CVE-2015-1283
epss 0.00521 https://api.first.org/data/v1/epss?cve=CVE-2015-1283
epss 0.00521 https://api.first.org/data/v1/epss?cve=CVE-2015-1283
epss 0.00521 https://api.first.org/data/v1/epss?cve=CVE-2015-1283
cvssv2 6.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1283.json
https://api.first.org/data/v1/epss?cve=CVE-2015-1283
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1266
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1267
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1268
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1269
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1270
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1271
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1272
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1273
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1274
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1276
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1277
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1278
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1279
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1280
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1281
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1282
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1283
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1284
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1285
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1286
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1287
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1288
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1289
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1245587 https://bugzilla.redhat.com/show_bug.cgi?id=1245587
793484 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793484
GLSA-201603-09 https://security.gentoo.org/glsa/201603-09
GLSA-201701-21 https://security.gentoo.org/glsa/201701-21
RHSA-2015:1499 https://access.redhat.com/errata/RHSA-2015:1499
USN-2677-1 https://usn.ubuntu.com/2677-1/
USN-2726-1 https://usn.ubuntu.com/2726-1/
USN-3013-1 https://usn.ubuntu.com/3013-1/
USN-7199-1 https://usn.ubuntu.com/7199-1/
USN-USN-4772-1 https://usn.ubuntu.com/USN-4772-1/
USN-USN-5455-1 https://usn.ubuntu.com/USN-5455-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.6679
EPSS Score 0.00521
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:03:06.217154+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/201701-21 38.0.0