Skip to main content
CVE-2015-2094 HIGH POC THREAT Act Now

Stack-based buffer overflow in the WESPPlayback.WESPPlaybackCtrl.1 control in WebGate WinRDS allows remote attackers to execute arbitrary code via unspecified vectors to the (1) PrintSiteImage, (2). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 57.4%.

RCE Buffer Overflow Winrds
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
57.4%
Threat
4.7
CVE-2015-2097 HIGH POC THREAT Act Now

Multiple buffer overflows in WebGate Embedded Standard Protocol (WESP) SDK allow remote attackers to execute arbitrary code via unspecified vectors to the (1) LoadImage or (2) LoadImageEx function in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 46.3%.

RCE Buffer Overflow Webgate Embedded Standard Protocol Sdk
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
46.3%
Threat
4.4
CVE-2014-7894 CRITICAL Emergency

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSPOSPrinter.ocx for PUSB Thermal Receipt. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 30.1% and no vendor patch available.

HP RCE Microsoft Ole Point Of Sale Driver
NVD
CVSS 2.0
10.0
EPSS
30.1%
CVE-2014-7893 CRITICAL Emergency

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCheckScanner.ocx for PUSB Thermal. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 30.1% and no vendor patch available.

HP RCE Microsoft Ole Point Of Sale Driver
NVD
CVSS 2.0
10.0
EPSS
30.1%
CVE-2014-7891 CRITICAL Emergency

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSPOSKeyboard.ocx for POS keyboards and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 30.1% and no vendor patch available.

HP RCE Microsoft Ole Point Of Sale Driver
NVD
CVSS 2.0
10.0
EPSS
30.1%
CVE-2014-7890 CRITICAL Emergency

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSToneIndicator.ocx for POS keyboards and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 30.1% and no vendor patch available.

HP RCE Microsoft Ole Point Of Sale Driver
NVD
CVSS 2.0
10.0
EPSS
30.1%
CVE-2014-7888 CRITICAL Emergency

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSMICR.ocx for PUSB Thermal Receipt. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 30.1% and no vendor patch available.

HP RCE Microsoft Ole Point Of Sale Driver
NVD
CVSS 2.0
10.0
EPSS
30.1%
CVE-2014-7897 CRITICAL Act Now

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSScanner.ocx for Imaging Barcode. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 28.8% and no vendor patch available.

HP RCE Microsoft Ole Point Of Sale Driver
NVD
CVSS 2.0
10.0
EPSS
28.8%
CVE-2014-7895 CRITICAL Act Now

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCashDrawer.ocx for PUSB Thermal Receipt. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 28.8% and no vendor patch available.

HP RCE Microsoft Ole Point Of Sale Driver
NVD
CVSS 2.0
10.0
EPSS
28.8%
CVE-2014-7892 CRITICAL Act Now

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSMSR.ocx for Mini MSR magnetic stripe. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 28.8% and no vendor patch available.

HP RCE Microsoft Ole Point Of Sale Driver
NVD
CVSS 2.0
10.0
EPSS
28.8%
CVE-2014-7889 CRITICAL Act Now

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSLineDisplay.ocx for Retail RP7 VFD. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 28.8% and no vendor patch available.

HP RCE Microsoft Ole Point Of Sale Driver
NVD
CVSS 2.0
10.0
EPSS
28.8%
CVE-2014-7898 CRITICAL Act Now

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 23.4% and no vendor patch available.

HP RCE Microsoft Ole Point Of Sale Driver
NVD
CVSS 2.0
10.0
EPSS
23.4%
CVE-2015-1874 MEDIUM POC PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin before 2.8.32 for WordPress allows remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

CSRF WordPress PHP Contact Form Db
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2015-2063 MEDIUM POC This Month

Integer overflow in unace 1.2b allows remote attackers to cause a denial of service (crash) via a small file header in an ace archive, which triggers a buffer overflow. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Unace
NVD
CVSS 2.0
4.3
EPSS
1.1%
CVE-2015-0254 HIGH PATCH This Week

Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE XXE Apache Standard Taglibs Ubuntu Linux
NVD
CVSS 2.0
7.5
EPSS
3.8%
CVE-2015-2061 HIGH This Week

Heap-based buffer overflow in the browser plugin for PTC Creo View allows remote attackers to execute arbitrary code via vectors involving setting a large buffer to an unspecified attribute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Buffer Overflow Creo View
NVD
CVSS 2.0
7.5
EPSS
3.4%
CVE-2015-2092 HIGH This Week

The AnnotationX.AnnList.1 ActiveX control in Agilent Technologies Feature Extraction allows remote attackers to execute arbitrary code via a crafted object parameter in the Insert function, related. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Buffer Overflow Feature Extraction
NVD
CVSS 2.0
7.5
EPSS
2.3%
CVE-2015-1230 HIGH This Week

The getHiddenProperty function in bindings/core/v8/V8EventListenerList.h in Blink, as used in Google Chrome before 41.0.2272.76, has a name conflict with the AudioContext class, which allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome Ubuntu Linux Enterprise Linux Desktop Supplementary +3
NVD
CVSS 2.0
7.5
EPSS
1.7%
CVE-2015-1217 HIGH This Week

The V8LazyEventListener::prepareListenerObject function in bindings/core/v8/V8LazyEventListener.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, does not properly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +3
NVD
CVSS 2.0
7.5
EPSS
1.6%
CVE-2015-1223 HIGH This Week

Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome
NVD
CVSS 2.0
7.5
EPSS
1.2%
CVE-2015-1231 HIGH This Week

Multiple unspecified vulnerabilities in Google Chrome before 41.0.2272.76 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome Enterprise Linux Desktop Supplementary Enterprise Linux Server +3
NVD
CVSS 2.0
7.5
EPSS
1.2%
CVE-2015-1228 HIGH This Week

The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not force a relayout operation and consequently does not. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Ubuntu Linux Chrome Enterprise Linux Desktop Supplementary +3
NVD
CVSS 2.0
7.5
EPSS
1.1%
CVE-2015-1218 HIGH This Week

Multiple use-after-free vulnerabilities in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +3
NVD
CVSS 2.0
7.5
EPSS
1.1%
CVE-2015-1216 HIGH This Week

Use-after-free vulnerability in the V8Window::namedPropertyGetterCustom function in bindings/core/v8/custom/V8WindowCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome Ubuntu Linux Enterprise Linux Desktop Supplementary +3
NVD
CVSS 2.0
7.5
EPSS
1.1%
CVE-2015-1227 HIGH This Week

The DragImage::create function in platform/DragImage.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not initialize memory for image drawing, which allows remote attackers to have an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 2.0
7.5
EPSS
1.0%
CVE-2015-1222 HIGH This Week

Multiple use-after-free vulnerabilities in the ServiceWorkerScriptCacheMap implementation in content/browser/service_worker/service_worker_script_cache_map.cc in Google Chrome before 41.0.2272.76. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome
NVD
CVSS 2.0
7.5
EPSS
1.0%
CVE-2015-1215 HIGH This Week

The filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Ubuntu Linux Enterprise Linux Desktop Supplementary +4
NVD
CVSS 2.0
7.5
EPSS
1.0%
CVE-2015-1214 HIGH This Week

Integer overflow in the SkAutoSTArray implementation in include/core/SkTemplates.h in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Google Buffer Overflow Enterprise Linux Desktop Supplementary +5
NVD
CVSS 2.0
7.5
EPSS
1.0%
CVE-2015-1213 HIGH This Week

The SkBitmap::ReadRawPixels function in core/SkBitmap.cpp in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Chrome
NVD
CVSS 2.0
7.5
EPSS
1.0%
CVE-2015-1219 HIGH This Week

Integer overflow in the SkMallocPixelRef::NewAllocate function in core/SkMallocPixelRef.cpp in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +3
NVD
CVSS 2.0
7.5
EPSS
0.9%
CVE-2015-1221 HIGH This Week

Use-after-free vulnerability in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Google Denial Of Service Chrome
NVD
CVSS 2.0
7.5
EPSS
0.9%
CVE-2015-1232 HIGH This Week

Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midi_manager_usb.cc in Google Chrome before 41.0.2272.76 allows remote attackers to cause a denial of service or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Chrome
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2015-2243 HIGH This Week

Directory traversal vulnerability in Webshop hun 1.062S allows remote attackers to have unspecified impact via directory traversal sequences in the mappa parameter to index.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP Webshop Hun
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2015-2242 HIGH This Week

Multiple SQL injection vulnerabilities in Webshop hun 1.062S allow remote attackers to execute arbitrary SQL commands via the (1) termid or (2) nyelv_id parameter to index.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Webshop Hun
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2014-3691 HIGH PATCH This Week

Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Openstack Foreman
NVD GitHub
CVSS 2.0
7.5
EPSS
0.1%
CVE-2015-2238 HIGH This Week

Multiple unspecified vulnerabilities in Google V8 before 4.1.0.21, as used in Google Chrome before 41.0.2272.76, allow attackers to cause a denial of service or possibly have other impact via unknown. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Ubuntu Linux Chrome V8
NVD
CVSS 2.0
7.5
EPSS
0.1%
CVE-2015-2095 MEDIUM This Month

Heap-based buffer overflow in the SetConnectInfo function in the WESPPTZ.WESPPTZCtrl.1 ActiveX control in WebGate eDVR Manager allows remote attackers to execute arbitrary code via crafted arguments. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Buffer Overflow Edvr Manager
NVD
CVSS 2.0
6.8
EPSS
3.2%
CVE-2015-2093 MEDIUM This Month

Stack-based buffer overflow in the Connect function in the WebGate WebEyeAudio ActiveX control allows remote attackers to execute arbitrary code via a crafted value. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Buffer Overflow Webeyeaudio
NVD
CVSS 2.0
6.8
EPSS
3.2%
CVE-2015-1220 MEDIUM This Month

Use-after-free vulnerability in the GIFImageReader::parseData function in platform/image-decoders/gif/GIFImageReader.cpp in Blink, as used in Google Chrome before 41.0.2272.76, allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary Enterprise Linux Server Supplementary Eus +3
NVD
CVSS 2.0
6.8
EPSS
3.1%
CVE-2014-9472 HIGH This Week

The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Debian Linux Fedora Request Tracker
NVD
CVSS 2.0
7.1
EPSS
0.9%
CVE-2015-2096 MEDIUM This Month

Use-after-free vulnerability in the Connect function in the WESPMonitor.WESPMonitorCtrl.1 ActiveX control in WebGate eDVR Manager allows remote attackers to execute arbitrary code via an invalid IP. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Edvr Manager
NVD
CVSS 2.0
6.8
EPSS
1.8%
CVE-2015-1464 MEDIUM This Month

RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fedora Request Tracker
NVD
CVSS 2.0
6.4
EPSS
0.3%
CVE-2015-1224 MEDIUM This Month

The VpxVideoDecoder::VpxDecode function in media/filters/vpx_video_decoder.cc in the vpxdecoder implementation in Google Chrome before 41.0.2272.76 does not ensure that alpha-plane dimensions are. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Chrome
NVD
CVSS 2.0
5.0
EPSS
4.1%
CVE-2015-2206 MEDIUM This Month

libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF PHP Information Disclosure Fedora Phpmyadmin
NVD GitHub
CVSS 2.0
5.0
EPSS
0.9%
CVE-2015-1225 MEDIUM This Month

PDFium, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Chrome
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2015-1165 MEDIUM This Month

RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Debian Linux Fedora Request Tracker
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-9689 MEDIUM This Month

content/renderer/device_sensors/device_orientation_event_pump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate gyroscope data, which makes it easier for remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Google Chrome
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-1229 MEDIUM This Month

net/http/proxy_client_socket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 (aka Proxy Authentication Required) HTTP status code accompanied by a Set-Cookie header, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Code Injection Ubuntu Linux Chrome Enterprise Linux Desktop Supplementary +3
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-1226 MEDIUM This Month

The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Google Chrome
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-2239 MEDIUM This Month

Google Chrome before 41.0.2272.76, when Instant Extended mode is used, does not properly consider the interaction between the "1993 search" features and restore-from-disk RELOAD transitions, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Google Chrome
NVD
CVSS 2.0
4.3
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy