Skip to main content
CVE-2015-2281 HIGH POC THREAT Act Now

Stack-based buffer overflow in collectoragent.exe in Fortinet Single Sign On (FSSO) before build 164 allows remote attackers to execute arbitrary code via a large PROCESS_HELLO message to the Message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 31.6%.

RCE Buffer Overflow Fortinet Single Sign On
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
31.6%
CVE-2015-0292 HIGH POC This Week

Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

OpenSSL Denial Of Service Buffer Overflow
NVD
CVSS 2.0
7.5
EPSS
6.6%
CVE-2015-0290 MEDIUM PATCH This Month

The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 32.6%.

Denial Of Service OpenSSL
NVD
CVSS 2.0
5.0
EPSS
32.6%
CVE-2015-0207 MEDIUM PATCH This Month

The dtls1_listen function in d1_lib.c in OpenSSL 1.0.2 before 1.0.2a does not properly isolate the state information of independent data streams, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 32.6%.

Denial Of Service OpenSSL
NVD
CVSS 2.0
5.0
EPSS
32.6%
CVE-2015-2350 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in MikroTik RouterOS 5.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Mikrotik Routeros
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2015-0208 MEDIUM PATCH This Month

The ASN.1 signature-verification implementation in the rsa_item_verify function in crypto/rsa/rsa_ameth.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 28.2%.

Denial Of Service OpenSSL
NVD
CVSS 2.0
4.3
EPSS
28.2%
CVE-2015-0286 MEDIUM This Month

The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 21.1% and no vendor patch available.

Denial Of Service OpenSSL
NVD
CVSS 2.0
5.0
EPSS
21.1%
CVE-2015-2351 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms 9.5.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) homelink parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Opencms
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-0291 MEDIUM PATCH This Month

The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by using an invalid. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 14.6%.

Denial Of Service OpenSSL
NVD
CVSS 2.0
5.0
EPSS
14.6%
CVE-2015-1787 LOW PATCH Monitor

The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. Epss exploitation probability 25.8%.

Denial Of Service OpenSSL
NVD
CVSS 2.0
2.6
EPSS
25.8%
CVE-2015-2352 HIGH PATCH This Week

The cache handler in MyBB (aka MyBulletinBoard) before 1.8.4 does not properly check the encoding of input to the var_export function, which allows attackers to have an unspecified impact via unknown. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Mybb
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2015-0209 MEDIUM This Month

Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service OpenSSL Buffer Overflow
NVD
CVSS 2.0
6.8
EPSS
1.9%
CVE-2015-0293 MEDIUM This Month

The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service OpenSSL
NVD
CVSS 2.0
5.0
EPSS
6.2%
CVE-2015-0289 MEDIUM This Month

The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service OpenSSL
NVD
CVSS 2.0
5.0
EPSS
5.8%
CVE-2015-0285 MEDIUM PATCH This Month

The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a does not ensure that the PRNG is seeded before proceeding with a handshake, which makes it easier for remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure OpenSSL
NVD
CVSS 2.0
4.3
EPSS
8.5%
CVE-2015-0287 MEDIUM This Month

The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service OpenSSL Buffer Overflow
NVD
CVSS 2.0
5.0
EPSS
4.9%
CVE-2015-0288 MEDIUM This Month

The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service OpenSSL
NVD
CVSS 2.0
5.0
EPSS
3.9%
CVE-2015-2349 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in defaultnewsletter.php in SuperWebMailer 5.60.0.01190 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTMLForm parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Superwebmailer
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy