Skip to main content
CVE-2015-0252 MEDIUM POC THREAT This Month

internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 25.2%.

Denial Of Service Apache Debian Linux Fedora Xerces C
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
25.2%
CVE-2015-2153 MEDIUM POC THREAT This Month

The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.3%.

Denial Of Service Buffer Overflow Tcpdump
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
11.3%
CVE-2015-0250 MEDIUM POC PATCH This Month

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service XXE Apache Ubuntu Linux Batik +1
NVD
CVSS 2.0
6.4
EPSS
1.5%
CVE-2015-0817 MEDIUM This Month

The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla RCE Firefox Firefox Esr Seamonkey
NVD
CVSS 2.0
6.8
EPSS
1.3%
CVE-2015-2154 MEDIUM This Month

The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Tcpdump
NVD
CVSS 2.0
5.0
EPSS
1.8%
CVE-2015-0282 MEDIUM This Month

GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gnutls
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-0199 MEDIUM PATCH This Month

The mmfslinux kernel module in IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 allows local users to cause a denial of service (memory. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity.

IBM Denial Of Service Buffer Overflow General Parallel File System
NVD
CVSS 2.0
4.9
EPSS
0.2%
CVE-2015-0158 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Coach NG framework in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allows remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Business Process Manager
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-0105 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Business Process Manager
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-0106 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Websphere Application Server Business Process Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-0137 MEDIUM This Month

IBM PowerVC Standard 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 validates Hardware Management Console (HMC) certificates only during the pre-login stage, which allows man-in-the-middle attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Powervc
NVD
CVSS 2.0
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy