Skip to main content
CVE-2014-8361 CRITICAL POC KEV THREAT Emergency

The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

RCE
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
94.0%
Threat
7.8
CVE-2015-3337 MEDIUM POC PATCH THREAT This Month

Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 91.1%.

Path Traversal Elastic Elasticsearch
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
91.1%
Threat
5.1
CVE-2015-3435 CRITICAL Act Now

Samsung Security Manager (SSM) before 1.31 allows remote attackers to execute arbitrary code by uploading a file with an HTTP (1) PUT or (2) MOVE request. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Privilege Escalation Samsung Samsung Security Manager
NVD
CVSS 2.0
10.0
EPSS
8.4%
CVE-2015-2248 MEDIUM POC PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the user portal in Dell SonicWALL Secure Remote Access (SRA) products with firmware before 7.5.1.0-38sv and 8.x before 8.0.0.1-16sv allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Sonicwall CSRF Dell Remote Access Firmware
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
2.7%
CVE-2015-3632 MEDIUM POC This Month

Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted GIF in a PDF file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Enterprise Reader Foxit Reader Phantompdf
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
6.8%
CVE-2015-3446 CRITICAL PATCH Act Now

The Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote attackers to execute arbitrary Python code via a crafted plugin configuration file (.cfg). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Python Code Injection Unified Security Management
NVD
CVSS 2.0
9.3
EPSS
1.5%
CVE-2015-1243 HIGH This Week

Use-after-free vulnerability in the MutationObserver::disconnect function in core/dom/MutationObserver.cpp in the DOM implementation in Blink, as used in Google Chrome before 42.0.2311.135, allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome Debian Linux Ubuntu Linux +4
NVD
CVSS 2.0
7.5
EPSS
1.6%
CVE-2015-1250 HIGH This Week

Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.135 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Ubuntu Linux Chrome Enterprise Linux Desktop Supplementary +4
NVD
CVSS 2.0
7.5
EPSS
1.0%
CVE-2015-0532 HIGH This Week

EMC RSA Identity Management and Governance (IMG) 6.9 before P04 and 6.9.1 before P01 does not properly restrict password resets, which allows remote attackers to obtain access via crafted use of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Rsa Identity Management And Governance
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2015-3153 MEDIUM PATCH This Month

The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Enterprise Manager Ops Center Curl Libcurl Ubuntu Linux +2
NVD
CVSS 2.0
5.0
EPSS
9.8%
CVE-2015-0237 MEDIUM This Month

Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Denial Of Service Enterprise Virtualization Manager
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2015-0912 MEDIUM This Month

EasyCTF before 1.4 allows remote authenticated users to write executable content to files via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Easyctf
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2015-0712 MEDIUM This Month

The session-manager service in Cisco StarOS 12.0, 12.2(300), 14.0, and 14.0(600) on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and packet loss) via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Staros
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-3598 MEDIUM PATCH This Month

The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Opensuse Pillow
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-0914 MEDIUM This Month

EasyCTF before 1.4 does not validate the session ID, which allows remote attackers to obtain access via a crafted HTTP request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Easyctf
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-3633 MEDIUM PATCH This Month

Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via vectors related to digital signatures. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Enterprise Reader Foxit Reader Phantompdf
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2015-0913 LOW Monitor

Cross-site scripting (XSS) vulnerability in EasyCTF before 1.4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Easyctf
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-0257 LOW Monitor

Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Enterprise Virtualization Manager
NVD
CVSS 2.0
2.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy