Skip to main content
CVE-2015-3337 MEDIUM POC PATCH THREAT This Month

Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 91.1%.

Path Traversal Elastic Elasticsearch
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
91.1%
Threat
5.1
CVE-2015-2248 MEDIUM POC PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the user portal in Dell SonicWALL Secure Remote Access (SRA) products with firmware before 7.5.1.0-38sv and 8.x before 8.0.0.1-16sv allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Sonicwall CSRF Dell Remote Access Firmware
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
2.7%
CVE-2015-3632 MEDIUM POC This Month

Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted GIF in a PDF file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Enterprise Reader Foxit Reader Phantompdf
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
6.8%
CVE-2015-3153 MEDIUM PATCH This Month

The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Enterprise Manager Ops Center Curl Libcurl Ubuntu Linux +2
NVD
CVSS 2.0
5.0
EPSS
9.8%
CVE-2015-0237 MEDIUM This Month

Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Denial Of Service Enterprise Virtualization Manager
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2015-0912 MEDIUM This Month

EasyCTF before 1.4 allows remote authenticated users to write executable content to files via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Easyctf
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2015-0712 MEDIUM This Month

The session-manager service in Cisco StarOS 12.0, 12.2(300), 14.0, and 14.0(600) on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and packet loss) via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Staros
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-3598 MEDIUM PATCH This Month

The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Opensuse Pillow
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-0914 MEDIUM This Month

EasyCTF before 1.4 does not validate the session ID, which allows remote attackers to obtain access via a crafted HTTP request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Easyctf
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-3633 MEDIUM PATCH This Month

Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via vectors related to digital signatures. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Enterprise Reader Foxit Reader Phantompdf
NVD
CVSS 2.0
5.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy