Skip to main content
CVE-2015-1155 MEDIUM POC THREAT This Month

The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 67.9%.

Apple Privilege Escalation Iphone Os Safari
NVD
CVSS 2.0
4.3
EPSS
67.9%
Threat
4.4
CVE-2015-3294 MEDIUM POC This Month

The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Dnsmasq Solaris
NVD
CVSS 2.0
6.4
EPSS
0.2%
CVE-2015-2347 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote attackers to inject arbitrary web script or HTML via the command XML element in the req. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Huawei Seq Analyst
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-1153 MEDIUM PATCH This Month

WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service Apple RCE Buffer Overflow Itunes +2
NVD
CVSS 2.0
6.8
EPSS
2.6%
CVE-2015-1154 MEDIUM This Month

WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple RCE Buffer Overflow Itunes +1
NVD
CVSS 2.0
6.8
EPSS
1.2%
CVE-2015-1152 MEDIUM PATCH This Month

WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service Apple RCE Buffer Overflow Iphone Os +2
NVD
CVSS 2.0
6.8
EPSS
1.0%
CVE-2015-3013 MEDIUM PATCH This Month

ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allows remote authenticated users to bypass the file blacklist and upload arbitrary files via a file path with UTF-8 encoding, as. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Authentication Bypass Owncloud Server
NVD
CVSS 2.0
6.0
EPSS
0.2%
CVE-2015-1156 MEDIUM This Month

The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Privilege Escalation Iphone Os Safari
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-9716 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in WebODF before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via a file name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Webodf
NVD GitHub
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-3012 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in WebODF before 0.5.5, as used in ownCloud, allow remote attackers to inject arbitrary web script or HTML via a (1) style or (2) font name or (3). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Debian Linux Webodf
NVD GitHub
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-0919 MEDIUM PATCH This Month

IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Microsoft Db2
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2015-1907 MEDIUM PATCH This Month

The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4 before 8.1.4.7 allows remote authenticated users to read cookies via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Rational License Key Server
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2015-3011 LOW Monitor

Multiple cross-site scripting (XSS) vulnerabilities in the contacts application in ownCloud Server Community Edition before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allow remote authenticated. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Owncloud Debian Linux
NVD
CVSS 2.0
3.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy