Skip to main content
CVE-2015-1880 MEDIUM POC THREAT This Month

Cross-site scripting (XSS) vulnerability in the sslvpn login page in Fortinet FortiOS 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 59.4%.

XSS Fortinet Fortios
NVD
CVSS 2.0
4.3
EPSS
59.4%
Threat
4.1
CVE-2015-3622 MEDIUM POC This Month

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Opensuse Fedora Libtasn1
NVD
CVSS 2.0
4.3
EPSS
6.1%
CVE-2015-3620 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the advanced dataset reports page in Fortinet FortiAnalyzer 5.0.0 through 5.0.10 and 5.2.0 through 5.2.1 and FortiManager 5.0.3 through 5.0.10 and 5.2.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Fortinet Fortimanager Firmware Fortianalyzer Firmware
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-1860 MEDIUM PATCH This Month

Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service RCE Buffer Overflow Fedora Qt
NVD
CVSS 2.0
6.8
EPSS
6.4%
CVE-2015-1859 MEDIUM PATCH This Month

Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service RCE Buffer Overflow Fedora Qt
NVD
CVSS 2.0
6.8
EPSS
4.4%
CVE-2015-1858 MEDIUM PATCH This Month

Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service RCE Buffer Overflow Qt Fedora
NVD
CVSS 2.0
6.8
EPSS
2.6%
CVE-2015-2234 MEDIUM This Month

Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain. Rated medium severity (CVSS 6.9). No vendor patch available.

Race Condition Information Disclosure Lenovo System Update
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2015-3451 MEDIUM This Month

The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Xml Libxml Ubuntu Linux Debian Linux Fedora +1
NVD
CVSS 2.0
5.0
EPSS
5.0%
CVE-2015-2221 MEDIUM PATCH This Month

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Clamav Ubuntu Linux
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2015-2668 MEDIUM PATCH This Month

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Clamav Ubuntu Linux
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2015-2222 MEDIUM PATCH This Month

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Ubuntu Linux Clamav
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2015-2170 MEDIUM PATCH This Month

The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Ubuntu Linux Clamav
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2015-3981 MEDIUM This Month

SAP NetWeaver RFC SDK allows attackers to obtain sensitive information via unspecified vectors, aka SAP Security Note 2084037. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Netweaver Rfc Sdk
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-8616 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.2.x before 5.2.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) user group. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Fortinet Fortios
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-8619 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the autolearn configuration page in Fortinet FortiWeb 5.1.2 through 5.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Fortinet Fortiweb
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-8618 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the theme login page in Fortinet FortiADC D models before 4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Fortinet Fortiadc Firmware Fortiadc 1500D Fortiadc 2000D +3
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-9326 MEDIUM This Month

The automatic signature update functionality in the (1) Phone Home feature in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, GTM, and Link Controller 11.5.0 through 11.6.0, ASM 10.0.0 through 11.6.0, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Big Ip Application Acceleration Manager Big Ip Policy Enforcement Manager Big Ip Policy Enforcement Manager11 5 1 Big Ip Global Traffic Manager +6
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-3646 MEDIUM PATCH This Month

OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Keystone Solaris
NVD
CVSS 2.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy