Skip to main content
CVE-2015-1848 MEDIUM POC This Month

The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Pacemaker Configuration System Enterprise Linux High Availability Enterprise Linux High Availability Eus Enterprise Linux Resilient Storage +1
NVD
CVSS 2.0
6.8
EPSS
1.2%
CVE-2015-3301 MEDIUM POC PATCH THREAT This Month

Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote administrators to. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 14.4%.

Path Traversal WordPress PHP Thecartpress Ecommerce Shopping Cart
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
14.4%
CVE-2015-3300 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allow remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress PHP Thecartpress Ecommerce Shopping Cart
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
5.0%
CVE-2014-1900 MEDIUM POC PATCH This Month

Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 and YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Ycb002 Firmware Ycb004 Firmware Ycw003 Firmware Ycb001 Firmware +14
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-3986 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Path Traversal CSRF WordPress PHP Thecartpress Ecommerce Shopping Cart
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
1.6%
CVE-2015-0797 MEDIUM PATCH This Month

A buffer over-read vulnerability exists in GStreamer's H.264 video decoding implementation that affects Mozilla Firefox, Firefox ESR, Thunderbird, and SeaMonkey on Linux systems. Remote attackers can trigger a denial of service (application crash) or potentially execute arbitrary code by crafting malicious H.264 video data within an m4v file. With an EPSS score of 7.61% (92nd percentile) and patches available from vendors, this vulnerability represents a moderate exploitation risk despite its CVSS 6.8 rating, indicating real-world prioritization is warranted for affected Linux deployments.

RCE Denial Of Service Mozilla
NVD
CVSS 2.0
6.8
EPSS
7.6%
CVE-2015-2717 MEDIUM This Month

Integer overflow in libstagefright in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and out-of-bounds read). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Firefox +1
NVD
CVSS 2.0
6.8
EPSS
2.4%
CVE-2015-2710 MEDIUM This Month

Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Buffer Overflow RCE Thunderbird Firefox +5
NVD
CVSS 2.0
6.8
EPSS
2.4%
CVE-2015-2713 MEDIUM This Month

Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Suse Linux Enterprise Software Development Kit +6
NVD
CVSS 2.0
6.8
EPSS
1.8%
CVE-2015-2715 MEDIUM This Month

Race condition in the nsThreadManager::RegisterCurrentThread function in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Denial Of Service Mozilla Buffer Overflow RCE +2
NVD
CVSS 2.0
6.8
EPSS
1.4%
CVE-2014-1901 MEDIUM This Month

Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 and YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Yceb03 Firmware Ycb004 Firmware Ycb002 Firmware Ycbl03 Firmware +14
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2015-3644 MEDIUM PATCH This Month

Stunnel 5.00 through 5.13, when using the redirect option, does not redirect client connections to the expected server after the initial connection, which allows remote attackers to bypass. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Authentication Bypass Stunnel
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2015-3326 MEDIUM This Month

Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 creates session IDs for the web console using a random number generator with. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Trend Micro Microsoft Scanmail
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-0971 MEDIUM PATCH This Month

The DER parser in Suricata before 2.0.8 allows remote attackers to cause a denial of service (crash) via vectors related to SSL/TLS certificates. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Suricata Debian Linux
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-3983 MEDIUM This Month

The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Pacemaker Configuration System
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-2720 MEDIUM This Month

The update implementation in Mozilla Firefox before 38.0 on Windows does not ensure that the pathname for updater.exe corresponds to the application directory, which might allow local users to gain. Rated medium severity (CVSS 4.4). No vendor patch available.

Mozilla Information Disclosure Microsoft Firefox
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2015-2711 MEDIUM This Month

Mozilla Firefox before 38.0 does not recognize a referrer policy delivered by a referrer META element in cases of context-menu navigation and middle-click navigation, which allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Opensuse Firefox
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-3397 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON, arrays, and Internet Explorer 6 or 7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Yiiframework
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-2718 MEDIUM This Month

The WebChannel.jsm module in Mozilla Firefox before 38.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive webchannel-response data via a crafted web site containing an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Opensuse Firefox
NVD
CVSS 2.0
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy