Skip to main content
CVE-2015-1758 MEDIUM This Month

Untrusted search path vulnerability in the LoadLibrary function in the kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and. Rated medium severity (CVSS 6.9). No vendor patch available.

Information Disclosure Microsoft Windows 7 Windows 8 Windows Rt +3
NVD
CVSS 2.0
6.9
EPSS
5.4%
CVE-2015-1765 MEDIUM This Month

Microsoft Internet Explorer 9 through 11 allows remote attackers to read the browser history via a crafted web site. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 17.0% and no vendor patch available.

Information Disclosure Microsoft Internet Explorer
NVD
CVSS 2.0
4.3
EPSS
17.0%
CVE-2015-1768 HIGH This Week

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application,. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Microsoft Windows 2003 Server Windows Server 2003
NVD
CVSS 2.0
7.2
EPSS
1.6%
CVE-2015-1720 HIGH PATCH This Week

Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1,. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 7 +8
NVD
CVSS 2.0
7.2
EPSS
1.1%
CVE-2015-1771 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allows remote attackers to hijack the authentication of arbitrary. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Microsoft Exchange Server
NVD
CVSS 2.0
6.8
EPSS
2.0%
CVE-2015-1743 MEDIUM PATCH This Month

Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable.

Information Disclosure Microsoft Internet Explorer
NVD
CVSS 2.0
5.1
EPSS
9.8%
CVE-2015-3096 MEDIUM PATCH This Month

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Adobe CSRF Google Microsoft Air +4
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2015-3097 MEDIUM PATCH This Month

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160, Adobe AIR before 18.0.0.144, Adobe AIR SDK before 18.0.0.144, and Adobe AIR SDK & Compiler before 18.0.0.144 on 64-bit. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Adobe Information Disclosure Microsoft Air Air Sdk +3
NVD
CVSS 2.0
5.0
EPSS
9.2%
CVE-2015-2359 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web applications in Microsoft Exchange Server 2013 Cumulative Update 8 allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 12.1% and no vendor patch available.

XSS Microsoft Exchange Server
NVD
CVSS 2.0
4.3
EPSS
12.1%
CVE-2015-1757 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in adfs/ls in Active Directory Federation Services (AD FS) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 10.7% and no vendor patch available.

XSS Microsoft Active Directory Federation Services
NVD
CVSS 2.0
4.3
EPSS
10.7%
CVE-2014-8607 LOW POC Monitor

The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla!. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Xcloner
NVD Exploit-DB
CVSS 2.0
2.1
EPSS
0.2%
CVE-2015-1764 MEDIUM This Month

The web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allow remote attackers to bypass the Same Origin Policy and send HTTP traffic to intranet servers via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

SSRF Microsoft Exchange Server
NVD
CVSS 2.0
4.3
EPSS
8.1%
CVE-2015-3102 MEDIUM PATCH This Month

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Adobe Google Information Disclosure Microsoft Air +4
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2015-3099 MEDIUM PATCH This Month

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Adobe Google Information Disclosure Microsoft Air +4
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2015-3098 MEDIUM PATCH This Month

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Adobe Google Information Disclosure Microsoft Air +4
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2015-3108 MEDIUM PATCH This Month

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Adobe Google Information Disclosure Microsoft Flash Player +4
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-4415 MEDIUM This Month

Multiple directory traversal vulnerabilities in func.php in Magnifica Webscripts Anima Gallery 2.6 allow remote attackers to include and execute arbitrary local files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP Anima Gallery
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-3101 MEDIUM PATCH This Month

The Flash broker in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Adobe Privilege Escalation Google Microsoft Air +4
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-4171 LOW PATCH Monitor

strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Strongswan Vpn Client Ubuntu Linux Debian Linux Strongswan
NVD
CVSS 2.0
2.6
EPSS
1.0%
CVE-2015-1719 LOW PATCH Monitor

The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2,. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Microsoft Windows 7 Windows 8 Windows 8 1 +6
NVD
CVSS 2.0
2.1
EPSS
2.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy