Skip to main content
CVE-2014-8176 HIGH POC THREAT Act Now

The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 21.6%.

OpenSSL Denial Of Service Buffer Overflow
NVD GitHub
CVSS 2.0
7.5
EPSS
21.6%
CVE-2015-1791 MEDIUM This Month

Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 10.2% and no vendor patch available.

Denial Of Service Race Condition OpenSSL
NVD GitHub
CVSS 2.0
6.8
EPSS
10.2%
CVE-2015-1789 HIGH This Week

The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Denial Of Service Buffer Overflow Sparc Opl Service Processor
NVD GitHub
CVSS 3.0
7.5
EPSS
4.5%
CVE-2015-0769 HIGH This Week

Cisco IOS XR 4.0.1 through 4.2.0 for CRS-3 Carrier Routing System allows remote attackers to cause a denial of service (NPU ASIC scan and line-card reload) via crafted IPv6 extension headers, aka Bug. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xr Software
NVD
CVSS 2.0
7.8
EPSS
0.4%
CVE-2015-1788 MEDIUM This Month

The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 15.9% and no vendor patch available.

Denial Of Service OpenSSL
NVD GitHub
CVSS 2.0
4.3
EPSS
15.9%
CVE-2015-1792 MEDIUM This Month

The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 12.4% and no vendor patch available.

Denial Of Service OpenSSL
NVD GitHub
CVSS 2.0
5.0
EPSS
12.4%
CVE-2015-0772 HIGH This Week

Cisco TelePresence Video Communication Server (VCS) X8.5RC4 allows remote attackers to cause a denial of service (CPU consumption or device outage) via a crafted SDP parameter-negotiation request in. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Denial Of Service Telepresence Video Communication Server Software
NVD
CVSS 2.0
7.1
EPSS
0.4%
CVE-2015-1790 MEDIUM This Month

The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service OpenSSL
NVD GitHub
CVSS 2.0
5.0
EPSS
9.6%
CVE-2015-0768 MEDIUM This Month

The Device Work Center (DWC) component in Cisco Prime Network Control System (NCS) 2.1(0.0.85), 2.2(0.0.58), and 2.2(0.0.69) does not properly implement AAA roles, which allows remote authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Prime Network Control System
NVD
CVSS 2.0
6.5
EPSS
0.2%
CVE-2015-0771 MEDIUM This Month

The IKE implementation in the WS-IPSEC-3 service module in Cisco IOS 12.2 on Catalyst 6500 devices allows remote authenticated users to cause a denial of service (device reload) by sending a crafted. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD
CVSS 2.0
6.3
EPSS
0.3%
CVE-2015-0773 MEDIUM This Month

Cisco FireSIGHT System Software 5.3.1.3 and 6.0.0 allows remote authenticated users to delete an arbitrary user's dashboard via a modified VPN deletion request in a management session, aka Bug ID. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Firesight System Software
NVD
CVSS 2.0
5.5
EPSS
0.4%
CVE-2015-4182 MEDIUM This Month

The administrative web interface in Cisco Identity Services Engine (ISE) before 1.3 allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Identity Services Engine Software
NVD
CVSS 2.0
5.5
EPSS
0.3%
CVE-2015-0775 MEDIUM This Month

The banner (aka MOTD) implementation in Cisco NX-OS 4.1(2)E1(1f) on Nexus 4000 devices, 5.2(1)SV3(2.1) on Nexus 1000V devices, 6.0(2)N2(2) on Nexus 5000 devices, 6.2(11) on MDS 9000 devices, 6.2(12). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Nx Os Nexus 1000V Mds 9000 Nx Os
NVD
CVSS 2.0
5.0
EPSS
1.2%
CVE-2015-0776 MEDIUM This Month

telnetd in Cisco IOS XR 5.0.1 on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (device reload) via a malformed TELNET packet, aka Bug ID CSCuq31566. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xr
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2015-0774 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cisco Application and Content Networking System (ACNS) 5.5(9) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Application And Content Networking System Software
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-0737 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5.3.1.1 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) GET or (2) POST. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Firesight System Software
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy