Skip to main content
CVE-2015-5371 CRITICAL POC THREAT Emergency

The AuthenticationFilter class in SolarWinds Storage Manager allows remote attackers to upload and execute arbitrary scripts via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 87.7%.

Information Disclosure Storage Manager
NVD
CVSS 2.0
10.0
EPSS
87.7%
Threat
6.1
CVE-2015-3955 CRITICAL Act Now

Stack-based buffer overflow in Hospira LifeCare PCA Infusion System 5.0 and earlier, and possibly other versions, allows remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 14.4% and no vendor patch available.

RCE Buffer Overflow Lifecare Pcainfusion Firmware
NVD
CVSS 2.0
10.0
EPSS
14.4%
CVE-2015-2740 CRITICAL Act Now

Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow Thunderbird Firefox +7
NVD
CVSS 2.0
10.0
EPSS
3.5%
CVE-2015-2733 CRITICAL Act Now

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla RCE Firefox Solaris Firefox Esr +2
NVD
CVSS 2.0
10.0
EPSS
2.7%
CVE-2015-2722 CRITICAL Act Now

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla RCE Solaris Firefox Firefox Esr +3
NVD
CVSS 2.0
10.0
EPSS
2.3%
CVE-2015-2725 CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow RCE Suse Linux Enterprise Software Development Kit +6
NVD
CVSS 2.0
10.0
EPSS
1.6%
CVE-2015-2738 CRITICAL Act Now

The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Ubuntu Linux Linux Enterprise Desktop Linux Enterprise Server +7
NVD
CVSS 2.0
10.0
EPSS
1.3%
CVE-2015-2737 CRITICAL Act Now

The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Ubuntu Linux +7
NVD
CVSS 2.0
10.0
EPSS
1.3%
CVE-2015-2734 CRITICAL Act Now

The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Linux Enterprise Desktop Linux Enterprise Server Linux Enterprise Software Development Kit +7
NVD
CVSS 2.0
10.0
EPSS
1.3%
CVE-2015-2726 CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow RCE Solaris +4
NVD
CVSS 2.0
10.0
EPSS
1.3%
CVE-2015-2739 CRITICAL Act Now

The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which has. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Firefox Suse Linux Enterprise Software Development Kit Ubuntu Linux +6
NVD
CVSS 2.0
10.0
EPSS
1.1%
CVE-2015-2731 CRITICAL Act Now

Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla RCE Firefox Thunderbird Solaris +1
NVD
CVSS 2.0
10.0
EPSS
0.9%
CVE-2015-2724 CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow RCE Solaris +8
NVD
CVSS 2.0
10.0
EPSS
0.9%
CVE-2015-2736 CRITICAL Act Now

The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Firefox Thunderbird Firefox Esr +6
NVD
CVSS 2.0
9.3
EPSS
1.2%
CVE-2015-2735 CRITICAL Act Now

nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird +6
NVD
CVSS 2.0
9.3
EPSS
1.2%
CVE-2015-2721 MEDIUM POC This Month

Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Suse Linux Enterprise Software Development Kit Ubuntu Linux Debian Linux +5
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-3653 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted provisioning template. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Foreman
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-4648 HIGH PATCH This Week

Stack-based buffer overflow in the Ipropsapi.ipropsapiCtrl.1 ActiveX control in ipropsapivideo in Panasonic Security API (PS-API) ActiveX SDK before 8.10.18 allows remote attackers to execute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Security Api Activex Sdk
NVD
CVSS 2.0
7.5
EPSS
3.6%
CVE-2015-3958 HIGH This Week

Hospira LifeCare PCA Infusion System 5.0 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (forced manual reboot) via a flood of TCP packets. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Lifecare Pcainfusion Firmware
NVD
CVSS 2.0
7.8
EPSS
2.0%
CVE-2015-4230 HIGH This Week

Memory leak in Cisco Headend System Release allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, aka Bug ID CSCus91854. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Headend System Release
NVD
CVSS 2.0
7.8
EPSS
0.9%
CVE-2015-4034 HIGH This Week

The createFromParcel method in the com.absolute.android.persistence.MethodSpec class in Samsung Galaxy S5s allows remote attackers to execute arbitrary files via a crafted Parcelable object in a. Rated high severity (CVSS 7.9). No vendor patch available.

Google Samsung Authentication Bypass Galaxy S5
NVD
CVSS 2.0
7.9
EPSS
0.2%
CVE-2015-2743 HIGH This Week

PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla RCE Firefox Firefox Esr Solaris +3
NVD
CVSS 2.0
7.5
EPSS
1.1%
CVE-2015-2728 HIGH This Week

The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Suse Linux Enterprise Desktop +4
NVD
CVSS 2.0
7.5
EPSS
1.1%
CVE-2014-5406 HIGH This Week

The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Lifecare Pcainfusion Firmware
NVD GitHub
CVSS 2.0
7.6
EPSS
0.5%
CVE-2015-4647 MEDIUM PATCH This Month

Multiple stack-based buffer overflows in Ipropsapi in Panasonic Security API (PS-API) ActiveX SDK before 8.10.18 allow remote attackers to execute arbitrary code via a long string in the (1). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

RCE Buffer Overflow Security Api Activex Sdk
NVD
CVSS 2.0
6.8
EPSS
4.3%
CVE-2015-2126 HIGH This Week

Unspecified vulnerability in pppoec in HP HP-UX 11iv2 and 11iv3 allows local users to gain privileges by leveraging setuid permissions. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

HP Privilege Escalation Hp Ux
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2015-2727 MEDIUM This Month

Mozilla Firefox 38.0 and Firefox ESR 38.0 allow user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Google RCE Firefox Chrome
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2014-9737 MEDIUM PATCH This Month

Open redirect vulnerability in the Language Switcher Dropdown module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Open Redirect Language Switcher Dropdown
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2015-1011 MEDIUM This Month

Hospira LifeCare PCA Infusion System before 7.0 has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Lifecare Pcainfusion Firmware
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2015-2729 MEDIUM This Month

The AudioParamTimeline::AudioNodeInputValue function in the Web Audio implementation in Mozilla Firefox before 39.0 and Firefox ESR 38.x before 38.1 does not properly calculate an oscillator. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow Firefox Firefox Esr +2
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-3281 MEDIUM PATCH This Month

The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Debian Linux Haproxy Ubuntu Linux Openstack Cloud +8
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2015-3957 MEDIUM This Month

Hospira LifeCare PCA Infusion System before 7.0 stores private keys and certificates, which has unspecified impact and attack vectors. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Lifecare Pcainfusion Firmware Lifecare Pca3 Lifecare Pca5
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2015-2742 MEDIUM This Month

Mozilla Firefox before 39.0 on OS X includes native key press information during the logging of crashes, which allows remote attackers to obtain sensitive information by leveraging access to a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Solaris Firefox
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-2741 MEDIUM This Month

Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 do not enforce key pinning upon encountering an X.509 certificate problem that generates a user dialog, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Authentication Bypass Firefox Solaris Firefox Esr
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-2730 MEDIUM This Month

Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Suse Linux Enterprise Software Development Kit Debian Linux Suse Linux Enterprise Desktop +4
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-9738 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Tournament module 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Tournament
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-9739 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Node Field module 7.x-2.x before 7.x-2.45 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Node Field
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-4033 LOW Monitor

Samsung SBeam allows remote attackers to read arbitrary images by leveraging an NFC connection to access the HTTP server on port 15000. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure S Beam
NVD
CVSS 2.0
3.3
EPSS
0.4%
CVE-2014-9740 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Rules Link module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer rules links" permission to inject arbitrary. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS Rules Link
NVD
CVSS 2.0
2.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy