Skip to main content
CVE-2015-3246 HIGH POC THREAT Act Now

libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 21.4%.

Denial Of Service Privilege Escalation Libuser
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
21.4%
CVE-2015-5522 MEDIUM POC This Month

Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Tidy Ubuntu Linux Debian Linux +3
NVD GitHub
CVSS 2.0
6.8
EPSS
6.8%
CVE-2015-4634 HIGH POC This Week

SQL injection vulnerability in graphs.php in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cacti
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2015-3245 LOW POC THREAT Monitor

Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 11.2%.

Denial Of Service Libuser
NVD Exploit-DB
CVSS 2.0
2.1
EPSS
11.2%
CVE-2015-5523 MEDIUM POC This Month

The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Ubuntu Linux Debian Linux Iphone Os +3
NVD GitHub
CVSS 2.0
4.3
EPSS
5.0%
CVE-2015-1818 HIGH This Week

XML external entity (XXE) vulnerability in the dashbuilder import facility (DocumentBuilders in org.jboss.dashboard.export.ImportManagerImpl) in Red Hat JBoss BPM Suite before 6.1.2 allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat XXE SSRF Jboss Bpm Suite
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2015-3228 MEDIUM This Month

Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Buffer Overflow Afpl Ghostscript
NVD
CVSS 2.0
6.8
EPSS
1.0%
CVE-2015-2323 MEDIUM This Month

FortiOS 5.0.x before 5.0.12 and 5.2.x before 5.2.4 supports anonymous, export, RC4, and possibly other weak ciphers when using TLS to connect to FortiGuard servers, which allows man-in-the-middle. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fortinet Fortios
NVD
CVSS 2.0
6.4
EPSS
0.3%
CVE-2015-5176 MEDIUM This Month

The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Information Disclosure Jboss Portal
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2015-5965 MEDIUM This Month

The SSL-VPN feature in Fortinet FortiOS before 4.3.13 only checks the first byte of the TLS MAC in finished messages, which makes it easier for remote attackers to spoof encrypted content via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fortinet Fortios
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-5369 MEDIUM This Month

Pulse Connect Secure (aka PCS and formerly Juniper PCS) PSC6000, PCS6500, and MAG PSC360 8.1 before 8.1r5, 8.0 before 8.0r13, 7.4 before 7.4r13.5, and 7.1 before 7.1r22.2 and PPS 5.1 before 5.1R5 and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Juniper Information Disclosure Pulse Connect Secure
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-3267 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the 404 error page in Red Hat JBoss Operations Network before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Red Hat Jboss Operations Network
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-3626 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the DHCP Monitor page in the Web User Interface (WebUI) in Fortinet FortiOS before 5.2.4 on FortiGate devices allows remote attackers to inject arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Fortinet Fortios
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy