Skip to main content
CVE-2015-5522 MEDIUM POC This Month

Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Tidy Ubuntu Linux Debian Linux +3
NVD GitHub
CVSS 2.0
6.8
EPSS
6.8%
CVE-2015-5523 MEDIUM POC This Month

The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Ubuntu Linux Debian Linux Iphone Os +3
NVD GitHub
CVSS 2.0
4.3
EPSS
5.0%
CVE-2015-3228 MEDIUM This Month

Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Buffer Overflow Afpl Ghostscript
NVD
CVSS 2.0
6.8
EPSS
1.0%
CVE-2015-2323 MEDIUM This Month

FortiOS 5.0.x before 5.0.12 and 5.2.x before 5.2.4 supports anonymous, export, RC4, and possibly other weak ciphers when using TLS to connect to FortiGuard servers, which allows man-in-the-middle. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fortinet Fortios
NVD
CVSS 2.0
6.4
EPSS
0.3%
CVE-2015-5176 MEDIUM This Month

The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Information Disclosure Jboss Portal
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2015-5965 MEDIUM This Month

The SSL-VPN feature in Fortinet FortiOS before 4.3.13 only checks the first byte of the TLS MAC in finished messages, which makes it easier for remote attackers to spoof encrypted content via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fortinet Fortios
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-5369 MEDIUM This Month

Pulse Connect Secure (aka PCS and formerly Juniper PCS) PSC6000, PCS6500, and MAG PSC360 8.1 before 8.1r5, 8.0 before 8.0r13, 7.4 before 7.4r13.5, and 7.1 before 7.1r22.2 and PPS 5.1 before 5.1R5 and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Juniper Information Disclosure Pulse Connect Secure
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-3267 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the 404 error page in Red Hat JBoss Operations Network before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Red Hat Jboss Operations Network
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-3626 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the DHCP Monitor page in the Web User Interface (WebUI) in Fortinet FortiOS before 5.2.4 on FortiGate devices allows remote attackers to inject arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Fortinet Fortios
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy