Skip to main content
CVE-2015-5696 MEDIUM POC THREAT This Month

Dell Netvault Backup before 10.0.5 allows remote attackers to cause a denial of service (crash) via a crafted request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 16.2%.

Denial Of Service Dell Netvault Backup
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
16.2%
CVE-2015-2449 MEDIUM This Month

Microsoft Internet Explorer 7 through 11 and Edge allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "ASLR Bypass.". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 16.6% and no vendor patch available.

Information Disclosure Microsoft Internet Explorer Edge
NVD
CVSS 2.0
4.3
EPSS
16.6%
CVE-2015-2445 MEDIUM This Month

Microsoft Internet Explorer 10 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "ASLR Bypass.". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 14.9% and no vendor patch available.

Information Disclosure Microsoft Internet Explorer
NVD
CVSS 2.0
4.3
EPSS
14.9%
CVE-2015-3235 MEDIUM This Month

Foreman before 1.9.0 allows remote authenticated users with the edit_users permission to edit administrator users and change their passwords via unspecified vectors. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Foreman
NVD
CVSS 2.0
6.0
EPSS
0.6%
CVE-2015-1819 MEDIUM PATCH This Month

The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Debian Linux Ubuntu Linux Enterprise Linux Libxml +8
NVD
CVSS 2.0
5.0
EPSS
1.9%
CVE-2015-3155 MEDIUM PATCH This Month

Foreman before 1.8.1 does not set the secure flag for the _session_id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Foreman
NVD GitHub
CVSS 2.0
5.0
EPSS
0.6%
CVE-2015-1816 MEDIUM This Month

Forman before 1.7.4 does not verify SSL certificates for LDAP connections, which allows man-in-the-middle attackers to spoof LDAP servers via a crafted certificate. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Foreman
NVD GitHub
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-5475 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Request Tracker (RT) 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) user and (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Request Tracker
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-8155 MEDIUM This Month

GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Gnutls
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-3289 MEDIUM PATCH This Month

OpenStack Glance before 2015.1.1 (kilo) allows remote authenticated users to cause a denial of service (disk consumption) by repeatedly using the import task flow API to create images and then. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Glance
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2015-1844 MEDIUM PATCH This Month

Foreman before 1.7.5 allows remote authenticated users to bypass organization and location restrictions by connecting through the REST API. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Foreman
NVD GitHub
CVSS 2.0
4.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy