Skip to main content
CVE-2015-6565 HIGH POC This Week

sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service (terminal disruption) or possibly have unspecified other impact by. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SSH Privilege Escalation Openssh
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
0.3%
CVE-2015-3238 MEDIUM POC This Month

The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Information Disclosure Linux Pam Sparc Opl Service Processor
NVD
CVSS 3.0
6.5
EPSS
3.0%
CVE-2015-5566 CRITICAL PATCH Act Now

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe RCE Microsoft Air Air Sdk +2
NVD
CVSS 2.0
10.0
EPSS
4.8%
CVE-2015-5424 HIGH Act Now

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2885. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.7% and no vendor patch available.

HP RCE Keyview
NVD
CVSS 2.0
7.5
EPSS
15.7%
CVE-2015-5423 HIGH Act Now

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2884. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.7% and no vendor patch available.

HP RCE Keyview
NVD
CVSS 2.0
7.5
EPSS
15.7%
CVE-2015-5422 HIGH Act Now

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2883. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.7% and no vendor patch available.

HP RCE Keyview
NVD
CVSS 2.0
7.5
EPSS
15.7%
CVE-2015-5421 HIGH Act Now

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2881. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.7% and no vendor patch available.

HP RCE Keyview
NVD
CVSS 2.0
7.5
EPSS
15.7%
CVE-2015-5420 HIGH Act Now

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2880. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.7% and no vendor patch available.

HP RCE Keyview
NVD
CVSS 2.0
7.5
EPSS
15.7%
CVE-2015-5419 HIGH Act Now

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2879. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.7% and no vendor patch available.

HP RCE Keyview
NVD
CVSS 2.0
7.5
EPSS
15.7%
CVE-2015-5418 HIGH Act Now

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2877. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.7% and no vendor patch available.

HP RCE Keyview
NVD
CVSS 2.0
7.5
EPSS
15.7%
CVE-2015-5417 HIGH Act Now

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2876. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.7% and no vendor patch available.

HP RCE Keyview
NVD
CVSS 2.0
7.5
EPSS
15.7%
CVE-2015-6659 HIGH PATCH Act Now

SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal 7.x before 7.39 allows remote attackers to execute arbitrary SQL commands via an SQL comment. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 14.5%.

SQLi Drupal
NVD
CVSS 2.0
7.5
EPSS
14.5%
CVE-2015-6496 MEDIUM POC PATCH This Month

conntrackd in conntrack-tools 1.4.2 and earlier does not ensure that the optional kernel modules are loaded before using them, which allows remote attackers to cause a denial of service (crash) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Conntrack Tools Debian Linux
NVD
CVSS 2.0
5.0
EPSS
2.8%
CVE-2015-5416 HIGH This Week

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2875. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Keyview
NVD
CVSS 2.0
7.5
EPSS
6.8%
CVE-2015-5222 HIGH This Week

Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Privilege Escalation Openshift
NVD
CVSS 2.0
8.5
EPSS
0.5%
CVE-2015-5058 HIGH This Week

Memory leak in the virtual server component in F5 Big-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM 11.5.x before 11.5.1 HF10, 11.5.3 before HF1, and 11.6.0 before HF5, BIG-IQ. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +8
NVD
CVSS 2.0
7.8
EPSS
0.8%
CVE-2014-9744 HIGH PATCH This Week

Memory leak in PolarSSL before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of ClientHello messages. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Opensuse Polarssl
NVD
CVSS 2.0
7.8
EPSS
0.5%
CVE-2014-8628 HIGH This Week

Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted X.509 certificates. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Polarssl
NVD
CVSS 2.0
7.8
EPSS
0.5%
CVE-2014-6272 HIGH This Week

Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Debian Linux Libevent
NVD
CVSS 2.0
7.5
EPSS
1.1%
CVE-2015-6525 HIGH This Week

Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Debian Linux Libevent
NVD
CVSS 2.0
7.5
EPSS
1.1%
CVE-2014-3612 HIGH PATCH This Week

The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows remote attackers to bypass authentication by logging in with. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Apache Java Authentication Bypass Activemq
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2015-6564 HIGH This Week

Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging. Rated high severity (CVSS 7.0). No vendor patch available.

SSH Privilege Escalation
NVD GitHub VulDB
CVSS 3.1
7.0
EPSS
2.1%
CVE-2015-6664 MEDIUM This Month

XML external entity (XXE) vulnerability in the application import functionality in SAP Mobile Platform 2.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

XXE SAP Mobile Platform
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2015-6662 MEDIUM This Month

XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

XXE SAP Netweaver
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2015-6660 MEDIUM PATCH This Month

The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not properly validate the form token, which allows remote attackers to conduct CSRF attacks that upload files in a different user's. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF File Upload Drupal
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2015-6563 MEDIUM This Month

The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation. Rated medium severity (CVSS 6.4). No vendor patch available.

SSH Information Disclosure
NVD GitHub VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2015-6251 MEDIUM This Month

Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gnutls Debian Linux
NVD
CVSS 2.0
5.0
EPSS
6.7%
CVE-2015-5963 MEDIUM PATCH This Month

contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Python Django Solaris Ubuntu Linux
NVD
CVSS 2.0
5.0
EPSS
5.2%
CVE-2015-5964 MEDIUM PATCH This Month

The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Python Django Ubuntu Linux Solaris
NVD
CVSS 2.0
5.0
EPSS
4.4%
CVE-2015-6524 MEDIUM PATCH This Month

The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Apache Java Authentication Bypass Fedora Activemq
NVD
CVSS 2.0
5.0
EPSS
1.2%
CVE-2015-6661 MEDIUM PATCH This Month

Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to obtain sensitive node titles by reading the menu. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Drupal
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2015-6665 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Fedora Drupal Ctools
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2015-6244 MEDIUM This Month

The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Wireshark Linux Solaris
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2015-6658 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Autocomplete system in Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Drupal
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2015-6248 MEDIUM This Month

The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Linux Solaris Wireshark
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2015-6246 MEDIUM This Month

The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Linux Solaris Wireshark
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2015-6243 MEDIUM This Month

The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Linux Solaris Wireshark
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2015-6249 MEDIUM This Month

The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.7 does not prevent the conflicting use of a table for both IPv4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Solaris Wireshark
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-6247 MEDIUM This Month

The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.c in the OpenFlow dissector in Wireshark 1.12.x before 1.12.7 does not validate a certain offset value, which allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Solaris Wireshark
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-6242 MEDIUM This Month

The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 does not properly consider a certain. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Solaris Wireshark
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-6241 MEDIUM This Month

The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Wireshark Solaris
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-6245 MEDIUM This Month

epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Wireshark Linux Solaris
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-0298 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the manager web interface in mod_cluster before 1.3.2.Alpha1 allows remote attackers to inject arbitrary web script or HTML via a crafted MCMP message. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Mod Cluster
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-6663 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Client form in the Device Inspector page in SAP Afaria 7 allows remote attackers to inject arbitrary web script or HTML via crafted client name data,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS SAP Afaria
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-8987 LOW Monitor

Cross-site scripting (XSS) vulnerability in the "set configuration" box in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.17 allows remote administrators to. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Mantisbt
NVD GitHub
CVSS 2.0
3.5
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy