Skip to main content
CVE-2015-3238 MEDIUM POC This Month

The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Information Disclosure Linux Pam Sparc Opl Service Processor
NVD
CVSS 3.0
6.5
EPSS
3.0%
CVE-2015-6496 MEDIUM POC PATCH This Month

conntrackd in conntrack-tools 1.4.2 and earlier does not ensure that the optional kernel modules are loaded before using them, which allows remote attackers to cause a denial of service (crash) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Conntrack Tools Debian Linux
NVD
CVSS 2.0
5.0
EPSS
2.8%
CVE-2015-6664 MEDIUM This Month

XML external entity (XXE) vulnerability in the application import functionality in SAP Mobile Platform 2.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

XXE SAP Mobile Platform
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2015-6662 MEDIUM This Month

XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

XXE SAP Netweaver
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2015-6660 MEDIUM PATCH This Month

The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not properly validate the form token, which allows remote attackers to conduct CSRF attacks that upload files in a different user's. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF File Upload Drupal
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2015-6563 MEDIUM This Month

The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation. Rated medium severity (CVSS 6.4). No vendor patch available.

SSH Information Disclosure
NVD GitHub VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2015-6251 MEDIUM This Month

Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gnutls Debian Linux
NVD
CVSS 2.0
5.0
EPSS
6.7%
CVE-2015-5963 MEDIUM PATCH This Month

contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Python Django Solaris Ubuntu Linux
NVD
CVSS 2.0
5.0
EPSS
5.2%
CVE-2015-5964 MEDIUM PATCH This Month

The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Python Django Ubuntu Linux Solaris
NVD
CVSS 2.0
5.0
EPSS
4.4%
CVE-2015-6524 MEDIUM PATCH This Month

The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Apache Java Authentication Bypass Fedora Activemq
NVD
CVSS 2.0
5.0
EPSS
1.2%
CVE-2015-6661 MEDIUM PATCH This Month

Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to obtain sensitive node titles by reading the menu. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Drupal
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2015-6665 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Fedora Drupal Ctools
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2015-6244 MEDIUM This Month

The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Wireshark Linux Solaris
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2015-6658 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Autocomplete system in Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Drupal
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2015-6248 MEDIUM This Month

The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Linux Solaris Wireshark
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2015-6246 MEDIUM This Month

The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Linux Solaris Wireshark
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2015-6243 MEDIUM This Month

The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Linux Solaris Wireshark
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2015-6249 MEDIUM This Month

The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.7 does not prevent the conflicting use of a table for both IPv4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Solaris Wireshark
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-6247 MEDIUM This Month

The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.c in the OpenFlow dissector in Wireshark 1.12.x before 1.12.7 does not validate a certain offset value, which allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Solaris Wireshark
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-6242 MEDIUM This Month

The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 does not properly consider a certain. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Solaris Wireshark
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-6241 MEDIUM This Month

The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Wireshark Solaris
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-6245 MEDIUM This Month

epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Wireshark Linux Solaris
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-0298 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the manager web interface in mod_cluster before 1.3.2.Alpha1 allows remote attackers to inject arbitrary web script or HTML via a crafted MCMP message. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Mod Cluster
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-6663 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Client form in the Device Inspector page in SAP Afaria 7 allows remote attackers to inject arbitrary web script or HTML via crafted client name data,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS SAP Afaria
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy