Skip to main content
CVE-2015-5161 MEDIUM POC PATCH THREAT This Month

The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 32.8%.

XXE Zend Framework
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
32.8%
CVE-2015-5949 MEDIUM This Month

VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file, which triggers the freeing of arbitrary. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service RCE Buffer Overflow Vlc Media Player
NVD
CVSS 2.0
6.8
EPSS
7.4%
CVE-2015-3269 MEDIUM PATCH This Month

Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.3%.

Adobe XXE Information Disclosure Apache Business Service Management +1
NVD
CVSS 2.0
5.0
EPSS
13.3%
CVE-2015-5786 MEDIUM PATCH This Month

Apple QuickTime before 7.7.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Apple Buffer Overflow RCE Quicktime
NVD
CVSS 2.0
6.8
EPSS
1.5%
CVE-2015-5785 MEDIUM PATCH This Month

Apple QuickTime before 7.7.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Apple Buffer Overflow RCE Quicktime
NVD
CVSS 2.0
6.8
EPSS
1.5%
CVE-2015-6262 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Cisco Prime Infrastructure 1.2(0.103) and 2.0(0.0) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCum49054. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cisco Prime Infrastructure
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2012-2150 MEDIUM This Month

xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Xfsprogs
NVD
CVSS 2.0
5.0
EPSS
1.7%
CVE-2015-4020 MEDIUM PATCH This Month

RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Solaris Rubygems
NVD GitHub
CVSS 2.0
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy