Skip to main content
CVE-2015-3214 MEDIUM POC PATCH This Month

The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute. Rated medium severity (CVSS 6.9). Public exploit code available.

RCE Linux Buffer Overflow Qemu Linux Kernel +17
NVD GitHub Exploit-DB
CVSS 2.0
6.9
EPSS
1.6%
CVE-2015-6655 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in Pligg CMS 2.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator via a request to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP Pligg Cms
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-2570 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in www/make_subset.php in PHP Font Lib before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Php Font Lib
NVD GitHub
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-3148 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in libahttp/err.c in OkCupid OKWS (OK Web Server) allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to a non-existent page,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Ok Web Server
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-6616 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Softing FG-100 PROFIBUS Single Channel (FG-100-PB) with firmware FG-x00-PB_V2.02.0.00 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Fg X00 Profibus Firmware
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-5366 MEDIUM This Month

The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel Enterprise Linux Server Aus
NVD GitHub
CVSS 2.0
5.0
EPSS
9.7%
CVE-2014-2330 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Multisite GUI in Check_MK before 1.2.5i2 allow remote attackers to hijack the authentication of users for requests that (1) upload. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Check Mk
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-6743 MEDIUM This Month

Basware Banking (Maksuliikenne) 8.90.07.X uses a hardcoded password for an unspecified account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Banking
NVD
CVSS 2.0
6.5
EPSS
0.2%
CVE-2015-6742 MEDIUM This Month

Basware Banking (Maksuliikenne) before 8.90.07.X uses a hardcoded password for the ANCO account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Banking
NVD
CVSS 2.0
6.5
EPSS
0.2%
CVE-2015-5717 MEDIUM This Month

The Siemens COMPAS Mobile application before 1.6 for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Google Information Disclosure Siemens Compas
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2015-0943 MEDIUM This Month

Basware Banking (Maksuliikenne) before 9.10.0.0 does not encrypt communication between the client and the backend server, which allows man-in-the-middle attackers to obtain encryption keys, user. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Banking
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2014-2332 MEDIUM This Month

Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allows remote authenticated users to delete arbitrary files via a request to an unspecified link, related to "Insecure Direct Object References.". Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Check Mk
NVD
CVSS 2.0
5.5
EPSS
0.4%
CVE-2015-6747 MEDIUM This Month

Basware Banking (Maksuliikenne) 8.90.07.X does not properly prevent access to private keys, which allows remote attackers to spoof communications with banks via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Banking
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-3212 MEDIUM PATCH This Month

Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 allows local users to cause a denial of service (list corruption and panic) via a rapid series of system calls related to sockets,. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity.

Denial Of Service Race Condition Linux Linux Kernel
NVD GitHub
CVSS 2.0
4.9
EPSS
0.1%
CVE-2015-4700 MEDIUM This Month

The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service (system crash) by creating a packet filter and then. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 2.0
4.9
EPSS
0.1%
CVE-2015-6526 MEDIUM This Month

The perf_callchain_user_64 function in arch/powerpc/perf/callchain.c in the Linux kernel before 4.0.2 on ppc64 platforms allows local users to cause a denial of service (infinite loop) via a deep. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 2.0
4.9
EPSS
0.0%
CVE-2014-9730 MEDIUM This Month

The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allows local users to cause a denial of service (system crash) via. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 2.0
4.9
EPSS
0.0%
CVE-2014-9729 MEDIUM This Month

The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.18.2 does not ensure a certain data-structure size consistency, which allows local users to cause a denial of service. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 2.0
4.9
EPSS
0.0%
CVE-2015-1333 MEDIUM This Month

Memory leak in the __key_link_end function in security/keys/keyring.c in the Linux kernel before 4.1.4 allows local users to cause a denial of service (memory consumption) via many add_key system. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Buffer Overflow Linux Kernel
NVD GitHub
CVSS 2.0
4.9
EPSS
0.0%
CVE-2014-9728 MEDIUM This Month

The UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths, which allows local users to cause a denial of service (buffer over-read and system crash) via a. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Buffer Overflow Linux Kernel
NVD GitHub
CVSS 2.0
4.9
EPSS
0.0%
CVE-2015-5706 MEDIUM PATCH This Month

Use-after-free vulnerability in the path_openat function in fs/namei.c in the Linux kernel 3.x and 4.x before 4.0.4 allows local users to cause a denial of service or possibly have unspecified other. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Linux Use After Free Linux Kernel +2
NVD GitHub
CVSS 2.0
4.6
EPSS
0.1%
CVE-2015-6745 MEDIUM This Month

Basware Banking (Maksuliikenne) 8.90.07.X relies on the client to enforce account locking, which allows local users to bypass that security mechanism by deleting the entry from the locking table. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Banking
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2015-6744 MEDIUM This Month

Basware Banking (Maksuliikenne) before 8.90.07.X relies on the client to enforce (1) login verification, (2) audit trail creation, and (3) account locking, which allows remote attackers to "disrupt. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Banking
NVD
CVSS 2.0
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy