Skip to main content
CVE-2015-6545 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in ajax.php in Cerb before 7.0.4 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP Cerb
NVD GitHub Exploit-DB
CVSS 2.0
6.8
EPSS
5.1%
CVE-2015-5736 HIGH POC This Week

The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a (1) 0x220024 or (2) 0x220028. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Privilege Escalation Fortinet Forticlient
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
2.5%
CVE-2015-5190 HIGH This Week

The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Pacemaker Corosync Configuration System
NVD
CVSS 2.0
8.5
EPSS
0.6%
CVE-2015-4552 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the quick edit function in xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Mybb
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-6581 HIGH This Week

Double free vulnerability in the opj_j2k_copy_default_tcp_and_create_tcd function in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 45.0.2454.85, allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service RCE Google Buffer Overflow Chrome
NVD
CVSS 2.0
7.5
EPSS
2.3%
CVE-2015-1299 HIGH This Week

Use-after-free vulnerability in the shared-timer implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome
NVD
CVSS 2.0
7.5
EPSS
1.9%
CVE-2015-1295 HIGH This Week

Multiple use-after-free vulnerabilities in the PrintWebViewHelper class in components/printing/renderer/print_web_view_helper.cc in Google Chrome before 45.0.2454.85 allow user-assisted remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome
NVD
CVSS 2.0
7.5
EPSS
1.2%
CVE-2015-1294 HIGH This Week

Use-after-free vulnerability in the SkMatrix::invertNonIdentity function in core/SkMatrix.cpp in Skia, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome
NVD
CVSS 2.0
7.5
EPSS
1.1%
CVE-2015-1297 HIGH This Week

The WebRequest API implementation in extensions/browser/api/web_request/web_request_api.cc in Google Chrome before 45.0.2454.85 does not properly consider a request's source before accepting the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome
NVD
CVSS 2.0
7.5
EPSS
0.9%
CVE-2015-1301 HIGH This Week

Multiple unspecified vulnerabilities in Google Chrome before 45.0.2454.85 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2015-1293 HIGH This Week

The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Google Chrome
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2015-1516 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in Polycom RealPresence CloudAXIS Suite before 1.7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Realpresence Cloudaxis Suite
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-6580 HIGH This Week

Multiple unspecified vulnerabilities in Google V8 before 4.5.103.29, as used in Google Chrome before 45.0.2454.85, allow attackers to cause a denial of service or possibly have other impact via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google V8 Chrome
NVD
CVSS 2.0
7.5
EPSS
0.1%
CVE-2015-5737 HIGH This Week

The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) mdare64_52.sys, and (5) Fortishield.sys drivers in Fortinet FortiClient before 5.2.4 do not properly restrict access to the API for. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Privilege Escalation Microsoft Forticlient
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2015-5735 HIGH This Week

The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to write to arbitrary memory locations via a. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Fortinet Forticlient
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2015-6582 MEDIUM This Month

The decompose function in platform/transforms/TransformationMatrix.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not verify that a matrix inversion succeeded, which allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Chrome
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2015-1291 MEDIUM This Month

The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Google Chrome
NVD
CVSS 2.0
6.4
EPSS
0.6%
CVE-2015-4077 LOW POC Monitor

The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to read arbitrary kernel memory via a 0x22608C. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Fortinet Forticlient
NVD Exploit-DB
CVSS 2.0
2.1
EPSS
0.2%
CVE-2015-1300 MEDIUM This Month

The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome
NVD GitHub
CVSS 2.0
5.0
EPSS
0.9%
CVE-2015-1296 MEDIUM This Month

The UnescapeURLWithAdjustmentsImpl implementation in net/base/escape.cc in Google Chrome before 45.0.2454.85 does not prevent display of Unicode LOCK characters in the omnibox, which makes it easier. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2015-1292 MEDIUM This Month

The NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker.cpp in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Google Chrome
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2015-5189 MEDIUM This Month

Race condition in pcsd in PCS 0.9.139 and earlier uses a global variable to validate usernames, which allows remote authenticated users to gain privileges by sending a command that is checked for. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Information Disclosure Pacemaker Corosync Configuration System
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2015-1298 MEDIUM This Month

The RuntimeEventRouter::OnExtensionUninstalled function in extensions/browser/api/runtime/runtime_api.cc in Google Chrome before 45.0.2454.85 does not ensure that the setUninstallURL preference. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2015-6506 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the cryptography interface in Request Tracker (RT) before 4.2.12 allows remote attackers to inject arbitrary web script or HTML via a crafted public key. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Request Tracker
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-6583 MEDIUM This Month

Google Chrome before 45.0.2454.85 does not display a location bar for a hosted app's window after navigation away from the installation site, which might make it easier for remote attackers to spoof. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-6654 LOW PATCH Monitor

The xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4.5.x, 4.4.x, and earlier does not limit the number of printk console messages when reporting a failure to retrieve a reference on a. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Denial Of Service Privilege Escalation Xen
NVD
CVSS 2.0
2.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy