Skip to main content
CVE-2015-7696 MEDIUM This Month

Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 31.3% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Ubuntu Linux Debian Linux +1
NVD
CVSS 2.0
6.8
EPSS
31.3%
CVE-2015-5672 CRITICAL Act Now

TYPE-MOON Fate/stay night, Fate/hollow ataraxia, Witch on the Holy Night, and Fate/stay night + hollow ataraxia set allow remote attackers to execute arbitrary OS commands via crafted saved data. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Fate Hollow Ataraxia Fate Stay Night Fate Stay Night Hollow Ataraxia Set Witch On The Holy Night
NVD
CVSS 2.0
10.0
EPSS
2.3%
CVE-2015-7697 MEDIUM This Month

Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 29.5% and no vendor patch available.

Denial Of Service Ubuntu Linux Debian Linux Unzip
NVD
CVSS 2.0
4.3
EPSS
29.5%
CVE-2015-7394 CRITICAL Act Now

The datastor kernel module in F5 BIG-IP Analytics, APM, ASM, Link Controller, and LTM 11.1.0 before 12.0.0, BIG-IP AAM 11.4.0 before 12.0.0, BIG-IP AFM, PEM 11.3.0 before 12.0.0, BIG-IP Edge Gateway,. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Big Iq Device Big Ip Policy Enforcement Manager Big Ip Global Traffic Manager +15
NVD
CVSS 2.0
9.0
EPSS
1.3%
CVE-2015-6298 CRITICAL Act Now

The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Cisco Web Security Appliance
NVD
CVSS 2.0
9.0
EPSS
0.4%
CVE-2015-6855 HIGH This Week

hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Qemu Debian Linux Fedora Linux Enterprise Desktop +3
NVD
CVSS 3.1
7.5
EPSS
5.8%
CVE-2015-6321 HIGH This Week

Cisco AsyncOS before 8.5.7-042, 9.x before 9.1.0-032, 9.1.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-042 on Email Security Appliance (ESA) devices; before 9.1.0-032, 9.1.1 before 9.1.1-005,. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Web Security Appliance Content Security Management Appliance Email Security Appliance
NVD
CVSS 2.0
7.8
EPSS
0.6%
CVE-2015-6291 HIGH This Week

Cisco AsyncOS before 8.5.7-043, 9.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-046 on Email Security Appliance (ESA) devices mishandles malformed fields during body-contains,. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Email Security Appliance
NVD
CVSS 2.0
7.8
EPSS
0.4%
CVE-2015-6292 HIGH This Week

The proxy-cache implementation in Cisco AsyncOS 8.0.x before 8.0.7-151, 8.1.x and 8.5.x before 8.5.2-004, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Web Security Appliance
NVD
CVSS 2.0
7.8
EPSS
0.4%
CVE-2015-6293 HIGH This Week

Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote attackers. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Web Security Appliance
NVD
CVSS 2.0
7.8
EPSS
0.4%
CVE-2015-8082 HIGH PATCH This Week

The Login Disable module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly load the user_logout function, which allows remote attackers to bypass the logout protection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Login Disable
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2015-5225 HIGH PATCH This Week

Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash). Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Denial Of Service RCE Buffer Overflow Openstack Fedora +1
NVD
CVSS 2.0
7.2
EPSS
0.2%
CVE-2015-7809 MEDIUM PATCH This Month

The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the _self variable in a template. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

RCE PHP Privilege Escalation Twig
NVD GitHub
CVSS 2.0
6.8
EPSS
2.0%
CVE-2015-4282 MEDIUM This Month

Cisco Mobility Services Engine (MSE) through 8.0.120.7 uses weak permissions for unspecified binary files, which allows local users to obtain root privileges by writing to a file, aka Bug ID. Rated medium severity (CVSS 6.9). No vendor patch available.

Cisco Privilege Escalation Mobility Services Engine
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2015-6316 MEDIUM This Month

The default configuration of sshd_config in Cisco Mobility Services Engine (MSE) through 8.0.120.7 allows logins by the oracle account, which makes it easier for remote attackers to obtain access by. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Cisco Authentication Bypass Mobility Services Engine
NVD
CVSS 2.0
6.5
EPSS
0.6%
CVE-2015-5305 MEDIUM PATCH This Month

Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Kubernetes Red Hat Openshift
NVD
CVSS 2.0
6.4
EPSS
0.3%
CVE-2015-6546 MEDIUM This Month

The vCMP host in F5 BIG-IP Analytics, APM, ASM, GTM, Link Controller, and LTM 11.0.0 before 11.6.0, BIG-IP AAM 11.4.0 before 11.6.0, BIG-IP AFM and PEM 11.3.0 before 11.6.0, BIG-IP Edge Gateway,. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Big Ip Application Acceleration Manager Big Ip Global Traffic Manager Big Ip Access Policy Manager Big Ip Webaccelerator +9
NVD
CVSS 2.0
6.1
EPSS
0.3%
CVE-2015-7770 MEDIUM This Month

Dell SonicWall TotalSecure TZ 100 devices with firmware before 5.9.1.0-22o allow remote attackers to cause a denial of service via a crafted packet. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sonicwall Denial Of Service Dell Sonicwall Totalsecure Tz 100 Firmware
NVD
CVSS 2.0
5.0
EPSS
1.1%
CVE-2015-7763 MEDIUM This Month

rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Openafs
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2015-7762 MEDIUM This Month

rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Openafs Debian Linux
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2015-8081 MEDIUM PATCH This Month

The Field as Block module 7.x-1.x before 7.x-1.4 for Drupal might allow remote attackers to obtain sensitive field information by reading a cached block. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Field As Block
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-9749 MEDIUM This Month

Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Squid Opensuse
NVD
CVSS 2.0
4.0
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy