Skip to main content
CVE-2015-7696 MEDIUM This Month

Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 31.3% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Ubuntu Linux Debian Linux +1
NVD
CVSS 2.0
6.8
EPSS
31.3%
CVE-2015-7697 MEDIUM This Month

Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 29.5% and no vendor patch available.

Denial Of Service Ubuntu Linux Debian Linux Unzip
NVD
CVSS 2.0
4.3
EPSS
29.5%
CVE-2015-7809 MEDIUM PATCH This Month

The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the _self variable in a template. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

RCE PHP Privilege Escalation Twig
NVD GitHub
CVSS 2.0
6.8
EPSS
2.0%
CVE-2015-4282 MEDIUM This Month

Cisco Mobility Services Engine (MSE) through 8.0.120.7 uses weak permissions for unspecified binary files, which allows local users to obtain root privileges by writing to a file, aka Bug ID. Rated medium severity (CVSS 6.9). No vendor patch available.

Cisco Privilege Escalation Mobility Services Engine
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2015-6316 MEDIUM This Month

The default configuration of sshd_config in Cisco Mobility Services Engine (MSE) through 8.0.120.7 allows logins by the oracle account, which makes it easier for remote attackers to obtain access by. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Cisco Authentication Bypass Mobility Services Engine
NVD
CVSS 2.0
6.5
EPSS
0.6%
CVE-2015-5305 MEDIUM PATCH This Month

Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Kubernetes Red Hat Openshift
NVD
CVSS 2.0
6.4
EPSS
0.3%
CVE-2015-6546 MEDIUM This Month

The vCMP host in F5 BIG-IP Analytics, APM, ASM, GTM, Link Controller, and LTM 11.0.0 before 11.6.0, BIG-IP AAM 11.4.0 before 11.6.0, BIG-IP AFM and PEM 11.3.0 before 11.6.0, BIG-IP Edge Gateway,. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Big Ip Application Acceleration Manager Big Ip Global Traffic Manager Big Ip Access Policy Manager Big Ip Webaccelerator +9
NVD
CVSS 2.0
6.1
EPSS
0.3%
CVE-2015-7770 MEDIUM This Month

Dell SonicWall TotalSecure TZ 100 devices with firmware before 5.9.1.0-22o allow remote attackers to cause a denial of service via a crafted packet. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sonicwall Denial Of Service Dell Sonicwall Totalsecure Tz 100 Firmware
NVD
CVSS 2.0
5.0
EPSS
1.1%
CVE-2015-7763 MEDIUM This Month

rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Openafs
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2015-7762 MEDIUM This Month

rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Openafs Debian Linux
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2015-8081 MEDIUM PATCH This Month

The Field as Block module 7.x-1.x before 7.x-1.4 for Drupal might allow remote attackers to obtain sensitive field information by reading a cached block. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Field As Block
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-9749 MEDIUM This Month

Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Squid Opensuse
NVD
CVSS 2.0
4.0
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy