Skip to main content
CVE-2015-8096 CRITICAL Act Now

Integer overflow in Google Picasa 3.9.140 Build 239 and Build 248 allows remote attackers to execute arbitrary code via unspecified vectors related to "phase one 0x412 tag," which triggers a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 17.1% and no vendor patch available.

RCE Google Buffer Overflow Picasa
NVD
CVSS 2.0
10.0
EPSS
17.1%
CVE-2014-8873 CRITICAL Act Now

A .desktop file in the Debian openjdk-7 package 7u79-2.5.5-1~deb8u1 includes a MIME type registration that is added to /etc/mailcap by mime-support, which allows remote attackers to execute arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.0% and no vendor patch available.

Debian RCE Openjdk
NVD
CVSS 2.0
10.0
EPSS
10.0%
CVE-2015-2213 HIGH PATCH Act Now

SQL injection vulnerability in the wp_untrash_post_comments function in wp-includes/post.php in WordPress before 4.2.4 allows remote attackers to execute arbitrary SQL commands via a comment that is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 21.2%.

WordPress SQLi PHP
NVD
CVSS 2.0
7.5
EPSS
21.2%
CVE-2015-5731 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in wp-admin/post.php in WordPress before 4.2.4 allows remote attackers to hijack the authentication of administrators for requests that lock a post,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 14.8%.

CSRF WordPress PHP Denial Of Service
NVD
CVSS 2.0
6.8
EPSS
14.8%
CVE-2015-2696 HIGH PATCH This Week

lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable.

Denial Of Service Kerberos 5 Leap Opensuse Linux Enterprise Desktop +4
NVD GitHub
CVSS 2.0
7.1
EPSS
8.3%
CVE-2015-5730 MEDIUM PATCH This Month

The sanitize_widget_instance function in wp-includes/class-wp-customize-widgets.php in WordPress before 4.2.4 does not use a constant-time comparison for widgets, which allows remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress PHP Information Disclosure
NVD
CVSS 2.0
5.0
EPSS
9.5%
CVE-2015-8003 MEDIUM PATCH This Month

MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not throttle file uploads, which allows remote authenticated users to have unspecified impact via multiple file uploads. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Mediawiki
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2015-8002 MEDIUM PATCH This Month

The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 allows remote authenticated users to cause a denial of service (disk consumption) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service File Upload Mediawiki
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2015-5218 LOW POC PATCH Monitor

Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Util Linux Opensuse Leap
NVD GitHub
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-2695 MEDIUM PATCH This Month

lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Kerberos 5 Solaris Ubuntu Linux Debian Linux +5
NVD GitHub
CVSS 2.0
5.0
EPSS
5.4%
CVE-2015-7295 MEDIUM This Month

hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service (guest. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Qemu Fedora Debian Linux
NVD
CVSS 2.0
5.0
EPSS
3.6%
CVE-2015-8041 MEDIUM This Month

Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Wpa Supplicant Opensuse Hostapd
NVD
CVSS 2.0
5.0
EPSS
1.5%
CVE-2015-2697 MEDIUM PATCH This Month

The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash). Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Information Disclosure Buffer Overflow Kerberos 5 Solaris +7
NVD GitHub
CVSS 2.0
4.0
EPSS
6.4%
CVE-2015-7940 MEDIUM PATCH This Month

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Java Leap Opensuse Bouncy Castle Crypto Package +4
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2015-8005 MEDIUM PATCH This Month

MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 uses the thumbnail ImageMagick command line argument, which allows remote attackers to obtain the installation path by reading. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Mediawiki
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-8095 MEDIUM PATCH This Month

The recycle bin feature in the Monster Menus module 7.x-1.21 before 7.x-1.24 for Drupal does not properly remove nodes from view, which allows remote attackers to obtain sensitive information via an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Monster Menus
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-5734 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the legacy theme preview implementation in wp-includes/theme.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS WordPress PHP
NVD
CVSS 2.0
4.3
EPSS
3.4%
CVE-2015-5732 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the form function in the WP_Nav_Menu_Widget class in wp-includes/default-widgets.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS WordPress PHP
NVD
CVSS 2.0
4.3
EPSS
1.7%
CVE-2015-5733 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the refreshAdvancedAccessibilityOfItem function in wp-admin/js/nav-menu.js in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS WordPress
NVD
CVSS 2.0
4.3
EPSS
1.5%
CVE-2015-3240 MEDIUM This Month

The pluto IKE daemon in libreswan before 3.15 and Openswan before 2.6.45, when built with NSS, allows remote attackers to cause a denial of service (assertion failure and daemon restart) via a zero. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Libreswan
NVD
CVSS 2.0
4.3
EPSS
1.2%
CVE-2015-8006 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the PageTriage toolbar in the PageTriage extension for MediWiki allows remote attackers to inject arbitrary web script or HTML via the page title. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Pagetriage
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-8007 MEDIUM PATCH This Month

The Echo extension for MediWiki does not properly implement the hideuser functionality, which allows remote authenticated users to see hidden usernames in "non-revision based" notifications, as. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Echo
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2015-8004 MEDIUM PATCH This Month

MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not properly restrict access to revisions, which allows remote authenticated users with the viewsuppressed user right to. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Mediawiki
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2015-8001 LOW PATCH Monitor

The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not restrict the uploaded data to the claimed file size, which allows remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Denial Of Service Authentication Bypass Mediawiki
NVD
CVSS 2.0
3.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy