Skip to main content
CVE-2015-7995 MEDIUM POC This Month

The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Iphone Os Mac Os X Tvos Watchos +1
NVD
CVSS 2.0
5.0
EPSS
1.4%
CVE-2015-8218 MEDIUM This Month

The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg before 2.8.2 does not validate uncompressed runs, which allows remote attackers to cause a denial of service (out-of-bounds array. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Ffmpeg
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2015-5301 MEDIUM PATCH This Month

providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.2 and 1.1.x before 1.1.1 does not properly check permissions, which allows remote authenticated users to. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Privilege Escalation Ipsilon
NVD
CVSS 2.0
5.5
EPSS
0.7%
CVE-2015-0272 MEDIUM PATCH This Month

GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Networkmanager Linux Enterprise Debuginfo Linux Enterprise Desktop Linux Enterprise Real Time Extension +5
NVD
CVSS 2.0
5.0
EPSS
1.1%
CVE-2015-5311 MEDIUM PATCH This Month

PowerDNS (aka pdns) Authoritative Server 3.4.4 before 3.4.7 allows remote attackers to cause a denial of service (assertion failure and server crash) via crafted query packets. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Authoritative
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2015-5276 MEDIUM This Month

The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gcc
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-7998 MEDIUM PATCH This Month

The administration UI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Citrix Information Disclosure Netscaler Service Delivery Appliance Service Vm Netscaler Gateway Firmware Netscaler Application Delivery Controller Firmware
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-7996 MEDIUM PATCH This Month

The Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Citrix Information Disclosure Netscaler Application Delivery Controller Firmware Netscaler Service Delivery Appliance Service Vm Netscaler Gateway Firmware
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-7812 MEDIUM PATCH This Month

The hypercall_create_continuation function in arch/arm/domain.c in Xen 4.4.x through 4.6.x allows local guest users to cause a denial of service (host crash) via a preemptible hypercall to the. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity.

Denial Of Service Xen
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2015-8222 MEDIUM PATCH This Month

The lxd-unix.socket systemd unit file in the Ubuntu lxd package before 0.20-0ubuntu4.1 uses world-readable permissions for /var/lib/lxd/unix.socket, which allows local users to gain privileges via. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Privilege Escalation Ubuntu Ubuntu Linux
NVD GitHub
CVSS 2.0
4.6
EPSS
0.1%
CVE-2015-7997 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Citrix Netscaler Service Delivery Appliance Service Vm Netscaler Application Delivery Controller Firmware Netscaler Gateway Firmware
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-8232 MEDIUM PATCH This Month

The UC Profile module 6.x-1.x before 6.x-1.3 for Drupal does not properly check access to profiles in certain circumstances, which might allow remote attackers to obtain sensitive information from. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Uc Profile
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-5217 MEDIUM PATCH This Month

providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not properly check permissions to update the SAML2 Service Provider (SP) owner, which allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Privilege Escalation Ipsilon
NVD
CVSS 2.0
4.0
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy