Skip to main content
CVE-2015-8236 CRITICAL Act Now

Arista EOS before 4.11.12, 4.12 before 4.12.11, 4.13 before 4.13.14M, 4.14 before 4.14.5FX.5, and 4.15 before 4.15.0FX1.1 allows remote attackers to execute arbitrary code as root by leveraging. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Privilege Escalation Eos
NVD
CVSS 2.0
10.0
EPSS
8.0%
CVE-2015-7984 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP Groupware Horde Application Framework Debian Linux
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
1.1%
CVE-2014-9756 MEDIUM POC PATCH This Month

The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Libsndfile Ubuntu Linux Leap Opensuse
NVD GitHub
CVSS 2.0
5.0
EPSS
0.7%
CVE-2015-7910 HIGH This Week

Exemys Telemetry Web Server relies on an HTTP Location header to indicate that a client is unauthorized, which allows remote attackers to bypass intended access restrictions by disregarding this. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Telemetry Web Server
NVD
CVSS 2.0
7.8
EPSS
0.4%
CVE-2015-8083 HIGH This Week

An unspecified module in Huawei eSpace U1910, U1911, U1930, U1960, U1980, and U1981 unified gateways with software before V200R003C00SPC300 does not properly initialize memory when processing timeout. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Huawei Espace Firmware
NVD
CVSS 2.0
7.8
EPSS
0.2%
CVE-2015-6370 HIGH This Week

The Management I/O (MIO) component in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows local users to execute arbitrary OS commands as root via crafted CLI. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Cisco Firepower Extensible Operating System
NVD
CVSS 2.0
7.2
EPSS
0.3%
CVE-2015-8087 MEDIUM This Month

Huawei NE20E-S, NE40E-M, and NE40E-M2 routers with software before V800R007C10SPC100 and NE40E and NE80E routers with software before V800R007C00SPC100 allows remote attackers to send packets to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Huawei Ne Router Software
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-7845 MEDIUM This Month

The exception handling mechanism in the CLI Module in Huawei eSpace U1910, U1911, U1930, U1960, U1980, and U1981 unified gateways with software before V100R001C20SPH605 allows remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Huawei Espace Firmware
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-6368 MEDIUM This Month

Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to read files via a crafted HTTP request, aka Bug ID CSCux10608. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Firepower Extensible Operating System
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2015-6369 MEDIUM This Month

The USB driver in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows physically proximate attackers to cause a denial of service via a crafted USB device that. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Cisco Denial Of Service Firepower Extensible Operating System
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2015-7385 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Open-Xchange OX Guard before 2.0.0-rev11 allows remote attackers to inject arbitrary web script or HTML via the uid field in a PGP public key, which is not. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Ox Guard
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-4112 MEDIUM This Month

The Management Console in BlackBerry Enterprise Server (BES) 12 before 12.2 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Enterprise Server
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-6374 MEDIUM This Month

The web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Information Disclosure Firepower Extensible Operating System
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-6371 MEDIUM This Month

Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote authenticated users to read arbitrary files via crafted parameters to unspecified scripts, aka Bug ID. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Firepower Extensible Operating System
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2015-0794 LOW Monitor

modules.d/90crypt/module-setup.sh in the dracut package before 037-17.30.1 in openSUSE 13.2 allows local users to have unspecified impact via a symlink attack on /tmp/dracut_block_uuid.map. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dracut
NVD
CVSS 2.0
3.6
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy