Skip to main content
CVE-2015-3628 CRITICAL POC THREAT Emergency

The iControl API in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP AAM 11.4.0 before 11.5.3 HF2 and 11.6.0 before. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 75.2%.

Privilege Escalation Big Iq Security Big Ip Application Acceleration Manager Big Ip Wan Optimization Manager Big Iq Adc +14
NVD Exploit-DB
CVSS 2.0
9.0
EPSS
75.2%
Threat
5.6
CVE-2015-5287 MEDIUM POC THREAT This Month

The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable. Rated medium severity (CVSS 6.9). Public exploit code available and EPSS exploitation probability 12.9%.

Information Disclosure Automatic Bug Reporting Tool Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server +1
NVD GitHub Exploit-DB
CVSS 2.0
6.9
EPSS
12.9%
CVE-2015-1342 MEDIUM POC This Month

LXCFS before 0.12 does not properly enforce directory escapes, which might allow local users to gain privileges by (1) querying or (2) updating a cgroup. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ubuntu Linux Lxcfs
NVD GitHub
CVSS 2.0
4.6
EPSS
0.1%
CVE-2015-7348 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in zTree 3.5.19.1 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Ztree
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-3276 HIGH PATCH This Week

The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure OpenSSL Openldap Linux Enterprise Linux Desktop +6
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2015-8125 HIGH PATCH This Week

Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 might allow remote attackers to have unspecified impact via a timing attack involving the (1). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

CSRF Symfony
NVD
CVSS 2.0
7.5
EPSS
1.0%
CVE-2015-5273 LOW POC Monitor

The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Automatic Bug Reporting Tool Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server +1
NVD GitHub Exploit-DB
CVSS 2.0
3.6
EPSS
0.3%
CVE-2015-1344 HIGH This Week

The do_write_pids function in lxcfs.c in LXCFS before 0.12 does not properly check permissions, which allows local users to gain privileges by writing a pid to the tasks file. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ubuntu Linux Lxcfs
NVD GitHub
CVSS 2.0
7.2
EPSS
0.0%
CVE-2015-8084 HIGH This Week

Huawei USG5500, USG2100, USG2200, and USG5100 unified security gateways with software before V300R001C10SPC600, when "DHCP Snooping" is enabled and either "option82 insert" or "option82 rebuild" is. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Huawei Unified Security Gateway Firmware
NVD
CVSS 2.0
7.1
EPSS
0.4%
CVE-2015-8124 MEDIUM PATCH This Month

Session fixation vulnerability in the "Remember Me" login feature in Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 allows remote attackers to hijack web sessions via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Symfony
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2015-8131 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Elasticsearch Kibana before 4.1.3 and 4.2.x before 4.2.1 allows remote attackers to hijack the authentication of unspecified victims via unknown. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Elastic CSRF Kibana
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2015-8213 MEDIUM PATCH This Month

The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Python Information Disclosure Django
NVD GitHub
CVSS 2.0
5.0
EPSS
3.0%
CVE-2015-5302 MEDIUM This Month

libreport 2.0.7 before 2.6.3 only saves changes to the first file when editing a crash report, which allows remote attackers to obtain sensitive information via unspecified vectors related to the (1). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Libreport
NVD GitHub
CVSS 2.0
5.0
EPSS
0.6%
CVE-2015-4334 MEDIUM This Month

The default configuration of SGOS in Blue Coat ProxySG before 6.2.16.5, 6.5 before 6.5.7.1, and 6.6 before 6.6.2.1 forwards authentication challenges from upstream origin content servers (OCS) when. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Proxysg Firmware
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2015-5309 MEDIUM This Month

Integer overflow in the terminal emulator in PuTTY before 0.66 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an ECH (erase. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service RCE Buffer Overflow Leap Opensuse +1
NVD
CVSS 2.0
4.3
EPSS
1.7%
CVE-2015-5006 LOW Monitor

IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Java Java 2 Sdk Java Sdk +7
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-8482 LOW Monitor

Blue Coat Unified Agent before 4.6.2 does not prevent modification of its configuration files when running in local enforcement mode, which allows local administrators to unblock categories or. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Unified Agent
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy