Skip to main content
CVE-2015-5287 MEDIUM POC THREAT This Month

The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable. Rated medium severity (CVSS 6.9). Public exploit code available and EPSS exploitation probability 12.9%.

Information Disclosure Automatic Bug Reporting Tool Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server +1
NVD GitHub Exploit-DB
CVSS 2.0
6.9
EPSS
12.9%
CVE-2015-1342 MEDIUM POC This Month

LXCFS before 0.12 does not properly enforce directory escapes, which might allow local users to gain privileges by (1) querying or (2) updating a cgroup. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ubuntu Linux Lxcfs
NVD GitHub
CVSS 2.0
4.6
EPSS
0.1%
CVE-2015-7348 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in zTree 3.5.19.1 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Ztree
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-8124 MEDIUM PATCH This Month

Session fixation vulnerability in the "Remember Me" login feature in Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 allows remote attackers to hijack web sessions via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Symfony
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2015-8131 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Elasticsearch Kibana before 4.1.3 and 4.2.x before 4.2.1 allows remote attackers to hijack the authentication of unspecified victims via unknown. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Elastic CSRF Kibana
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2015-8213 MEDIUM PATCH This Month

The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Python Information Disclosure Django
NVD GitHub
CVSS 2.0
5.0
EPSS
3.0%
CVE-2015-5302 MEDIUM This Month

libreport 2.0.7 before 2.6.3 only saves changes to the first file when editing a crash report, which allows remote attackers to obtain sensitive information via unspecified vectors related to the (1). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Libreport
NVD GitHub
CVSS 2.0
5.0
EPSS
0.6%
CVE-2015-4334 MEDIUM This Month

The default configuration of SGOS in Blue Coat ProxySG before 6.2.16.5, 6.5 before 6.5.7.1, and 6.6 before 6.6.2.1 forwards authentication challenges from upstream origin content servers (OCS) when. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Proxysg Firmware
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2015-5309 MEDIUM This Month

Integer overflow in the terminal emulator in PuTTY before 0.66 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an ECH (erase. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service RCE Buffer Overflow Leap Opensuse +1
NVD
CVSS 2.0
4.3
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy