Skip to main content
CVE-2015-8000 MEDIUM PATCH This Month

db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 67.1%.

Denial Of Service Linux Solaris Vm Server Bind
NVD
CVSS 2.0
5.0
EPSS
67.1%
CVE-2015-8357 MEDIUM POC This Month

Directory traversal vulnerability in the bitrix.xscan module before 1.0.4 for Bitrix allows remote authenticated users to rename arbitrary files, and consequently obtain sensitive information or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Denial Of Service PHP Xscan
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
4.8%
CVE-2015-8578 MEDIUM POC This Month

AVG Internet Security 2015 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses when protecting user-mode processes, which allows attackers to bypass the DEP and ASLR. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Internet Security
NVD
CVSS 2.0
6.4
EPSS
0.2%
CVE-2015-8579 MEDIUM POC This Month

Kaspersky Total Security 2015 15.0.2.361 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses when protecting user-mode processes, which allows attackers to bypass. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Total Security 2015
NVD
CVSS 2.0
6.4
EPSS
0.2%
CVE-2015-7214 MEDIUM This Month

Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.5% and no vendor patch available.

Mozilla Information Disclosure Leap Opensuse Firefox +1
NVD
CVSS 2.0
5.0
EPSS
15.5%
CVE-2015-7222 MEDIUM This Month

Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Firefox +3
NVD
CVSS 2.0
6.8
EPSS
3.4%
CVE-2015-7213 MEDIUM This Month

Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla RCE Buffer Overflow Leap Opensuse +2
NVD
CVSS 2.0
6.8
EPSS
2.4%
CVE-2015-7204 MEDIUM This Month

Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla RCE Leap Opensuse Fedora +1
NVD
CVSS 2.0
6.8
EPSS
1.7%
CVE-2015-7216 MEDIUM This Month

The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the JasPer decoder, which allows remote attackers to cause a denial of service or possibly. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Denial Of Service Fedora Firefox Leap +1
NVD
CVSS 2.0
6.8
EPSS
0.9%
CVE-2015-8580 MEDIUM This Month

Multiple use-after-free vulnerabilities in the (1) Print method and (2) App object handling in Foxit Reader before 7.2.2 and Foxit PhantomPDF before 7.2.2 allow remote attackers to execute arbitrary. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Foxit Reader Phantompdf
NVD
CVSS 2.0
6.8
EPSS
0.7%
CVE-2015-8563 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the com_templates component in Joomla!. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Joomla
NVD
CVSS 2.0
6.8
EPSS
0.0%
CVE-2015-7219 MEDIUM This Month

The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a malformed PushPromise. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Leap Opensuse Firefox +1
NVD
CVSS 2.0
5.0
EPSS
1.3%
CVE-2015-7218 MEDIUM This Month

The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a single-byte header. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Leap Opensuse Fedora +1
NVD
CVSS 2.0
5.0
EPSS
1.3%
CVE-2015-8476 MEDIUM PATCH This Month

Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF sequences in an (1) email address to the validateAddress function in. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

PHP Code Injection Debian Linux Phpmailer
NVD GitHub
CVSS 2.0
5.0
EPSS
0.9%
CVE-2015-7211 MEDIUM This Month

Mozilla Firefox before 43.0 mishandles the # (number sign) character in a data: URI, which allows remote attackers to spoof web sites via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Fedora Leap +1
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2015-7208 MEDIUM This Month

Mozilla Firefox before 43.0 stores cookies containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Fedora Leap +1
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2015-6425 MEDIUM This Month

The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Unified Communications Manager
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2015-7215 MEDIUM This Month

The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Fedora Leap Opensuse +1
NVD GitHub
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-7207 MEDIUM This Month

Mozilla Firefox before 43.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Leap Opensuse +1
NVD GitHub
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-7217 MEDIUM This Month

The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the TGA decoder, which allows remote attackers to cause a denial of service (heap-based buffer. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow Firefox Leap +2
NVD
CVSS 2.0
4.3
EPSS
1.3%
CVE-2015-7223 MEDIUM This Month

The WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and possibly obtain sensitive information or conduct cross-site scripting (XSS) attacks, via a crafted. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

XSS Mozilla Privilege Escalation Fedora Firefox +2
NVD
CVSS 2.0
4.0
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy