Skip to main content
CVE-2015-8368 MEDIUM POC This Month

ntopng (aka ntop) before 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/password_reset.lua. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Ntopng
NVD Exploit-DB
CVSS 2.0
6.0
EPSS
3.0%
CVE-2015-8601 MEDIUM PATCH This Month

The Chat Room module 7.x-2.x before 7.x-2.2 for Drupal does not properly check permissions when setting up a websocket for chat messages, which allows remote attackers to bypass intended access. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Chat Room
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2015-8339 MEDIUM PATCH This Month

The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host. Rated medium severity (CVSS 4.7).

Denial Of Service Xen
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2015-8340 MEDIUM PATCH This Month

The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host. Rated medium severity (CVSS 4.7).

Denial Of Service Xen
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2015-5204 MEDIUM This Month

CRLF injection vulnerability in the Apache Cordova File Transfer Plugin (cordova-plugin-file-transfer) for Android before 1.3.0 allows remote attackers to inject arbitrary headers via CRLF sequences. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Google Code Injection Apache Cordova File Transfer
NVD
CVSS 2.0
4.3
EPSS
1.0%
CVE-2015-7518 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in information popups in Foreman before 1.10.0 allow remote attackers to inject arbitrary web script or HTML via (1) global parameters, (2) smart. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Foreman
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy