Skip to main content

Solaris

485 CVEs product

Monthly

CVE-2015-4792 LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition,. Rated low severity (CVSS 1.7), this vulnerability is remotely exploitable.

Information Disclosure Oracle Leap Opensuse Enterprise Linux Desktop +12
NVD
CVSS 2.0
1.7
EPSS
0.9%
CVE-2015-2642 MEDIUM This Month

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Gzip. Rated medium severity (CVSS 4.4). No vendor patch available.

Information Disclosure Oracle Solaris
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2015-7236 HIGH This Week

Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Rpcbind Ubuntu Linux Debian Linux Solaris
NVD
CVSS 3.0
7.5
EPSS
4.3%
CVE-2015-4020 Ruby MEDIUM PATCH This Month

RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Solaris Rubygems
NVD GitHub
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-6249 MEDIUM This Month

The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.7 does not prevent the conflicting use of a table for both IPv4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Solaris Wireshark
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-6248 MEDIUM This Month

The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Linux Solaris Wireshark
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2015-6247 MEDIUM This Month

The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.c in the OpenFlow dissector in Wireshark 1.12.x before 1.12.7 does not validate a certain offset value, which allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Solaris Wireshark
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-6246 MEDIUM This Month

The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Linux Solaris Wireshark
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2015-6245 MEDIUM This Month

epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Wireshark Linux Solaris
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-6244 MEDIUM This Month

The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Wireshark Linux Solaris
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2015-6243 MEDIUM This Month

The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Linux Solaris Wireshark
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2015-6242 MEDIUM This Month

The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 does not properly consider a certain. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Solaris Wireshark
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-6241 MEDIUM This Month

The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Wireshark Solaris
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-5964 PyPI MEDIUM PATCH This Month

The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Python Django Ubuntu Linux Solaris
NVD
CVSS 2.0
5.0
EPSS
4.4%
CVE-2015-5963 PyPI MEDIUM PATCH This Month

contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Python Django Solaris Ubuntu Linux
NVD
CVSS 2.0
5.0
EPSS
5.2%
CVE-2015-3219 PyPI MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Debian Linux Horizon Solaris
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-4496 CRITICAL Act Now

Multiple integer overflows in libstagefright in Mozilla Firefox before 38.0 allow remote attackers to execute arbitrary code via crafted sample metadata in an MPEG-4 video file, a related issue to. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla RCE Solaris Firefox
NVD
CVSS 2.0
9.3
EPSS
1.5%
CVE-2015-4493 CRITICAL Act Now

Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Buffer Overflow RCE Solaris Firefox +2
NVD
CVSS 2.0
9.3
EPSS
7.3%
CVE-2015-4492 HIGH This Week

Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 might allow remote attackers to execute arbitrary code via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla RCE Solaris Firefox Ubuntu Linux +1
NVD
CVSS 2.0
7.5
EPSS
2.3%
CVE-2015-4491 MEDIUM This Month

Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Mozilla Google Buffer Overflow RCE +6
NVD
CVSS 2.0
6.8
EPSS
4.3%
CVE-2015-4490 MEDIUM This Month

The nsCSPHostSrc::permits function in dom/security/nsCSPUtils.cpp in Mozilla Firefox before 40.0 does not implement the Content Security Policy Level 2 exceptions for the blob, data, and filesystem. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Mozilla Firefox Ubuntu Linux Opensuse +1
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-4489 HIGH This Week

The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow Solaris Firefox +3
NVD
CVSS 2.0
7.5
EPSS
2.2%
CVE-2015-4488 HIGH This Week

Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 allows remote attackers to have an unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Solaris Ubuntu Linux Opensuse +2
NVD
CVSS 2.0
7.5
EPSS
1.9%
CVE-2015-4487 HIGH This Week

The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow Firefox Firefox Os +3
NVD
CVSS 2.0
7.5
EPSS
2.7%
CVE-2015-4486 CRITICAL Act Now

The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow RCE Ubuntu Linux +3
NVD
CVSS 2.0
10.0
EPSS
1.7%
CVE-2015-4485 CRITICAL Act Now

Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow RCE Firefox Ubuntu Linux +2
NVD
CVSS 2.0
10.0
EPSS
7.6%
CVE-2015-4484 MEDIUM This Month

The js::jit::AssemblerX86Shared::lock_addl function in the JavaScript implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow Ubuntu Linux Opensuse +2
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2015-4483 MEDIUM This Month

Mozilla Firefox before 40.0 allows man-in-the-middle attackers to bypass a mixed-content protection mechanism via a feed: URL in a POST request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Privilege Escalation Solaris Firefox Opensuse
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-4482 MEDIUM This Month

mar_read.c in the Updater in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows local users to gain privileges or cause a denial of service (out-of-bounds write) via a crafted name. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow Opensuse Firefox +1
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2015-4481 LOW POC Monitor

Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain. Rated low severity (CVSS 3.3). Public exploit code available and no vendor patch available.

Race Condition Mozilla Information Disclosure Microsoft Firefox +2
NVD Exploit-DB
CVSS 2.0
3.3
EPSS
0.2%
CVE-2015-1819 Ruby MEDIUM PATCH This Month

The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Debian Linux Ubuntu Linux Enterprise Linux Libxml +8
NVD
CVSS 2.0
5.0
EPSS
1.9%
CVE-2015-1283 MEDIUM This Month

Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Integer Overflow Denial Of Service Google Buffer Overflow Chrome +12
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2015-1270 MEDIUM This Month

The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before 44.0.2403.89, mishandles converter names with initial x-. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Chrome Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +5
NVD
CVSS 2.0
6.8
EPSS
1.2%
CVE-2015-4651 MEDIUM This Month

The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.6 does not properly determine whether enough memory is available. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Wireshark Debian Linux Solaris
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2015-0253 MEDIUM This Month

The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.6% and no vendor patch available.

Denial Of Service Apache Http Server Mac Os X Mac Os X Server +3
NVD GitHub
CVSS 2.0
5.0
EPSS
10.6%
CVE-2015-4770 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to UNIX filesystem. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity.

Information Disclosure Oracle Solaris
NVD
CVSS 2.0
4.9
EPSS
0.3%
CVE-2015-4752 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL Solaris Debian Linux +9
NVD
CVSS 2.0
4.0
EPSS
0.6%
CVE-2015-4737 LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect confidentiality via unknown vectors related to Server :. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Information Disclosure Oracle Solaris MySQL Ubuntu Linux +1
NVD
CVSS 2.0
3.5
EPSS
0.4%
CVE-2015-2662 LOW PATCH Monitor

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to DHCP Server. Rated low severity (CVSS 1.9).

Information Disclosure Oracle Solaris
NVD
CVSS 2.0
1.9
EPSS
0.2%
CVE-2015-2651 LOW PATCH Monitor

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to Kernel Zones virtualized NIC driver. Rated low severity (CVSS 3.8).

Information Disclosure Oracle Solaris
NVD
CVSS 2.0
3.8
EPSS
0.2%
CVE-2015-2648 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL Solaris Ubuntu Linux +9
NVD
CVSS 2.0
4.0
EPSS
0.6%
CVE-2015-2643 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Solaris MySQL MariaDB +9
NVD
CVSS 2.0
4.0
EPSS
0.6%
CVE-2015-2631 HIGH PATCH This Week

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to rmformat. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Information Disclosure Oracle Solaris
NVD
CVSS 2.0
7.2
EPSS
0.5%
CVE-2015-2620 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle Ubuntu Linux Debian Linux Solaris +3
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2015-2614 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to NVM Express SSD driver. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity.

Information Disclosure Oracle Solaris
NVD
CVSS 2.0
4.9
EPSS
0.3%
CVE-2015-2609 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to CPU performance counters drivers. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity.

Information Disclosure Oracle Solaris
NVD
CVSS 2.0
4.9
EPSS
0.3%
CVE-2015-2589 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to S10 Branded Zone. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity.

Information Disclosure Oracle Solaris
NVD
CVSS 2.0
4.9
EPSS
0.3%
CVE-2015-2582 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Solaris Ubuntu Linux Debian Linux +8
NVD
CVSS 2.0
4.0
EPSS
0.8%
CVE-2015-2580 LOW PATCH Monitor

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to NFSv4. Rated low severity (CVSS 1.9).

Information Disclosure Oracle Solaris
NVD
CVSS 2.0
1.9
EPSS
0.2%
CVE-2015-5144 PyPI MEDIUM PATCH This Month

Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Python Code Injection Ubuntu Linux Django Debian Linux +1
NVD
CVSS 2.0
4.3
EPSS
2.2%
CVE-2015-5143 PyPI HIGH PATCH Act Now

The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.8%.

Denial Of Service Python Django Debian Linux Solaris +1
NVD
CVSS 2.0
7.8
EPSS
15.8%
CVE-2015-2743 HIGH This Week

PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla RCE Firefox Firefox Esr Solaris +3
NVD
CVSS 2.0
7.5
EPSS
1.1%
CVE-2015-2742 MEDIUM This Month

Mozilla Firefox before 39.0 on OS X includes native key press information during the logging of crashes, which allows remote attackers to obtain sensitive information by leveraging access to a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Solaris Firefox
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-2741 MEDIUM This Month

Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 do not enforce key pinning upon encountering an X.509 certificate problem that generates a user dialog, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Authentication Bypass Firefox Solaris Firefox Esr
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-2740 CRITICAL Act Now

Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow Thunderbird Firefox +7
NVD
CVSS 2.0
10.0
EPSS
3.5%
CVE-2015-2739 CRITICAL Act Now

The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which has. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Firefox Suse Linux Enterprise Software Development Kit Ubuntu Linux +6
NVD
CVSS 2.0
10.0
EPSS
1.1%
CVE-2015-2738 CRITICAL Act Now

The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Ubuntu Linux Linux Enterprise Desktop Linux Enterprise Server +7
NVD
CVSS 2.0
10.0
EPSS
1.3%
CVE-2015-2737 CRITICAL Act Now

The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Ubuntu Linux +7
NVD
CVSS 2.0
10.0
EPSS
1.3%
CVE-2015-2736 CRITICAL Act Now

The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Firefox Thunderbird Firefox Esr +6
NVD
CVSS 2.0
9.3
EPSS
1.2%
CVE-2015-2735 CRITICAL Act Now

nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird +6
NVD
CVSS 2.0
9.3
EPSS
1.2%
CVE-2015-2734 CRITICAL Act Now

The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Linux Enterprise Desktop Linux Enterprise Server Linux Enterprise Software Development Kit +7
NVD
CVSS 2.0
10.0
EPSS
1.3%
CVE-2015-2733 CRITICAL Act Now

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla RCE Firefox Solaris Firefox Esr +2
NVD
CVSS 2.0
10.0
EPSS
2.7%
CVE-2015-2731 CRITICAL Act Now

Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla RCE Firefox Thunderbird Solaris +1
NVD
CVSS 2.0
10.0
EPSS
0.9%
CVE-2015-2730 MEDIUM This Month

Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Suse Linux Enterprise Software Development Kit Debian Linux Suse Linux Enterprise Desktop +4
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-2729 MEDIUM This Month

The AudioParamTimeline::AudioNodeInputValue function in the Web Audio implementation in Mozilla Firefox before 39.0 and Firefox ESR 38.x before 38.1 does not properly calculate an oscillator. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow Firefox Firefox Esr +2
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-2728 HIGH This Week

The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Suse Linux Enterprise Desktop +4
NVD
CVSS 2.0
7.5
EPSS
1.1%
CVE-2015-2726 CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow RCE Solaris +4
NVD
CVSS 2.0
10.0
EPSS
1.3%
CVE-2015-2725 CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow RCE Suse Linux Enterprise Software Development Kit +6
NVD
CVSS 2.0
10.0
EPSS
1.6%
CVE-2015-2724 CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow RCE Solaris +8
NVD
CVSS 2.0
10.0
EPSS
0.9%
CVE-2015-2722 CRITICAL Act Now

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla RCE Solaris Firefox Firefox Esr +3
NVD
CVSS 2.0
10.0
EPSS
2.3%
CVE-2015-2721 MEDIUM POC This Month

Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Suse Linux Enterprise Software Development Kit Ubuntu Linux Debian Linux +5
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-3900 Ruby MEDIUM PATCH This Month

RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Ruby Rubygems Solaris Enterprise Linux
NVD
CVSS 2.0
5.0
EPSS
2.4%
CVE-2015-4024 MEDIUM POC PATCH THREAT This Month

Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 75.5%.

Denial Of Service PHP Enterprise Linux Mac Os X System Management Homepage +8
NVD
CVSS 2.0
5.0
EPSS
75.5%
Threat
4.8
CVE-2015-3330 MEDIUM POC PATCH THREAT This Month

The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 39.0%.

RCE PHP Denial Of Service Apache Linux +9
NVD
CVSS 2.0
6.8
EPSS
39.0%
Threat
4.0
CVE-2015-3329 HIGH POC PATCH THREAT Act Now

Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 28.8%.

RCE PHP Buffer Overflow Mac Os X Enterprise Linux Desktop +8
NVD
CVSS 2.0
7.5
EPSS
28.8%
CVE-2015-3200 HIGH POC THREAT Act Now

mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.0%.

Code Injection Lighttpd Virtual Customer Access System Solaris
NVD
CVSS 3.0
7.5
EPSS
20.0%
CVE-2015-2922 LOW POC Monitor

The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Linux Linux Kernel Fedora Solaris +2
NVD GitHub
CVSS 2.0
3.3
EPSS
1.7%
CVE-2015-3814 MEDIUM This Month

The (1) dissect_tfs_request and (2) dissect_tfs_response functions in epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Solaris Wireshark
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-3812 HIGH PATCH This Week

Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packet-x11.c in the X11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 allow remote attackers to. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Linux Solaris Wireshark
NVD
CVSS 2.0
7.8
EPSS
0.6%
CVE-2015-3811 MEDIUM This Month

epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Solaris Linux Wireshark
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-3988 LOW Monitor

Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Horizon Solaris
NVD
CVSS 2.0
3.5
EPSS
0.4%
CVE-2015-3455 LOW Monitor

Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Linux Solaris Squid Fedora
NVD
CVSS 2.0
2.6
EPSS
6.5%
CVE-2015-2716 HIGH This Week

Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow RCE Firefox Suse Linux Enterprise Software Development Kit +6
NVD
CVSS 2.0
7.5
EPSS
5.6%
CVE-2015-3646 PyPI MEDIUM PATCH This Month

OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Keystone Solaris
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2015-3294 MEDIUM POC This Month

The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Dnsmasq Solaris
NVD
CVSS 2.0
6.4
EPSS
0.2%
CVE-2015-3145 HIGH Act Now

The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 63.7% and no vendor patch available.

Denial Of Service Buffer Overflow Fedora Ubuntu Linux Debian Linux +6
NVD
CVSS 2.0
7.5
EPSS
63.7%
CVE-2015-2578 HIGH PATCH This Week

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows remote attackers to affect availability via vectors related to Kernel IDMap. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable.

Information Disclosure Oracle Solaris
NVD
CVSS 2.0
7.1
EPSS
1.4%
CVE-2015-2577 HIGH PATCH This Week

Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Accounting commands. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Information Disclosure Oracle Solaris
NVD
CVSS 2.0
7.2
EPSS
0.2%
CVE-2015-2574 LOW PATCH Monitor

Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality via unknown vectors related to Text Utilities. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Information Disclosure Oracle Solaris
NVD
CVSS 2.0
2.1
EPSS
0.2%
CVE-2015-2573 MEDIUM This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Solaris MySQL MariaDB +11
NVD
CVSS 2.0
4.0
EPSS
0.4%
EPSS 1% CVSS 1.7
LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition,. Rated low severity (CVSS 1.7), this vulnerability is remotely exploitable.

Information Disclosure Oracle Leap +14
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Gzip. Rated medium severity (CVSS 4.4). No vendor patch available.

Information Disclosure Oracle Solaris
NVD
EPSS 4% CVSS 7.5
HIGH This Week

Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Rpcbind Ubuntu Linux +2
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Solaris Rubygems
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM This Month

The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.7 does not prevent the conflicting use of a table for both IPv4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Solaris Wireshark
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Linux Solaris +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.c in the OpenFlow dissector in Wireshark 1.12.x before 1.12.7 does not validate a certain offset value, which allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Solaris Wireshark
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Linux Solaris +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Wireshark Linux +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Wireshark Linux +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Linux Solaris +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 does not properly consider a certain. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Solaris Wireshark
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Wireshark Solaris
NVD
EPSS 4% CVSS 5.0
MEDIUM PATCH This Month

The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Python Django +2
NVD
EPSS 5% CVSS 5.0
MEDIUM PATCH This Month

contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Python Django +2
NVD
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Debian Linux Horizon +1
NVD
EPSS 2% CVSS 9.3
CRITICAL Act Now

Multiple integer overflows in libstagefright in Mozilla Firefox before 38.0 allow remote attackers to execute arbitrary code via crafted sample metadata in an MPEG-4 video file, a related issue to. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla RCE Solaris +1
NVD
EPSS 7% CVSS 9.3
CRITICAL Act Now

Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Buffer Overflow RCE +4
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 might allow remote attackers to execute arbitrary code via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla RCE Solaris +3
NVD
EPSS 4% CVSS 6.8
MEDIUM This Month

Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Mozilla Google +8
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The nsCSPHostSrc::permits function in dom/security/nsCSPUtils.cpp in Mozilla Firefox before 40.0 does not implement the Content Security Policy Level 2 exceptions for the blob, data, and filesystem. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Mozilla Firefox +3
NVD
EPSS 2% CVSS 7.5
HIGH This Week

The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow +5
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 allows remote attackers to have an unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Solaris +4
NVD
EPSS 3% CVSS 7.5
HIGH This Week

The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow +5
NVD
EPSS 2% CVSS 10.0
CRITICAL Act Now

The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow +5
NVD
EPSS 8% CVSS 10.0
CRITICAL Act Now

Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow RCE +4
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The js::jit::AssemblerX86Shared::lock_addl function in the JavaScript implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow +4
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Mozilla Firefox before 40.0 allows man-in-the-middle attackers to bypass a mixed-content protection mechanism via a feed: URL in a POST request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Privilege Escalation Solaris +2
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

mar_read.c in the Updater in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows local users to gain privileges or cause a denial of service (out-of-bounds write) via a crafted name. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow +3
NVD
EPSS 0% CVSS 3.3
LOW POC Monitor

Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain. Rated low severity (CVSS 3.3). Public exploit code available and no vendor patch available.

Race Condition Mozilla Information Disclosure +4
NVD Exploit-DB
EPSS 2% CVSS 5.0
MEDIUM PATCH This Month

The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Debian Linux Ubuntu Linux +10
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Integer Overflow Denial Of Service Google +14
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before 44.0.2403.89, mishandles converter names with initial x-. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Chrome +7
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.6 does not properly determine whether enough memory is available. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Wireshark Debian Linux +1
NVD
EPSS 11% CVSS 5.0
MEDIUM This Month

The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.6% and no vendor patch available.

Denial Of Service Apache Http Server +5
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to UNIX filesystem. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity.

Information Disclosure Oracle Solaris
NVD
EPSS 1% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL +11
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect confidentiality via unknown vectors related to Server :. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Information Disclosure Oracle Solaris +3
NVD
EPSS 0% CVSS 1.9
LOW PATCH Monitor

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to DHCP Server. Rated low severity (CVSS 1.9).

Information Disclosure Oracle Solaris
NVD
EPSS 0% CVSS 3.8
LOW PATCH Monitor

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to Kernel Zones virtualized NIC driver. Rated low severity (CVSS 3.8).

Information Disclosure Oracle Solaris
NVD
EPSS 1% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL +11
NVD
EPSS 1% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Solaris +11
NVD
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to rmformat. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Information Disclosure Oracle Solaris
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle Ubuntu Linux +5
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to NVM Express SSD driver. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity.

Information Disclosure Oracle Solaris
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to CPU performance counters drivers. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity.

Information Disclosure Oracle Solaris
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to S10 Branded Zone. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity.

Information Disclosure Oracle Solaris
NVD
EPSS 1% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Solaris +10
NVD
EPSS 0% CVSS 1.9
LOW PATCH Monitor

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to NFSv4. Rated low severity (CVSS 1.9).

Information Disclosure Oracle Solaris
NVD
EPSS 2% CVSS 4.3
MEDIUM PATCH This Month

Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Python Code Injection Ubuntu Linux +3
NVD
EPSS 16% CVSS 7.8
HIGH PATCH Act Now

The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.8%.

Denial Of Service Python Django +3
NVD
EPSS 1% CVSS 7.5
HIGH This Week

PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla RCE Firefox +5
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Mozilla Firefox before 39.0 on OS X includes native key press information during the logging of crashes, which allows remote attackers to obtain sensitive information by leveraging access to a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Solaris +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 do not enforce key pinning upon encountering an X.509 certificate problem that generates a user dialog, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Authentication Bypass Firefox +2
NVD
EPSS 3% CVSS 10.0
CRITICAL Act Now

Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow +9
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which has. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Firefox +8
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Ubuntu Linux +9
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox +9
NVD
EPSS 1% CVSS 9.3
CRITICAL Act Now

The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Firefox +8
NVD
EPSS 1% CVSS 9.3
CRITICAL Act Now

nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Firefox +8
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Linux Enterprise Desktop +9
NVD
EPSS 3% CVSS 10.0
CRITICAL Act Now

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla RCE Firefox +4
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla RCE Firefox +3
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Suse Linux Enterprise Software Development Kit +6
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The AudioParamTimeline::AudioNodeInputValue function in the Web Audio implementation in Mozilla Firefox before 39.0 and Firefox ESR 38.x before 38.1 does not properly calculate an oscillator. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow +4
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE +6
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow +6
NVD
EPSS 2% CVSS 10.0
CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow +8
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow +10
NVD
EPSS 2% CVSS 10.0
CRITICAL Act Now

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla RCE Solaris +5
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Suse Linux Enterprise Software Development Kit +7
NVD
EPSS 2% CVSS 5.0
MEDIUM PATCH This Month

RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Ruby Rubygems +2
NVD
EPSS 76% 4.8 CVSS 5.0
MEDIUM POC PATCH THREAT This Month

Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 75.5%.

Denial Of Service PHP Enterprise Linux +10
NVD
EPSS 39% 4.0 CVSS 6.8
MEDIUM POC PATCH THREAT This Month

The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 39.0%.

RCE PHP Denial Of Service +11
NVD
EPSS 29% CVSS 7.5
HIGH POC PATCH THREAT Act Now

Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 28.8%.

RCE PHP Buffer Overflow +10
NVD
EPSS 20% CVSS 7.5
HIGH POC THREAT Act Now

mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.0%.

Code Injection Lighttpd Virtual Customer Access System +1
NVD
EPSS 2% CVSS 3.3
LOW POC Monitor

The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Linux Linux Kernel +4
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM This Month

The (1) dissect_tfs_request and (2) dissect_tfs_response functions in epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Solaris Wireshark
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packet-x11.c in the X11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 allow remote attackers to. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Linux Solaris +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Solaris Linux +1
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Horizon Solaris
NVD
EPSS 6% CVSS 2.6
LOW Monitor

Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Linux Solaris +2
NVD
EPSS 6% CVSS 7.5
HIGH This Week

Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow RCE +8
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Keystone Solaris
NVD
EPSS 0% CVSS 6.4
MEDIUM POC This Month

The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Dnsmasq +1
NVD
EPSS 64% CVSS 7.5
HIGH Act Now

The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 63.7% and no vendor patch available.

Denial Of Service Buffer Overflow Fedora +8
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows remote attackers to affect availability via vectors related to Kernel IDMap. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable.

Information Disclosure Oracle Solaris
NVD
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Accounting commands. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Information Disclosure Oracle Solaris
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality via unknown vectors related to Text Utilities. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Information Disclosure Oracle Solaris
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Solaris +13
NVD
Prev Page 4 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy