Latest CVE Feed
-
7.5
HIGHCVE-2015-8125
Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 might allow remote attackers to have unspecified impact via a timing attack involving the (1) Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices or (2)... Read more
Affected Products : symfony- EPSS Score: %1.01
- Published: Dec. 07, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2015-8124
Session fixation vulnerability in the "Remember Me" login feature in Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 allows remote attackers to hijack web sessions via a session id.... Read more
Affected Products : symfony- EPSS Score: %0.25
- Published: Dec. 07, 2015
- Modified: Apr. 12, 2025
-
7.1
HIGHCVE-2015-8084
Huawei USG5500, USG2100, USG2200, and USG5100 unified security gateways with software before V300R001C10SPC600, when "DHCP Snooping" is enabled and either "option82 insert" or "option82 rebuild" is enabled on an interface, allow remote attackers to cause ... Read more
- EPSS Score: %0.36
- Published: Dec. 07, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-7348
Cross-site scripting (XSS) vulnerability in zTree 3.5.19.1 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter to demo/en/asyncData/getNodesForBigData.php.... Read more
Affected Products : ztree- EPSS Score: %0.30
- Published: Dec. 07, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-5309
Integer overflow in the terminal emulator in PuTTY before 0.66 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an ECH (erase characters) escape sequence with a large parameter value, which tr... Read more
- EPSS Score: %1.74
- Published: Dec. 07, 2015
- Modified: Apr. 12, 2025
-
2.1
LOWCVE-2015-5006
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerber... Read more
- EPSS Score: %0.07
- Published: Dec. 07, 2015
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-4334
The default configuration of SGOS in Blue Coat ProxySG before 6.2.16.5, 6.5 before 6.5.7.1, and 6.6 before 6.6.2.1 forwards authentication challenges from upstream origin content servers (OCS) when used in an explicit proxy deployment, which makes it easi... Read more
- EPSS Score: %0.58
- Published: Dec. 07, 2015
- Modified: Apr. 12, 2025
-
9.0
HIGHCVE-2015-3628
The iControl API in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP AAM 11.4.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager big-ip_policy_enforcement_manager big-ip_edge_gateway +8 more products- EPSS Score: %76.24
- Published: Dec. 07, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-3276
The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impa... Read more
- EPSS Score: %1.76
- Published: Dec. 07, 2015
- Modified: Apr. 12, 2025
-
7.2
HIGHCVE-2015-1344
The do_write_pids function in lxcfs.c in LXCFS before 0.12 does not properly check permissions, which allows local users to gain privileges by writing a pid to the tasks file.... Read more
- EPSS Score: %0.04
- Published: Dec. 07, 2015
- Modified: Apr. 12, 2025
-
4.6
MEDIUMCVE-2015-1342
LXCFS before 0.12 does not properly enforce directory escapes, which might allow local users to gain privileges by (1) querying or (2) updating a cgroup.... Read more
- EPSS Score: %0.06
- Published: Dec. 07, 2015
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-5302
libreport 2.0.7 before 2.6.3 only saves changes to the first file when editing a crash report, which allows remote attackers to obtain sensitive information via unspecified vectors related to the (1) backtrace, (2) cmdline, (3) environ, (4) open_fds, (5) ... Read more
Affected Products : libreport- EPSS Score: %0.61
- Published: Dec. 07, 2015
- Modified: Apr. 12, 2025
-
6.9
MEDIUMCVE-2015-5287
The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump o... Read more
- EPSS Score: %12.90
- Published: Dec. 07, 2015
- Modified: Apr. 12, 2025
-
3.6
LOWCVE-2015-5273
The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /va... Read more
- EPSS Score: %0.33
- Published: Dec. 07, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-3196
ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race ... Read more
- EPSS Score: %5.68
- Published: Dec. 06, 2015
- Modified: Apr. 12, 2025
-
5.3
MEDIUMCVE-2015-3195
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain ... Read more
- EPSS Score: %2.22
- Published: Dec. 06, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-3194
crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parame... Read more
- EPSS Score: %64.37
- Published: Dec. 06, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-3193
The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote... Read more
- EPSS Score: %23.41
- Published: Dec. 06, 2015
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-1794
The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service (segmentation fault) via a zero p value in an anonymous Diffie-Hellman (DH) ServerKeyExchange message.... Read more
Affected Products : openssl- EPSS Score: %3.13
- Published: Dec. 06, 2015
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2015-8480
The VideoFramePool::PoolImpl::CreateFrame function in media/base/video_frame_pool.cc in Google Chrome before 47.0.2526.73 does not initialize memory for a video-frame data structure, which might allow remote attackers to cause a denial of service (out-of-... Read more
Affected Products : chrome- EPSS Score: %0.79
- Published: Dec. 06, 2015
- Modified: Apr. 12, 2025