Latest CVE Feed
-
4.3
MEDIUMCVE-2015-6384
The Cisco WebEx Meetings application before 8.5.1 for Android improperly initializes custom application permissions, which allows attackers to bypass intended access restrictions via a crafted application, aka Bug ID CSCuw86442.... Read more
Affected Products : webex_meetings- EPSS Score: %0.24
- Published: Dec. 05, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-8078
Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable. NOTE: this vulnerabil... Read more
- EPSS Score: %0.81
- Published: Dec. 03, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-8077
Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the start_octet variable. NOTE: this vulnerability... Read more
- EPSS Score: %3.43
- Published: Dec. 03, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-8076
The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, ... Read more
- EPSS Score: %2.63
- Published: Dec. 03, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-5245
CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name.... Read more
- EPSS Score: %0.36
- Published: Dec. 03, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-0860
Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-s... Read more
- EPSS Score: %3.99
- Published: Dec. 03, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-0859
The Debian build procedure for the smokeping package in wheezy before 2.6.8-2+deb7u1 and jessie before 2.6.9-1+deb8u1 does not properly configure the way Apache httpd passes arguments to smokeping_cgi, which allows remote attackers to execute arbitrary co... Read more
Affected Products : debian_linux- EPSS Score: %1.32
- Published: Dec. 03, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-6390
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unity Connection 9.1(1.10) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCup92741.... Read more
Affected Products : unity_connection- EPSS Score: %0.40
- Published: Dec. 03, 2015
- Modified: Apr. 12, 2025
-
7.2
HIGHCVE-2015-6383
Cisco IOS XE 15.4(3)S on ASR 1000 devices improperly loads software packages, which allows local users to bypass license restrictions and obtain certain root privileges by using the CLI to enter crafted filenames, aka Bug ID CSCuv93130.... Read more
- EPSS Score: %0.09
- Published: Dec. 03, 2015
- Modified: Apr. 12, 2025
-
9.3
HIGHCVE-2015-8024
McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) 9.3.x before 9.3.2MR19, 9.4.x before 9.4.2MR9, and 9.5.x before 9.5.0MR8, when configured to use Active Directory ... Read more
Affected Products : mcafee_enterprise_security_manager- EPSS Score: %1.45
- Published: Dec. 02, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-8395
PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, ... Read more
- EPSS Score: %3.88
- Published: Dec. 02, 2015
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2015-8394
PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaS... Read more
- EPSS Score: %3.91
- Published: Dec. 02, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-8393
pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.... Read more
- EPSS Score: %0.36
- Published: Dec. 02, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-8392
PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demons... Read more
- EPSS Score: %7.86
- Published: Dec. 02, 2015
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2015-8391
The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demo... Read more
- EPSS Score: %10.02
- Published: Dec. 02, 2015
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2015-8390
PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated b... Read more
- EPSS Score: %4.42
- Published: Dec. 02, 2015
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2015-8389
PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a ... Read more
- EPSS Score: %1.71
- Published: Dec. 02, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-8388
PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a cra... Read more
- EPSS Score: %7.46
- Published: Dec. 02, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-8387
PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by ... Read more
- EPSS Score: %2.30
- Published: Dec. 02, 2015
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2015-8386
PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expressio... Read more
- EPSS Score: %7.32
- Published: Dec. 02, 2015
- Modified: Apr. 12, 2025