Latest CVE Feed
-
4.3
MEDIUMCVE-2015-4029
Cross-site scripting (XSS) vulnerability in the WebGUI in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the zone parameter in a del action to services_captiveportal_zones.php.... Read more
- EPSS Score: %1.30
- Published: Aug. 18, 2015
- Modified: Apr. 12, 2025
-
6.0
MEDIUMCVE-2015-6254
The (1) Service Provider (SP) and (2) Identity Provider (IdP) in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location from which the message was received, which allows remote... Read more
Affected Products : picketlink- EPSS Score: %0.70
- Published: Aug. 17, 2015
- Modified: Apr. 12, 2025
-
6.0
MEDIUMCVE-2015-0277
The Service Provider (SP) in PicketLink before 2.7.0 does not ensure that it is a member of an Audience element when an AudienceRestriction is specified, which allows remote attackers to log in to other users' accounts via a crafted SAML assertion. NOTE:... Read more
Affected Products : picketlink- EPSS Score: %0.64
- Published: Aug. 17, 2015
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-5531
Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.... Read more
Affected Products : elasticsearch- EPSS Score: %84.22
- Published: Aug. 17, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2014-9743
Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the path info.... Read more
Affected Products : vlc_media_player- EPSS Score: %0.26
- Published: Aug. 17, 2015
- Modified: Apr. 12, 2025
-
9.3
HIGHCVE-2015-5784
runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged context via a crafted app.... Read more
- EPSS Score: %28.24
- Published: Aug. 17, 2015
- Modified: Apr. 12, 2025
-
9.3
HIGHCVE-2015-5783
IOGraphics in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-3770.... Read more
- EPSS Score: %0.83
- Published: Aug. 17, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-5782
ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.... Read more
- EPSS Score: %0.65
- Published: Aug. 17, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-5781
ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted PNG image.... Read more
- EPSS Score: %0.65
- Published: Aug. 17, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-5779
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-378... Read more
- EPSS Score: %2.68
- Published: Aug. 17, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2015-5778
CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015... Read more
- EPSS Score: %1.87
- Published: Aug. 17, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2015-5777
CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015... Read more
- EPSS Score: %1.87
- Published: Aug. 17, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-5776
Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by leveraging use of an AF_INET6 socket.... Read more
- EPSS Score: %3.02
- Published: Aug. 17, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-5775
FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and... Read more
- EPSS Score: %1.99
- Published: Aug. 17, 2015
- Modified: Apr. 12, 2025
-
7.2
HIGHCVE-2015-5774
Buffer overflow in IOHIDFamily in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges via unspecified vectors.... Read more
- EPSS Score: %0.09
- Published: Aug. 17, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2015-5773
QL Office in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted office document.... Read more
- EPSS Score: %2.51
- Published: Aug. 17, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2015-5772
Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code via a crafted Collada file.... Read more
- EPSS Score: %2.53
- Published: Aug. 17, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2015-5771
Quartz Composer Framework in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted QuickTime file.... Read more
- EPSS Score: %2.02
- Published: Aug. 17, 2015
- Modified: Apr. 12, 2025
-
5.8
MEDIUMCVE-2015-5770
MobileInstallation in Apple iOS before 8.4.1 does not ensure the uniqueness of universal provisioning profile bundle IDs, which allows attackers to replace arbitrary extensions via a crafted enterprise app.... Read more
Affected Products : iphone_os- EPSS Score: %0.36
- Published: Aug. 17, 2015
- Modified: Apr. 12, 2025
-
7.1
HIGHCVE-2015-5769
The MSVDX driver in Apple iOS before 8.4.1 allows remote attackers to cause a denial of service (device crash) via a crafted video.... Read more
Affected Products : iphone_os- EPSS Score: %0.83
- Published: Aug. 17, 2015
- Modified: Apr. 12, 2025