Latest CVE Feed
-
4.3
MEDIUMCVE-2015-2976
Multiple cross-site scripting (XSS) vulnerabilities in Research Artisan Lite before 1.18 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted HTML document or (2) a crafted URL that is mishandled during access-log analysis.... Read more
Affected Products : research_artisan_lite- EPSS Score: %0.32
- Published: Jul. 25, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-2973
Multiple cross-site scripting (XSS) vulnerabilities in the Welcart plugin before 1.4.18 for WordPress allow remote attackers to inject arbitrary web script or HTML via the usces_referer parameter to (1) classes/usceshop.class.php, (2) includes/edit-form-a... Read more
- EPSS Score: %0.44
- Published: Jul. 24, 2015
- Modified: Apr. 12, 2025
-
7.1
HIGHCVE-2015-0681
The TFTP server in Cisco IOS 12.2(44)SQ1, 12.2(33)XN1, 12.4(25e)JAM1, 12.4(25e)JAO5m, 12.4(23)JY, 15.0(2)ED1, 15.0(2)EY3, 15.1(3)SVF4a, and 15.2(2)JB1 and IOS XE 2.5.x, 2.6.x, 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, and 3.5.xS before 3.6.0S; 3.1.xSG, 3.2.xSG, and... Read more
- EPSS Score: %0.56
- Published: Jul. 24, 2015
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2015-4262
The password-change feature in Cisco Unified MeetingPlace Web Conferencing before 8.5(5) MR3 and 8.6 before 8.6(2) does not check the session ID or require entry of the current password, which allows remote attackers to reset arbitrary passwords via a cra... Read more
Affected Products : unified_meetingplace_web_conferencing- EPSS Score: %0.37
- Published: Jul. 24, 2015
- Modified: Apr. 12, 2025
-
9.0
HIGHCVE-2015-4235
Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3o) and 1.1 before 1.1(1j) and Nexus 9000 ACI devices with software before 11.0(4o) and 11.1 before 11.1(1j) do not properly restrict access to the APIC filesystem,... Read more
- EPSS Score: %0.52
- Published: Jul. 24, 2015
- Modified: Apr. 12, 2025
-
7.8
HIGHCVE-2015-4527
Directory traversal vulnerability in EMC Avamar Server 7.x before 7.1.2 and Avamar Virtual Addition (AVE) 7.x before 7.1.2 allows remote attackers to read arbitrary files by using the Avamar Desktop/Laptop client interface to send crafted parameters.... Read more
- EPSS Score: %0.57
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-4285
The Local Packet Transport Services (LPTS) implementation in Cisco IOS XR 5.1.2, 5.1.3, 5.2.1, and 5.2.2 on ASR9k devices makes incorrect decisions about the opening of TCP and UDP ports during the processing of flow base entries, which allows remote atta... Read more
Affected Products : ios_xr- EPSS Score: %0.47
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-5605
The regular-expression implementation in Google V8, as used in Google Chrome before 44.0.2403.89, mishandles interrupts, which allows remote attackers to cause a denial of service (application crash) via crafted JavaScript code, as demonstrated by an erro... Read more
- EPSS Score: %1.48
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-1289
Multiple unspecified vulnerabilities in Google Chrome before 44.0.2403.89 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.... Read more
- EPSS Score: %1.47
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2015-1288
The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified oth... Read more
- EPSS Score: %0.85
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-1287
Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Ori... Read more
- EPSS Score: %0.86
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-1286
Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8_context_native_handler.cc in Google Chrome before 44.0.2403.89 allows remote attackers to inject arbitrary web script or HTML by lev... Read more
- EPSS Score: %0.69
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-1285
The XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 44.0.2403.89, does not properly choose a truncation point, which makes it easier for remote attackers to obtain sensitive... Read more
- EPSS Score: %1.11
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-1284
The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly check for a page's maximum number of frames, which allows remote attackers to cause a denial of service (invalid c... Read more
- EPSS Score: %1.22
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2015-1283
Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified... Read more
Affected Products : ubuntu_linux debian_linux leap chrome python opensuse solaris linux_enterprise_server linux_enterprise_desktop linux_enterprise_software_development_kit +3 more products- EPSS Score: %0.71
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2015-1282
Multiple use-after-free vulnerabilities in fpdfsdk/src/javascript/Document.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF documen... Read more
- EPSS Score: %2.03
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-1281
core/loader/ImageLoader.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly determine the V8 context of a microtask, which allows remote attackers to bypass Content Security Policy (CSP) restrictions by providing an image from an... Read more
- EPSS Score: %0.98
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-1280
SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging access to a renderer process and providing crafted ... Read more
- EPSS Score: %2.17
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-1279
Integer overflow in the CJBig2_Image::expand function in fxcodec/jbig2/JBig2_Image.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified ... Read more
- EPSS Score: %1.65
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-1278
content/browser/web_contents/web_contents_impl.cc in Google Chrome before 44.0.2403.89 does not ensure that a PDF document's modal dialog is closed upon navigation to an interstitial page, which allows remote attackers to spoof URLs via a crafted document... Read more
- EPSS Score: %1.09
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025