Latest CVE Feed
-
4.3
MEDIUMCVE-2015-1278
content/browser/web_contents/web_contents_impl.cc in Google Chrome before 44.0.2403.89 does not ensure that a PDF document's modal dialog is closed upon navigation to an interstitial page, which allows remote attackers to spoof URLs via a crafted document... Read more
- EPSS Score: %1.09
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-1277
Use-after-free vulnerability in the accessibility implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging lack of certain validity checks for accessib... Read more
- EPSS Score: %2.31
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2015-1276
Use-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the IndexedDB implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by l... Read more
- EPSS Score: %2.78
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-1275
Cross-site scripting (XSS) vulnerability in org/chromium/chrome/browser/UrlUtilities.java in Google Chrome before 44.0.2403.89 on Android allows remote attackers to inject arbitrary web script or HTML via a crafted intent: URL, as demonstrated by a traili... Read more
- EPSS Score: %0.36
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2015-1274
Google Chrome before 44.0.2403.89 does not ensure that the auto-open list omits all dangerous file types, which makes it easier for remote attackers to execute arbitrary code by providing a crafted file and leveraging a user's previous "Always open files ... Read more
- EPSS Score: %2.81
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2015-1273
Heap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid JPEG2000 data in a PDF documen... Read more
- EPSS Score: %2.70
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-1272
Use-after-free vulnerability in the GPU process implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging the continued availability of a GPUChannelHost... Read more
- EPSS Score: %2.13
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2015-1271
PDFium, as used in Google Chrome before 44.0.2403.89, does not properly handle certain out-of-memory conditions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafte... Read more
- EPSS Score: %2.87
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2015-1270
The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before 44.0.2403.89, mishandles converter names with initial x- substrings, which allows remote attackers to cause a denial... Read more
- EPSS Score: %1.16
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-4284
The Concurrent Data Management Replication process in Cisco IOS XR 5.3.0 on ASR 9000 devices allows remote attackers to cause a denial of service (BGP process reload) via malformed BGPv4 packets, aka Bug ID CSCur70670.... Read more
- EPSS Score: %0.54
- Published: Jul. 22, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2015-4281
Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.5 MR1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCus56150 and CSCus56146.... Read more
Affected Products : webex_meetings_server- EPSS Score: %0.13
- Published: Jul. 22, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2014-0611
Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 2012 before Support Pack 4 and 2014 before Support Pack 2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more
Affected Products : groupwise- EPSS Score: %2.42
- Published: Jul. 22, 2015
- Modified: Apr. 12, 2025
-
1.3
LOWCVE-2015-5464
The Gemalto SafeNet Luna HSM allows remote authenticated users to bypass intended key-export restrictions by leveraging (1) crypto-user or (2) crypto-officer access to an HSM partition.... Read more
- EPSS Score: %0.06
- Published: Jul. 22, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-4652
epan/dissectors/packet-gsm_a_dtap.c in the GSM DTAP dissector in Wireshark 1.12.x before 1.12.6 does not properly validate digit characters, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to th... Read more
- EPSS Score: %0.42
- Published: Jul. 22, 2015
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-4651
The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.6 does not properly determine whether enough memory is available for storing IP address strings, which allows remote att... Read more
- EPSS Score: %0.43
- Published: Jul. 22, 2015
- Modified: Apr. 12, 2025
-
8.3
HIGHCVE-2015-5611
Unspecified vulnerability in Uconnect before 15.26.1, as used in certain Fiat Chrysler Automobiles (FCA) from 2013 to 2015 models, allows remote attackers in the same cellular network to control vehicle movement, cause human harm or physical damage, or mo... Read more
Affected Products : uconnect- EPSS Score: %9.57
- Published: Jul. 21, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-4554
Multiple unspecified vulnerabilities in TIBCO Spotfire Client and Spotfire Web Player Client in Spotfire Analyst before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; Spotfire Analytics Platform for AWS 6.5 and 7.0.x before 7.0.1; ... Read more
- EPSS Score: %1.50
- Published: Jul. 21, 2015
- Modified: Apr. 12, 2025
-
6.0
MEDIUMCVE-2015-2134
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.... Read more
Affected Products : system_management_homepage- EPSS Score: %0.08
- Published: Jul. 21, 2015
- Modified: Apr. 12, 2025
-
3.5
LOWCVE-2015-1906
Cross-site scripting (XSS) vulnerability in the REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to injec... Read more
Affected Products : business_process_manager- EPSS Score: %0.23
- Published: Jul. 21, 2015
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2015-1905
The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions on task-varia... Read more
Affected Products : business_process_manager- EPSS Score: %0.15
- Published: Jul. 21, 2015
- Modified: Apr. 12, 2025