Search for vulnerabilities
Vulnerability details: VCID-uk6y-7hfb-33aa
Vulnerability ID VCID-uk6y-7hfb-33aa
Aliases CVE-2015-7940
GHSA-4mv7-cq75-3qjm
Summary
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (5)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-310 Cryptographic Issues
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-358 Improperly Implemented Security Check for Standard
System Score Found at
generic_textual MODERATE http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174915.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00012.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2016-2035.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2016-2036.html
cvssv3 3.7 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7940.json
epss 0.01124 https://api.first.org/data/v1/epss?cve=CVE-2015-7940
epss 0.01124 https://api.first.org/data/v1/epss?cve=CVE-2015-7940
epss 0.01124 https://api.first.org/data/v1/epss?cve=CVE-2015-7940
epss 0.01124 https://api.first.org/data/v1/epss?cve=CVE-2015-7940
epss 0.01124 https://api.first.org/data/v1/epss?cve=CVE-2015-7940
epss 0.01124 https://api.first.org/data/v1/epss?cve=CVE-2015-7940
epss 0.01124 https://api.first.org/data/v1/epss?cve=CVE-2015-7940
epss 0.01124 https://api.first.org/data/v1/epss?cve=CVE-2015-7940
epss 0.01124 https://api.first.org/data/v1/epss?cve=CVE-2015-7940
epss 0.01124 https://api.first.org/data/v1/epss?cve=CVE-2015-7940
epss 0.01124 https://api.first.org/data/v1/epss?cve=CVE-2015-7940
epss 0.01124 https://api.first.org/data/v1/epss?cve=CVE-2015-7940
epss 0.01124 https://api.first.org/data/v1/epss?cve=CVE-2015-7940
epss 0.01124 https://api.first.org/data/v1/epss?cve=CVE-2015-7940
epss 0.01124 https://api.first.org/data/v1/epss?cve=CVE-2015-7940
epss 0.01124 https://api.first.org/data/v1/epss?cve=CVE-2015-7940
epss 0.01124 https://api.first.org/data/v1/epss?cve=CVE-2015-7940
epss 0.01124 https://api.first.org/data/v1/epss?cve=CVE-2015-7940
epss 0.01124 https://api.first.org/data/v1/epss?cve=CVE-2015-7940
epss 0.01124 https://api.first.org/data/v1/epss?cve=CVE-2015-7940
epss 0.01124 https://api.first.org/data/v1/epss?cve=CVE-2015-7940
epss 0.01124 https://api.first.org/data/v1/epss?cve=CVE-2015-7940
epss 0.01124 https://api.first.org/data/v1/epss?cve=CVE-2015-7940
epss 0.01124 https://api.first.org/data/v1/epss?cve=CVE-2015-7940
epss 0.01124 https://api.first.org/data/v1/epss?cve=CVE-2015-7940
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-4mv7-cq75-3qjm
generic_textual MODERATE https://github.com/advisories/GHSA-4mv7-cq75-3qjm
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2015-7940
generic_textual MODERATE https://usn.ubuntu.com/3727-1
generic_textual MODERATE https://www.oracle.com/security-alerts/cpuapr2020.html
generic_textual MODERATE https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
generic_textual MODERATE http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html
generic_textual MODERATE http://www.debian.org/security/2015/dsa-3417
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2015/10/22/7
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2015/10/22/9
generic_textual MODERATE http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
generic_textual MODERATE http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
generic_textual MODERATE http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
generic_textual MODERATE http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
generic_textual MODERATE http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
generic_textual MODERATE http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
generic_textual MODERATE http://www.securityfocus.com/bid/79091
generic_textual MODERATE http://www.securitytracker.com/id/1037036
generic_textual MODERATE http://www.securitytracker.com/id/1037046
generic_textual MODERATE http://www.securitytracker.com/id/1037053
Reference id Reference type URL
http://git.bouncycastle.org/repositories/bc-java/commit/5cb2f0578e6ec8f0d67e59d05d8c4704d8e05f83
http://git.bouncycastle.org/repositories/bc-java/commit/e25e94a046a6934819133886439984e2fecb2b04
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174915.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00012.html
http://rhn.redhat.com/errata/RHSA-2016-2035.html
http://rhn.redhat.com/errata/RHSA-2016-2036.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7940.json
https://api.first.org/data/v1/epss?cve=CVE-2015-7940
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7940
https://github.com/advisories/GHSA-4mv7-cq75-3qjm
https://nvd.nist.gov/vuln/detail/CVE-2015-7940
https://usn.ubuntu.com/3727-1
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html
http://www.debian.org/security/2015/dsa-3417
http://www.openwall.com/lists/oss-security/2015/10/22/7
http://www.openwall.com/lists/oss-security/2015/10/22/9
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.securityfocus.com/bid/79091
http://www.securitytracker.com/id/1037036
http://www.securitytracker.com/id/1037046
http://www.securitytracker.com/id/1037053
1276272 https://bugzilla.redhat.com/show_bug.cgi?id=1276272
802671 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802671
RHSA-2016:2035 https://access.redhat.com/errata/RHSA-2016:2035
RHSA-2016:2036 https://access.redhat.com/errata/RHSA-2016:2036
USN-3727-1 https://usn.ubuntu.com/3727-1/
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7940.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.77356
EPSS Score 0.01124
Published At July 31, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T07:58:41.039909+00:00 ProjectKB MSRImporter Import https://raw.githubusercontent.com/SAP/project-kb/master/MSR2019/dataset/vulas_db_msr2019_release.csv 37.0.0