Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 omits the ASLR protection mechanism, which allows remote attackers to obtain potentially sensitive information about memory addresses by leveraging. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 41.1% and no vendor patch available.
Cross-site request forgery (CSRF) vulnerability in the Login Widget With Shortcode (login-sidebar-widget) plugin before 3.2.1 for WordPress allows remote attackers to hijack the authentication of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.
Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Controller (MVC) 2.0 through 5.1 allows remote attackers to inject arbitrary web script or HTML via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 18.6% and no vendor patch available.
Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability.". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 15.1% and no vendor patch available.
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.
Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1 and 6.2 allows remote attackers to affect confidentiality, integrity, and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.
plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Rated medium severity (CVSS 6.9).
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors. Rated medium severity (CVSS 6.9).
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect confidentiality,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hermon HCA PCIe driver. Rated medium severity (CVSS 6.8).
Unspecified vulnerability in Oracle Java SE 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.
Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Archive Utility. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.
Race condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5 and 11.1.1.7 allows remote attackers to affect confidentiality and integrity via unknown vectors. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.
Unspecified vulnerability in the Oracle Communications Session Border Controller component in Oracle Communications Applications SCX640m5 allows remote authenticated users to affect availability via. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable.
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. Epss exploitation probability 10.6%.
Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.6 allows remote authenticated users to affect confidentiality, integrity, and availability via. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.
Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.
Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6527. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52, 8.53, and 8.54 allows remote attackers to affect confidentiality and integrity via. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.
Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect integrity and availability via vectors related to SERVER:SP. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.
Unspecified vulnerability in Oracle Java SE 7u67 and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Hotspot. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and Jrockit R27.8.3 and R28.3.3 allows remote attackers to affect confidentiality via vectors related to JAXP. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.2.1 and 11.1.2.2 allows remote authenticated users to affect confidentiality and integrity via. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, and 7u67, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Hotspot. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
The Manga Facts (aka app.mangafacts.ar) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.
The OneFile Ignite (aka uk.co.onefile.ignite) application 1.19 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.
The Mt. Rated medium severity (CVSS 5.4). No vendor patch available.
The Akne Ernahrung (aka com.rareartifact.akneernahrung72010074) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.
The TH3 professional Al Mohtarif (aka com.th3professional.almohtarif) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.4). No vendor patch available.
The Archie Comics (aka com.iversecomics.archie.android) application 1.07 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.
The Re:kyu (aka com.appzone619) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.
The Neeku Naaku Dash Dash (aka com.dakshaa.nndd) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.
The mitfahrgelegenheit.at (aka com.carpooling.android.at) application 2.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.
The Konigsleiten (aka com.knigsleiten) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.
The Alisha Marie (Unofficial) (aka com.automon.ay.alisha.marie) application 1.4.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.
Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2 does not properly restrict toJSON calls, which allows remote attackers to bypass the Same Origin Policy via crafted API. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via vectors related to SMB server user component. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.