Skip to main content
CVE-2014-6593 MEDIUM POC PATCH THREAT This Month

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 71.8%.

Information Disclosure Java Oracle Jrockit Jdk +1
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
71.8%
Threat
4.5
CVE-2015-0554 CRITICAL POC THREAT Emergency

The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 38.6%.

Denial Of Service Privilege Escalation P Dga4001N Firmware
NVD Exploit-DB
CVSS 2.0
9.4
EPSS
38.6%
Threat
4.5
CVE-2014-9598 MEDIUM POC THREAT This Month

The picture_Release function in misc/picture.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (write access violation) via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 18.6%.

RCE Denial Of Service Vlc Media Player
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
18.6%
CVE-2014-6601 CRITICAL PATCH Act Now

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.9%.

Information Disclosure Java Oracle Ubuntu Linux Debian Linux +6
NVD
CVSS 2.0
10.0
EPSS
15.9%
CVE-2015-0395 CRITICAL PATCH Act Now

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 19.3%.

Information Disclosure Java Oracle Ubuntu Linux Debian Linux +5
NVD
CVSS 2.0
9.3
EPSS
19.3%
CVE-2015-0514 MEDIUM POC THREAT This Month

EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might allow remote attackers to obtain cleartext data-center discovery credentials by leveraging certain SRM access to conduct a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 18.3%.

Information Disclosure Watch4Net Vipr Srm
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
18.3%
CVE-2014-9597 MEDIUM POC This Month

The picture_pool_Delete function in misc/picture_pool.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (DEP violation and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Denial Of Service Vlc Media Player
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
8.5%
CVE-2014-6577 MEDIUM POC PATCH This Month

Unspecified vulnerability in the XML Developer's Kit for C component in Oracle Database Server 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service XXE SSRF Oracle Database Server
NVD
CVSS 2.0
6.8
EPSS
7.8%
CVE-2015-0516 MEDIUM POC THREAT This Month

Directory traversal vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to read arbitrary files via a crafted URL. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 21.4%.

Path Traversal Vipr Srm Watch4Net
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
21.4%
CVE-2015-0408 CRITICAL Act Now

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Oracle Jdk Jre +6
NVD
CVSS 2.0
10.0
EPSS
9.3%
CVE-2015-1028 LOW POC THREAT Monitor

Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1). Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 21.1%.

XSS D-Link Dsl 2730B Firmware
NVD Exploit-DB
CVSS 2.0
3.5
EPSS
21.1%
CVE-2014-9226 HIGH POC This Week

The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Symantec Critical System Protection Data Center Security
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
1.3%
CVE-2014-9622 MEDIUM POC This Month

Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Command Injection RCE Xdg Utils
NVD
CVSS 2.0
6.8
EPSS
1.7%
CVE-2014-7289 MEDIUM POC This Month

SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Symantec Critical System Protection Data Center Security
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
0.9%
CVE-2015-1038 MEDIUM POC This Month

p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Fedora Solaris P7Zip
NVD
CVSS 2.0
5.8
EPSS
3.2%
CVE-2014-6567 CRITICAL PATCH Act Now

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality,. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Oracle Database Server
NVD
CVSS 2.0
9.0
EPSS
7.0%
CVE-2014-6549 CRITICAL PATCH Act Now

Unspecified vulnerability in Oracle Java SE 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
10.0
EPSS
1.0%
CVE-2014-9225 MEDIUM POC THREAT This Month

The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.1%.

Information Disclosure Symantec Critical System Protection Data Center Security
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
10.1%
CVE-2014-6598 HIGH PATCH Act Now

Unspecified vulnerability in the Oracle Communications Diameter Signaling Router component in Oracle Communications Applications 3.x, 4.x, and 5.0 allows remote attackers to affect confidentiality,. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. Epss exploitation probability 10.0%.

Information Disclosure Oracle Communications Applications
NVD
CVSS 2.0
7.6
EPSS
10.0%
CVE-2015-0437 CRITICAL PATCH Act Now

Unspecified vulnerability in Oracle Java SE 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.

Information Disclosure Java Oracle Jdk Jre +1
NVD
CVSS 2.0
9.3
EPSS
1.0%
CVE-2015-0411 HIGH PATCH This Week

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Ubuntu Linux Debian Linux Fedora +5
NVD
CVSS 2.0
7.5
EPSS
9.6%
CVE-2014-3440 CRITICAL Act Now

The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Symantec Critical System Protection Data Center Security
NVD
CVSS 2.0
9.0
EPSS
0.8%
CVE-2014-4259 CRITICAL PATCH Act Now

Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.1 allows remote authenticated users to affect confidentiality, integrity, and availability. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Oracle And Sun Systems Product Suite
NVD
CVSS 2.0
9.0
EPSS
0.6%
CVE-2015-1191 MEDIUM POC This Month

Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Pigz
NVD GitHub
CVSS 2.0
5.0
EPSS
0.5%
CVE-2015-1192 MEDIUM POC This Month

Absolute path traversal vulnerability in kgb 1.0b4 allows remote attackers to write to arbitrary files via a full pathname in a crafted archive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Kgb
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-1193 MEDIUM POC This Month

Multiple directory traversal vulnerabilities in pax 1:20140703 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Pax
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-1196 MEDIUM POC PATCH This Month

GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Opensuse Solaris Patch
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2015-0553 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 SP3 allows remote attackers to inject arbitrary web script or HTML via the page_id parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Websitebaker
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-1194 MEDIUM POC This Month

pax 1:20140703 allows remote attackers to write to arbitrary files via a symlink attack in an archive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Pax
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-1204 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Save Filters functionality in the WP Slimstat plugin before 3.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Wp Slimstat
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-1032 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Kiwix before 0.9.1, when using kiwix-serve, allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to /search. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Kiwix
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-9224 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Symantec Critical System Protection Data Center Security
NVD Exploit-DB
CVSS 2.0
3.5
EPSS
4.0%
CVE-2014-8478 HIGH This Week

The web server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote attackers to cause a denial of service (reboot) via. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Denial Of Service Siemens Scalance X 300 Series Firmware Scalance X 408 Firmware
NVD
CVSS 2.0
7.8
EPSS
0.5%
CVE-2015-0396 HIGH PATCH This Week

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to affect confidentiality, integrity, and availability via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Fusion Middleware
NVD
CVSS 2.0
7.5
EPSS
0.8%
CVE-2014-6565 HIGH PATCH This Week

Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1.5 allows remote attackers to affect confidentiality, integrity, and availability via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Jd Edwards Enterpriseone Tools
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2015-0424 HIGH PATCH This Week

Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) component in Oracle Sun Systems Products Suite ILOM prior to 3.2.4 allows remote authenticated users to affect confidentiality,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Information Disclosure Oracle Integrated Lights Out Manager Firmware
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2015-0412 HIGH PATCH This Week

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Information Disclosure Java Oracle Ubuntu Linux Debian Linux +6
NVD
CVSS 2.0
7.2
EPSS
1.7%
CVE-2015-0382 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 15.2%.

Information Disclosure Oracle Communications Policy Management Solaris MySQL +14
NVD
CVSS 2.0
4.3
EPSS
15.2%
CVE-2015-0406 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Information Disclosure Java Oracle Jdk Jre +1
NVD
CVSS 2.0
5.8
EPSS
7.2%
CVE-2014-6524 HIGH PATCH This Week

Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Information Disclosure Oracle Sunos
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2014-6521 HIGH PATCH This Week

Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via vectors related to CDE - Power Management Utility. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Information Disclosure Oracle Sunos
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2014-6510 HIGH PATCH This Week

Unspecified vulnerability in Oracle Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Power Management Utility. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Information Disclosure Oracle Sunos
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2015-0390 MEDIUM PATCH This Month

Unspecified vulnerability in the MICROS Retail component in Oracle Retail Applications Xstore: 3.2.1, 3.4.2, 3.5.0, 4.0.1, 4.5.1, 4.8.0, 5.0.3, 5.5.3, 6.0.6, and 6.5.2 allows remote attackers to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Oracle Retail Applications Xstore
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2015-0403 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Rated medium severity (CVSS 6.9).

Information Disclosure Java Oracle Suse Linux Enterprise Desktop Jdk +1
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2015-0421 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the installation process. Rated medium severity (CVSS 6.9).

Information Disclosure Java Oracle Jdk Jre +1
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2014-6571 MEDIUM PATCH This Month

Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect confidentiality, integrity, and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Oracle Fusion Middleware
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2014-8479 MEDIUM This Month

The FTP server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote authenticated users to cause a denial of service (reboot). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Siemens Scalance X 408 Firmware Scalance X 300 Series Firmware
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2015-0435 MEDIUM PATCH This Month

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, and 6.3.5 allows remote authenticated. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Supply Chain Products Suite
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2015-0515 MEDIUM This Month

Unrestricted file upload vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to execute arbitrary code by uploading and then accessing an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Watch4Net Vipr Srm
NVD
CVSS 2.0
6.5
EPSS
1.2%
CVE-2015-1195 MEDIUM PATCH This Month

The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Image Registry And Delivery Service Glance
NVD
CVSS 2.0
6.5
EPSS
1.1%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy