Skip to main content
CVE-2014-6593 MEDIUM POC PATCH THREAT This Month

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 71.8%.

Information Disclosure Java Oracle Jrockit Jdk +1
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
71.8%
Threat
4.5
CVE-2014-9598 MEDIUM POC THREAT This Month

The picture_Release function in misc/picture.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (write access violation) via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 18.6%.

RCE Denial Of Service Vlc Media Player
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
18.6%
CVE-2015-0514 MEDIUM POC THREAT This Month

EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might allow remote attackers to obtain cleartext data-center discovery credentials by leveraging certain SRM access to conduct a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 18.3%.

Information Disclosure Watch4Net Vipr Srm
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
18.3%
CVE-2014-9597 MEDIUM POC This Month

The picture_pool_Delete function in misc/picture_pool.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (DEP violation and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Denial Of Service Vlc Media Player
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
8.5%
CVE-2014-6577 MEDIUM POC PATCH This Month

Unspecified vulnerability in the XML Developer's Kit for C component in Oracle Database Server 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service XXE SSRF Oracle Database Server
NVD
CVSS 2.0
6.8
EPSS
7.8%
CVE-2015-0516 MEDIUM POC THREAT This Month

Directory traversal vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to read arbitrary files via a crafted URL. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 21.4%.

Path Traversal Vipr Srm Watch4Net
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
21.4%
CVE-2014-9622 MEDIUM POC This Month

Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Command Injection RCE Xdg Utils
NVD
CVSS 2.0
6.8
EPSS
1.7%
CVE-2014-7289 MEDIUM POC This Month

SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Symantec Critical System Protection Data Center Security
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
0.9%
CVE-2015-1038 MEDIUM POC This Month

p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Fedora Solaris P7Zip
NVD
CVSS 2.0
5.8
EPSS
3.2%
CVE-2014-9225 MEDIUM POC THREAT This Month

The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.1%.

Information Disclosure Symantec Critical System Protection Data Center Security
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
10.1%
CVE-2015-1191 MEDIUM POC This Month

Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Pigz
NVD GitHub
CVSS 2.0
5.0
EPSS
0.5%
CVE-2015-1192 MEDIUM POC This Month

Absolute path traversal vulnerability in kgb 1.0b4 allows remote attackers to write to arbitrary files via a full pathname in a crafted archive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Kgb
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-1193 MEDIUM POC This Month

Multiple directory traversal vulnerabilities in pax 1:20140703 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Pax
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-1196 MEDIUM POC PATCH This Month

GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Opensuse Solaris Patch
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2015-0553 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 SP3 allows remote attackers to inject arbitrary web script or HTML via the page_id parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Websitebaker
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-1194 MEDIUM POC This Month

pax 1:20140703 allows remote attackers to write to arbitrary files via a symlink attack in an archive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Pax
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-1204 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Save Filters functionality in the WP Slimstat plugin before 3.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Wp Slimstat
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-1032 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Kiwix before 0.9.1, when using kiwix-serve, allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to /search. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Kiwix
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-0382 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 15.2%.

Information Disclosure Oracle Communications Policy Management Solaris MySQL +14
NVD
CVSS 2.0
4.3
EPSS
15.2%
CVE-2015-0406 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Information Disclosure Java Oracle Jdk Jre +1
NVD
CVSS 2.0
5.8
EPSS
7.2%
CVE-2015-0390 MEDIUM PATCH This Month

Unspecified vulnerability in the MICROS Retail component in Oracle Retail Applications Xstore: 3.2.1, 3.4.2, 3.5.0, 4.0.1, 4.5.1, 4.8.0, 5.0.3, 5.5.3, 6.0.6, and 6.5.2 allows remote attackers to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Oracle Retail Applications Xstore
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2015-0403 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Rated medium severity (CVSS 6.9).

Information Disclosure Java Oracle Suse Linux Enterprise Desktop Jdk +1
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2015-0421 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the installation process. Rated medium severity (CVSS 6.9).

Information Disclosure Java Oracle Jdk Jre +1
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2014-6571 MEDIUM PATCH This Month

Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect confidentiality, integrity, and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Oracle Fusion Middleware
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2014-8479 MEDIUM This Month

The FTP server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote authenticated users to cause a denial of service (reboot). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Siemens Scalance X 408 Firmware Scalance X 300 Series Firmware
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2015-0435 MEDIUM PATCH This Month

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, and 6.3.5 allows remote authenticated. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Supply Chain Products Suite
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2015-0515 MEDIUM This Month

Unrestricted file upload vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to execute arbitrary code by uploading and then accessing an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Watch4Net Vipr Srm
NVD
CVSS 2.0
6.5
EPSS
1.2%
CVE-2015-1195 MEDIUM PATCH This Month

The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Image Registry And Delivery Service Glance
NVD
CVSS 2.0
6.5
EPSS
1.1%
CVE-2014-6518 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Solaris 10 and 11 allows local users to affect integrity and availability via vectors related to Unix File System (UFS). Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.

Information Disclosure Oracle Sunos
NVD
CVSS 2.0
6.6
EPSS
0.0%
CVE-2015-0373 MEDIUM PATCH This Month

Unspecified vulnerability in the OJVM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Database Server
NVD
CVSS 2.0
6.5
EPSS
0.5%
CVE-2014-6578 MEDIUM PATCH This Month

Unspecified vulnerability in the Workspace Manager component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Database Server
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2014-6480 MEDIUM PATCH This Month

Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.1 allows local users to affect confidentiality, integrity, and availability via unknown. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Information Disclosure Oracle Oracle And Sun Systems Product Suite
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2014-6583 MEDIUM PATCH This Month

Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, and 12.1.3. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle E Business Suite
NVD
CVSS 2.0
6.4
EPSS
0.3%
CVE-2014-6581 MEDIUM PATCH This Month

Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle E Business Suite
NVD
CVSS 2.0
6.4
EPSS
0.3%
CVE-2014-6572 MEDIUM PATCH This Month

Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle E Business Suite
NVD
CVSS 2.0
6.4
EPSS
0.3%
CVE-2014-9620 MEDIUM This Month

The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service File
NVD GitHub
CVSS 2.0
5.0
EPSS
7.2%
CVE-2015-0393 MEDIUM PATCH This Month

Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote authenticated users to affect. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

RCE Oracle E Business Suite
NVD
CVSS 2.0
6.0
EPSS
1.8%
CVE-2014-6541 MEDIUM PATCH This Month

Unspecified vulnerability in the Recovery component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2, when running on Windows, allows remote authenticated users to. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable.

Oracle Information Disclosure Microsoft Database Server
NVD
CVSS 2.0
6.3
EPSS
0.2%
CVE-2015-0410 MEDIUM PATCH This Month

Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Jdk Jre +7
NVD
CVSS 2.0
5.0
EPSS
6.4%
CVE-2014-6586 MEDIUM This Month

Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Peoplesoft Products
NVD
CVSS 2.0
5.5
EPSS
0.2%
CVE-2014-6576 MEDIUM PATCH This Month

Unspecified vulnerability in the Oracle Adaptive Access Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote authenticated users to affect. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Fusion Middleware
NVD
CVSS 2.0
5.5
EPSS
0.2%
CVE-2015-0407 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Swing. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Ubuntu Linux Debian Linux +4
NVD
CVSS 2.0
5.0
EPSS
2.2%
CVE-2014-8152 MEDIUM PATCH This Month

Apache Santuario XML Security for Java 2.0.x before 2.0.3 allows remote attackers to bypass the streaming XML signature protection mechanism via a crafted XML document. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Java Apache Santuario Xml Security For Java
NVD
CVSS 2.0
5.0
EPSS
2.1%
CVE-2015-0383 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via. Rated medium severity (CVSS 5.4).

Information Disclosure Java Oracle Ubuntu Linux Debian Linux +8
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2015-0381 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle Solaris MySQL Ubuntu Linux +14
NVD
CVSS 2.0
4.3
EPSS
5.0%
CVE-2015-0400 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Libraries. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Ubuntu Linux Suse Linux Enterprise Desktop +4
NVD
CVSS 2.0
5.0
EPSS
1.5%
CVE-2015-0366 MEDIUM PATCH This Month

Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Java Integration, a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Siebel Crm
NVD
CVSS 2.0
5.0
EPSS
1.3%
CVE-2015-0375 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect confidentiality via unknown vectors related to Network. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Sunos
NVD
CVSS 2.0
5.0
EPSS
1.2%
CVE-2014-9621 MEDIUM This Month

The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service File
NVD GitHub
CVSS 2.0
5.0
EPSS
1.1%
CVE-2015-0368 MEDIUM PATCH This Month

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3, 6.3.1, 6.3.2, 6.3.3, 6.3.4, and 6.3.5 allows remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Supply Chain Products Suite
NVD
CVSS 2.0
5.0
EPSS
0.7%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy