Skip to main content
CVE-2014-8385 CRITICAL Act Now

Buffer overflow on Advantech EKI-1200 gateways with firmware before 1.63 allows remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Buffer Overflow Eki 1200 Gateway Series Firmware
NVD
CVSS 2.0
10.0
EPSS
1.2%
CVE-2014-6154 HIGH PATCH This Week

Directory traversal vulnerability in IBM Optim Performance Manager for DB2 4.1.0.1 through 4.1.1 on Linux, UNIX, and Windows and IBM InfoSphere Optim Performance Manager for DB2 5.1 through 5.3.1 on. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM Microsoft Optim Performance Manager
NVD
CVSS 2.0
7.8
EPSS
0.3%
CVE-2015-0255 MEDIUM PATCH This Month

X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Denial Of Service Information Disclosure X Server Opensuse
NVD
CVSS 2.0
6.4
EPSS
6.4%
CVE-2015-0593 HIGH This Week

The Zone-Based Firewall implementation in Cisco IOS 12.4(122)T and earlier does not properly manage session-object structures, which allows remote attackers to cause a denial of service (device. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD
CVSS 2.0
7.1
EPSS
0.7%
CVE-2014-6185 HIGH PATCH This Week

dsmtca in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.2.3, 6.4 before 6.4.2.2, and 7.1 before 7.1.1.3 does not properly restrict shared-library loading, which allows local users to. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

IBM Privilege Escalation Tivoli Storage Manager
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2014-4813 MEDIUM PATCH This Month

Race condition in the client in IBM Tivoli Storage Manager (TSM) 5.4.0.0 through 5.4.3.6, 5.5.0.0 through 5.5.4.3, 6.1.0.0 through 6.1.5.6, 6.2 before 6.2.5.4, 6.3 before 6.3.2.3, 6.4 before 6.4.2.1,. Rated medium severity (CVSS 6.9).

IBM Race Condition Information Disclosure Tivoli Storage Manager
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2014-0151 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in oVirt Engine before 3.5.0 beta2 allows remote attackers to hijack the authentication of users for requests that perform unspecified actions via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Ovirt Engine
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-0154 MEDIUM PATCH This Month

oVirt Engine before 3.5.0 does not include the HTTPOnly flag in a Set-Cookie header for the session IDs, which makes it easier for remote attackers to obtain potentially sensitive information via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ovirt
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-4781 MEDIUM PATCH This Month

The alert module in IBM InfoSphere BigInsights 2.1.2 and 3.x before 3.0.0.2 allows remote attackers to obtain sensitive Alert management-services API information via a network-tracing attack. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Infosphere Biginsights
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-2027 MEDIUM PATCH This Month

Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Privilege Escalation Opensuse Jython
NVD
CVSS 2.0
4.6
EPSS
0.0%
CVE-2014-8122 MEDIUM PATCH This Month

Race condition in JBoss Weld before 2.2.8 and 3.x before 3.0.0 Alpha3 allows remote attackers to obtain information from a previous conversation via vectors related to a stale thread state. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Race Condition Information Disclosure Jboss Weld
NVD GitHub
CVSS 2.0
4.3
EPSS
0.8%
CVE-2015-0873 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Homepage Decorator PerlTreeBBS 2.30 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Perltreebbs
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-7853 MEDIUM This Month

The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Jboss Operations Network Jboss Enterprise Application Platform
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2014-7849 MEDIUM This Month

The Role Based Access Control (RBAC) implementation in JBoss Enterprise Application Platform (EAP) 6.2.0 through 6.3.2 does not properly verify authorization conditions, which allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jboss Enterprise Application Platform
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2014-6139 MEDIUM PATCH This Month

The Search REST API in IBM Business Process Manager 8.0.1.3, 8.5.0.1, and 8.5.5.0 allows remote authenticated users to bypass intended access restrictions and perform task-instance and. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Business Process Manager
NVD
CVSS 2.0
4.0
EPSS
0.1%
CVE-2014-4771 LOW PATCH Monitor

IBM WebSphere MQ 7.0.1 before 7.0.1.13, 7.1 before 7.1.0.6, 7.5 before 7.5.0.5, and 8 before 8.0.0.1 allows remote authenticated users to cause a denial of service (queue-slot exhaustion) by. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM Denial Of Service Websphere Mq
NVD
CVSS 2.0
3.5
EPSS
0.4%
CVE-2014-7827 LOW Monitor

The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 uses the default security domain when a. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Privilege Escalation Jboss Enterprise Application Platform
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2014-8909 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF29, 8.0.0.x before 8.0.0.1 CF15, and 8.5.0. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM XSS Websphere Portal
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-4803 LOW Monitor

CRLF injection vulnerability in the Universal Access implementation in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix007, and 6.0.5 before 6.0.5.5 iFix003, when. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Code Injection Curam Social Program Management
NVD
CVSS 2.0
3.5
EPSS
0.1%
CVE-2015-0245 LOW Monitor

D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service. Rated low severity (CVSS 1.9). No vendor patch available.

Race Condition Denial Of Service Dbus Opensuse
NVD
CVSS 2.0
1.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy