Skip to main content
CVE-2015-0255 MEDIUM PATCH This Month

X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Denial Of Service Information Disclosure X Server Opensuse
NVD
CVSS 2.0
6.4
EPSS
6.4%
CVE-2014-4813 MEDIUM PATCH This Month

Race condition in the client in IBM Tivoli Storage Manager (TSM) 5.4.0.0 through 5.4.3.6, 5.5.0.0 through 5.5.4.3, 6.1.0.0 through 6.1.5.6, 6.2 before 6.2.5.4, 6.3 before 6.3.2.3, 6.4 before 6.4.2.1,. Rated medium severity (CVSS 6.9).

IBM Race Condition Information Disclosure Tivoli Storage Manager
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2014-0151 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in oVirt Engine before 3.5.0 beta2 allows remote attackers to hijack the authentication of users for requests that perform unspecified actions via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Ovirt Engine
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-0154 MEDIUM PATCH This Month

oVirt Engine before 3.5.0 does not include the HTTPOnly flag in a Set-Cookie header for the session IDs, which makes it easier for remote attackers to obtain potentially sensitive information via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ovirt
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-4781 MEDIUM PATCH This Month

The alert module in IBM InfoSphere BigInsights 2.1.2 and 3.x before 3.0.0.2 allows remote attackers to obtain sensitive Alert management-services API information via a network-tracing attack. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Infosphere Biginsights
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-2027 MEDIUM PATCH This Month

Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Privilege Escalation Opensuse Jython
NVD
CVSS 2.0
4.6
EPSS
0.0%
CVE-2014-8122 MEDIUM PATCH This Month

Race condition in JBoss Weld before 2.2.8 and 3.x before 3.0.0 Alpha3 allows remote attackers to obtain information from a previous conversation via vectors related to a stale thread state. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Race Condition Information Disclosure Jboss Weld
NVD GitHub
CVSS 2.0
4.3
EPSS
0.8%
CVE-2015-0873 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Homepage Decorator PerlTreeBBS 2.30 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Perltreebbs
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-7853 MEDIUM This Month

The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Jboss Operations Network Jboss Enterprise Application Platform
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2014-7849 MEDIUM This Month

The Role Based Access Control (RBAC) implementation in JBoss Enterprise Application Platform (EAP) 6.2.0 through 6.3.2 does not properly verify authorization conditions, which allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jboss Enterprise Application Platform
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2014-6139 MEDIUM PATCH This Month

The Search REST API in IBM Business Process Manager 8.0.1.3, 8.5.0.1, and 8.5.5.0 allows remote authenticated users to bypass intended access restrictions and perform task-instance and. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Business Process Manager
NVD
CVSS 2.0
4.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy