Skip to main content
CVE-2014-0227 MEDIUM PATCH This Month

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 78.2%.

Tomcat Denial Of Service Java Apache
NVD
CVSS 2.0
6.4
EPSS
78.2%
CVE-2015-1500 MEDIUM PATCH This Month

Multiple stack-based buffer overflows in the TSUnicodeGraphEditorControl in SolarWinds Server and Application Monitor (SAM) allow remote attackers to execute arbitrary code via unspecified vectors to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 42.6%.

RCE Buffer Overflow Server And Application Monitor
NVD
CVSS 2.0
6.8
EPSS
42.6%
CVE-2015-1501 MEDIUM This Month

The factory.loadExtensionFactory function in TSUnicodeGraphEditorControl in SolarWinds Server and Application Monitor (SAM) allow remote attackers to execute arbitrary code via a UNC path to a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 20.9% and no vendor patch available.

RCE Code Injection Server And Application Monitor
NVD
CVSS 2.0
6.8
EPSS
20.9%
CVE-2015-1434 MEDIUM POC This Month

Multiple SQL injection vulnerabilities in my little forum before 2.3.4 allow remote administrators to execute arbitrary SQL commands via the (1) letter parameter in a user action or (2) edit_category. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi My Little Forum
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2014-6137 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the Relay Diagnostic page in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

IBM XSS Tivoli Endpoint Manager
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
1.2%
CVE-2015-1435 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in my little forum before 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the back parameter to index.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP My Little Forum
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2015-1436 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the Easing Slider plugin before 2.2.0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the edit parameter in the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress PHP Easing Slider
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-0260 MEDIUM POC PATCH This Month

RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the get_repo API method. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Kallithea Rhodecode Enterprise
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2015-1495 MEDIUM PATCH This Month

Multiple stack-based buffer overflows in Motorola Scanner SDK allow remote attackers to execute arbitrary code via a crafted string to the Open method in (1) IOPOSScanner.ocx or (2) IOPOSScale.ocx. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

RCE Buffer Overflow Motorola Scanner Sdk
NVD
CVSS 2.0
6.8
EPSS
3.8%
CVE-2015-0268 MEDIUM This Month

The vgic_v2_to_sgi function in arch/arm/vgic-v2.c in Xen 4.5.x, when running on ARM hardware with general interrupt controller (GIC) version 2, allows local guest users to cause a denial of service. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2014-6113 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Web Reports component in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Tivoli Endpoint Manager
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-1608 MEDIUM This Month

Topline Opportunity Form (aka XLS Opp form) before 2015-02-15 does not properly restrict access to database-connection strings, which allows attackers to read the cleartext version of sensitive. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Opportunity Form
NVD
CVSS 2.0
4.0
EPSS
0.9%
CVE-2015-1613 MEDIUM PATCH This Month

RhodeCode before 2.2.7 allows remote authenticated users to obtain API keys and other sensitive information via the (1) update_repo, (2) get_locks, or (3) get_user_groups API method. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Rhodecode Enterprise
NVD
CVSS 2.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy