Skip to main content
CVE-2015-1782 MEDIUM This Month

The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Debian Linux Libssh2 Fedora
NVD
CVSS 2.0
6.8
EPSS
4.1%
CVE-2015-2264 MEDIUM This Month

Multiple untrusted search path vulnerabilities in (1) EQATEC.Analytics.Monitor.Win32_vc100.dll and (2) EQATEC.Analytics.Monitor.Win32_vc100-x64.dll in Telerik Analytics Monitor Library before 3.2.125. Rated medium severity (CVSS 6.9). No vendor patch available.

Information Disclosure Analytics Monitor Library
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2014-6214 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote attackers to hijack the authentication of arbitrary users for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

IBM XSS CSRF Websphere Portal
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-0340 MEDIUM PATCH This Month

Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass intended file-upload restrictions. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Adobe Microsoft Flash Player
NVD
CVSS 2.0
5.0
EPSS
1.2%
CVE-2015-2091 MEDIUM This Month

The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and earlier does not validate client certificates when "GnuTLSClientVerify require" is set, which allows remote attackers to spoof. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mod Gnutls
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2015-0337 MEDIUM PATCH This Month

Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass the Same Origin Policy via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe Privilege Escalation Microsoft Flash Player
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2015-0133 MEDIUM PATCH This Month

IBM WebSphere Commerce 7.0 Feature Pack 4 through 8 allows remote attackers to read arbitrary files and possibly obtain administrative privileges via an XML external entity declaration in conjunction. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

IBM XXE Websphere Commerce
NVD
CVSS 2.0
5.0
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy