Skip to main content
CVE-2015-0132 HIGH PATCH This Week

The XML parser in IBM Rational DOORS Next Generation 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 and Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5 and 4.x before 4.0.7 iFix3 does. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Rational Requirements Composer Rational Doors Next Generation
NVD
CVSS 2.0
7.8
EPSS
0.5%
CVE-2015-2149 LOW POC PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in MyBB (aka MyBulletinBoard) before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Mybb
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2015-2296 MEDIUM PATCH This Month

The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Mageia Requests Ubuntu Linux
NVD GitHub
CVSS 2.0
6.8
EPSS
1.1%
CVE-2015-1075 MEDIUM This Month

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple RCE Buffer Overflow Safari +1
NVD
CVSS 2.0
6.8
EPSS
1.0%
CVE-2015-1082 MEDIUM PATCH This Month

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service Apple RCE Buffer Overflow Itunes +3
NVD
CVSS 2.0
6.8
EPSS
0.9%
CVE-2015-1080 MEDIUM PATCH This Month

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service Apple RCE Buffer Overflow Safari +3
NVD
CVSS 2.0
6.8
EPSS
0.9%
CVE-2015-1078 MEDIUM PATCH This Month

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service Apple RCE Buffer Overflow Itunes +3
NVD
CVSS 2.0
6.8
EPSS
0.9%
CVE-2015-1077 MEDIUM PATCH This Month

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service Apple RCE Buffer Overflow Iphone Os +3
NVD
CVSS 2.0
6.8
EPSS
0.9%
CVE-2015-1069 MEDIUM This Month

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple RCE Buffer Overflow Itunes +4
NVD
CVSS 2.0
6.8
EPSS
0.9%
CVE-2015-1068 MEDIUM This Month

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple RCE Buffer Overflow Tvos +3
NVD
CVSS 2.0
6.8
EPSS
0.9%
CVE-2015-1083 MEDIUM PATCH This Month

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service Apple RCE Buffer Overflow Itunes +3
NVD
CVSS 2.0
6.8
EPSS
0.9%
CVE-2015-1081 MEDIUM PATCH This Month

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service Apple RCE Buffer Overflow Tvos +3
NVD
CVSS 2.0
6.8
EPSS
0.9%
CVE-2015-1079 MEDIUM PATCH This Month

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service Apple RCE Buffer Overflow Tvos +3
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2015-1076 MEDIUM This Month

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple RCE Buffer Overflow Iphone Os +3
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2015-1071 MEDIUM This Month

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple RCE Buffer Overflow Safari +3
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2015-1074 MEDIUM This Month

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple RCE Buffer Overflow Tvos +3
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2015-1073 MEDIUM This Month

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple RCE Buffer Overflow Itunes +3
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2015-1072 MEDIUM This Month

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple RCE Buffer Overflow Itunes +3
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2015-1070 MEDIUM This Month

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple RCE Buffer Overflow Itunes +3
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2015-2334 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the Admin Control Panel (ACP) login in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to hijack the authentication of unspecified. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Mybb
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-6129 MEDIUM PATCH This Month

IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Rational Quality Manager Rational Requirements Composer Rational Doors Next Generation +2
NVD
CVSS 2.0
5.5
EPSS
0.3%
CVE-2015-0149 MEDIUM PATCH This Month

The developer portal in IBM API Management 3.0 before 3.0.4.1 does not properly restrict access to the public and private APIs, which allows remote authenticated users to obtain sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Api Management
NVD
CVSS 2.0
5.5
EPSS
0.2%
CVE-2015-1084 MEDIUM This Month

The user interface in WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, does not display URLs consistently, which makes it easier for remote attackers to conduct. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os Safari
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-0667 MEDIUM This Month

The Management Interface on Cisco Content Services Switch (CSS) 11500 devices 8.20.4.02 and earlier allows remote attackers to bypass intended restrictions on local-network device access via crafted. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Content Services Switch 11500 Firmware
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-2335 MEDIUM PATCH This Month

A JSON library in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to obtain the installation path via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Mybb
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-8169 MEDIUM This Month

automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped. Rated medium severity (CVSS 4.4). No vendor patch available.

Privilege Escalation Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server Enterprise Linux Workstation +2
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2015-0896 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Extplorer
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-2333 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the MyCode editor in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Mybb
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-2332 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in member.php in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS PHP Mybb
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-0178 MEDIUM This Month

The Java overlay feature in IBM Bluemix Liberty before 1.13-20150209-1122 for Java does not properly support WAR applications, which allows remote attackers to obtain sensitive information via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Java Liberty
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-0664 MEDIUM This Month

The IPC channel in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary userspace memory locations, and consequently gain privileges, via crafted. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Anyconnect Secure Mobility Client
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2014-6131 MEDIUM PATCH This Month

IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Rational Doors Next Generation Rational Requirements Composer Rational Collaborative Lifecycle Management +2
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2015-0124 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix4, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM XSS Rational Quality Manager
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-0128 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix4, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM XSS Rational Quality Manager
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-0125 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Next Generation 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 and Rational Requirements Composer 4.x before 4.0.7 iFix3 allows remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM XSS Rational Requirements Composer Rational Doors Next Generation
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-0146 LOW PATCH Monitor

IBM Content Collector for Email 3.0 before 3.0.0.6-IBM-ICC-Server-IF001 and 4.0 before 4.0.0.3-IBM-ICC-Server-IF001 does not properly handle an unspecified query operator during searches of IBM. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

IBM Privilege Escalation Content Collector
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-2152 LOW PATCH Monitor

Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access. Rated low severity (CVSS 1.9).

Privilege Escalation Xen Fedora
NVD
CVSS 2.0
1.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy