Skip to main content
CVE-2015-2284 CRITICAL POC PATCH THREAT Act Now

userlogin.jsp in SolarWinds Firewall Security Manager (FSM) before 6.6.5 HotFix1 allows remote attackers to gain privileges and execute arbitrary code via unspecified vectors, related to client. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 79.9%.

RCE Privilege Escalation Firewall Security Manager
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
79.9%
Threat
5.9
CVE-2015-0252 MEDIUM POC THREAT This Month

internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 25.2%.

Denial Of Service Apache Debian Linux Fedora Xerces C
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
25.2%
CVE-2015-2265 HIGH POC PATCH This Week

The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Ubuntu Linux Cups Filters
NVD
CVSS 2.0
7.5
EPSS
5.8%
CVE-2015-2153 MEDIUM POC THREAT This Month

The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.3%.

Denial Of Service Buffer Overflow Tcpdump
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
11.3%
CVE-2015-0250 MEDIUM POC PATCH This Month

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service XXE Apache Ubuntu Linux Batik +1
NVD
CVSS 2.0
6.4
EPSS
1.5%
CVE-2015-0198 CRITICAL PATCH Act Now

IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 in certain cipherList configurations allows remote attackers to bypass authentication and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

IBM Authentication Bypass General Parallel File System
NVD
CVSS 2.0
10.0
EPSS
1.3%
CVE-2015-2155 HIGH PATCH This Week

The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Debian Linux Fedora Opensuse +2
NVD
CVSS 2.0
7.5
EPSS
4.5%
CVE-2015-0818 HIGH This Week

Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Privilege Escalation Google Firefox Firefox Esr +2
NVD
CVSS 2.0
7.5
EPSS
2.1%
CVE-2015-0261 HIGH This Week

Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Tcpdump
NVD
CVSS 2.0
7.5
EPSS
1.4%
CVE-2015-1388 HIGH This Week

The "RAP console" feature in ArubaOS 5.x through 6.2.x, 6.3.x before 6.3.1.15, and 6.4.x before 6.4.2.4 on Aruba access points in Remote Access Point (AP) mode allows remote attackers to execute. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Aruba Arubaos
NVD
CVSS 2.0
7.2
EPSS
0.6%
CVE-2015-0197 HIGH PATCH This Week

IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 allows local users to obtain root privileges for program execution via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

IBM Privilege Escalation General Parallel File System
NVD
CVSS 2.0
7.2
EPSS
0.3%
CVE-2015-0817 MEDIUM This Month

The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla RCE Firefox Firefox Esr Seamonkey
NVD
CVSS 2.0
6.8
EPSS
1.3%
CVE-2015-2154 MEDIUM This Month

The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Tcpdump
NVD
CVSS 2.0
5.0
EPSS
1.8%
CVE-2015-0282 MEDIUM This Month

GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gnutls
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-0199 MEDIUM PATCH This Month

The mmfslinux kernel module in IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 allows local users to cause a denial of service (memory. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity.

IBM Denial Of Service Buffer Overflow General Parallel File System
NVD
CVSS 2.0
4.9
EPSS
0.2%
CVE-2015-0158 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Coach NG framework in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allows remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Business Process Manager
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-0105 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Business Process Manager
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-0106 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Websphere Application Server Business Process Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-0137 MEDIUM This Month

IBM PowerVC Standard 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 validates Hardware Management Console (HMC) certificates only during the pre-login stage, which allows man-in-the-middle attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Powervc
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2015-0103 LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allow remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM XSS Business Process Manager
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-0527 LOW Monitor

EMC Documentum xCelerated Management System (xMS) 1.1 before P14 stores cleartext Windows Service credentials in a batch file during Documentum Platform and xCelerated Composition Platform (xCP). Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Documentum Xcelerated Management System
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-0136 LOW Monitor

powervc-iso-import in IBM PowerVC 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 places an access token on the command line during IVM and PowerKVM management, which allows local users to obtain. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Powervc
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy