Skip to main content
CVE-2015-1903 CRITICAL PATCH Act Now

Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSN3Y. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 34.0%.

IBM RCE Buffer Overflow Domino
NVD
CVSS 2.0
10.0
EPSS
34.0%
CVE-2015-1902 CRITICAL PATCH Act Now

Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSMLA. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 34.0%.

IBM RCE Buffer Overflow Domino
NVD
CVSS 2.0
10.0
EPSS
34.0%
CVE-2015-1920 CRITICAL PATCH Act Now

IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, and 8.5 before 8.5.5.6 allows remote attackers to execute arbitrary code by sending crafted. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 18.4%.

IBM RCE Authentication Bypass Websphere Application Server
NVD
CVSS 2.0
10.0
EPSS
18.4%
CVE-2015-1265 HIGH POC This Week

Multiple unspecified vulnerabilities in Google Chrome before 43.0.2357.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Google Debian Linux Chrome
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
9.9%
CVE-2012-1665 HIGH POC This Week

Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow (1) remote attackers to execute arbitrary SQL commands via the username parameter in a process action to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Oscmax
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.9%
CVE-2012-4902 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Template CMS 2.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP Template Cms
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.5%
CVE-2015-3141 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies Xeams 4.5 Build 5755 and earlier allow remote attackers to hijack the authentication of administrators for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF Xeams
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.4%
CVE-2012-6691 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to hijack the authentication of administrators for requests that conduct. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP SQLi Oscmax
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2012-4901 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Template CMS 2.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the themes_editor parameter in an add_template action to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Template Cms
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
4.8%
CVE-2015-3990 CRITICAL Act Now

The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sonicwall Information Disclosure Dell Uma Em5000 Firmware Analyzer +1
NVD
CVSS 2.0
9.0
EPSS
0.6%
CVE-2012-1664 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in a process. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Oscmax
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
1.0%
CVE-2015-1257 HIGH This Week

platform/graphics/filters/FEColorMatrix.cpp in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, does not properly handle an insufficient number of values in an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Debian Linux Chrome
NVD
CVSS 2.0
7.5
EPSS
2.1%
CVE-2015-1256 HIGH This Week

Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to cause a denial of service or possibly have unspecified other. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Debian Linux Chrome
NVD
CVSS 2.0
7.5
EPSS
2.1%
CVE-2015-1258 HIGH This Week

Google Chrome before 43.0.2357.65 relies on libvpx code that was not built with an appropriate --size-limit value, which allows remote attackers to trigger a negative value for a size field, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Debian Linux Chrome
NVD
CVSS 2.0
7.5
EPSS
2.1%
CVE-2015-1262 HIGH This Week

platform/fonts/shaping/HarfBuzzShaper.cpp in Blink, as used in Google Chrome before 43.0.2357.65, does not initialize a certain width field, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome Debian Linux
NVD
CVSS 2.0
7.5
EPSS
1.8%
CVE-2015-1260 HIGH This Week

Multiple use-after-free vulnerabilities in content/renderer/media/user_media_client_impl.cc in the WebRTC implementation in Google Chrome before 43.0.2357.65 allow remote attackers to cause a denial. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Debian Linux Chrome
NVD
CVSS 2.0
7.5
EPSS
1.7%
CVE-2015-1259 HIGH This Week

PDFium, as used in Google Chrome before 43.0.2357.65, does not properly initialize memory, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Debian Linux Chrome
NVD
CVSS 2.0
7.5
EPSS
1.5%
CVE-2015-1252 HIGH This Week

common/partial_circular_buffer.cc in Google Chrome before 43.0.2357.65 does not properly handle wraps, which allows remote attackers to bypass a sandbox protection mechanism or cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Chrome Debian Linux
NVD
CVSS 2.0
7.5
EPSS
1.2%
CVE-2015-1251 MEDIUM This Month

Use-after-free vulnerability in the SpeechRecognitionClient implementation in the Speech subsystem in Google Chrome before 43.0.2357.65 allows remote attackers to execute arbitrary code via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Google Chrome Debian Linux
NVD
CVSS 2.0
6.8
EPSS
4.5%
CVE-2015-1253 HIGH This Week

core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to bypass the Same Origin Policy via crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Authentication Bypass Debian Linux Chrome
NVD
CVSS 2.0
7.5
EPSS
0.9%
CVE-2015-3910 HIGH This Week

Multiple unspecified vulnerabilities in Google V8 before 4.3.61.21, as used in Google Chrome before 43.0.2357.65, allow attackers to cause a denial of service or possibly have other impact via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google V8 Chrome
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2015-1188 HIGH This Week

The certificate verification functions in the HNDS service in Swisscom Centro Grande (ADB) DSL routers with firmware before 6.14.00 allows remote attackers to access the management functions via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Centro Grande Firmware
NVD
CVSS 2.0
7.5
EPSS
0.2%
CVE-2015-1255 MEDIUM This Month

Use-after-free vulnerability in content/renderer/media/webaudio_capturer_source.cc in the WebAudio implementation in Google Chrome before 43.0.2357.65 allows remote attackers to cause a denial of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Buffer Overflow Chrome Debian Linux
NVD
CVSS 2.0
6.8
EPSS
1.6%
CVE-2015-0740 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus28826. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cisco Unified Intelligence Center
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-8924 MEDIUM PATCH This Month

The server in IBM License Metric Tool 7.2.2 before IF15 and 7.5 before IF24 and Tivoli Asset Discovery for Distributed 7.2.2 before IF15 and 7.5 before IF24 allows remote attackers to read arbitrary. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XXE License Metric Tool Tivoli Asset Discovery For Distributed
NVD
CVSS 2.0
6.4
EPSS
0.3%
CVE-2015-1254 MEDIUM This Month

core/dom/Document.cpp in Blink, as used in Google Chrome before 43.0.2357.65, enables the inheritance of the designMode attribute, which allows remote attackers to bypass the Same Origin Policy by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Google Debian Linux Chrome
NVD
CVSS 2.0
5.0
EPSS
1.4%
CVE-2015-4016 MEDIUM PATCH This Month

The client detection protocol in Valve Steam allows remote attackers to cause a denial of service (process crash) via a crafted response to a broadcast packet. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Steam Client
NVD
CVSS 2.0
5.0
EPSS
1.2%
CVE-2015-1261 MEDIUM This Month

android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java in Google Chrome before 43.0.2357.65 on Android does not properly restrict use of a URL's fragment identifier during. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Information Disclosure Java Debian Linux Chrome
NVD
CVSS 2.0
5.0
EPSS
1.1%
CVE-2015-1263 MEDIUM This Month

The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Google Information Disclosure Chrome Debian Linux
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2015-1264 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Google Chrome before 43.0.2357.65 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted data that is improperly handled. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Google Chrome Debian Linux
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2012-3243 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the SEOgento plugin for Magento allows remote attackers to inject arbitrary web script or HTML via the id parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Adobe Seogento
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-0189 MEDIUM PATCH This Month

The cluster repository manager in IBM WebSphere MQ 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allows remote authenticated administrators to cause a denial of service (memory overwrite and daemon. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Websphere Mq
NVD
CVSS 2.0
4.0
EPSS
0.5%
CVE-2014-4776 LOW PATCH Monitor

IBM License Metric Tool 9 before 9.1.0.2 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure License Metric Tool
NVD
CVSS 2.0
2.1
EPSS
0.2%
CVE-2015-3999 LOW Monitor

Piriform CCleaner 3.26.0.1988 through 5.02.5101 writes the filenames to disk when overwriting files, which allows local users to obtain sensitive information by searching unallocated disk space. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ccleaner
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-6211 LOW PATCH Monitor

The command-line scripts in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 2 through 8, when debugging is configured, do not properly restrict the logging of. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Websphere Commerce
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy