Skip to main content
CVE-2015-2946 MEDIUM This Month

Stack-based buffer overflow in the Open CAD Format Council SXF common library before 3.30 allows remote attackers to execute arbitrary code via a crafted CAD file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Buffer Overflow Sxf Common Library
NVD
CVSS 2.0
6.8
EPSS
3.7%
CVE-2015-0140 MEDIUM PATCH This Month

An unspecified ActiveX control in IBM SPSS Statistics 22.0 through FP1 on 32-bit platforms allows remote attackers to execute arbitrary code via a crafted HTML document. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

IBM RCE Spss Statistics
NVD
CVSS 2.0
6.8
EPSS
1.8%
CVE-2014-4774 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the login page in IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 allows remote attackers. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

IBM CSRF Endpoint Manager Family License Metric Tool
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-1894 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Optim Workload Replay 2.x before 2.1.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

IBM XSS CSRF Optim Workload Replay
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-0161 MEDIUM This Month

SQL injection vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary SQL commands. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SQLi Security Siteprotector System
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2015-0540 MEDIUM This Month

SQL injection vulnerability in the xAdmin interface in EMC Document Sciences xPression 4.2 before P44 and 4.5 SP1 before P03 allows remote authenticated users to execute arbitrary SQL commands via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Document Sciences Xpression
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2015-1921 MEDIUM This Month

Open redirect vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Open Redirect Websphere Portal
NVD
CVSS 2.0
6.4
EPSS
0.2%
CVE-2015-2694 MEDIUM PATCH This Month

The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Privilege Escalation Kerberos 5
NVD GitHub
CVSS 2.0
5.8
EPSS
0.9%
CVE-2015-0171 MEDIUM This Month

Directory traversal vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to write to arbitrary files. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal IBM Security Siteprotector System
NVD
CVSS 2.0
5.5
EPSS
0.7%
CVE-2015-0180 MEDIUM PATCH This Month

The Connector Migration Tool in IBM InfoSphere Information Server 8.1 through 11.3 allows remote authenticated users to bypass intended restrictions on job creation and modification via unspecified. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Infosphere Information Server
NVD
CVSS 2.0
5.5
EPSS
0.1%
CVE-2014-8927 MEDIUM PATCH This Month

Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Endpoint Manager Family License Metric Tool Tivoli Asset Discovery For Distributed
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-8926 MEDIUM PATCH This Month

Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Endpoint Manager Family License Metric Tool Tivoli Asset Discovery For Distributed
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2015-1909 MEDIUM PATCH This Month

The XML parser in the Reference Data Management component in the server in IBM InfoSphere Master Data Management (MDM) 10.1 before IF1, 11.0 before FP3, 11.3, and 11.4 before FP2 allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM XXE Information Disclosure Infosphere Master Data Management Server
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-1895 MEDIUM PATCH This Month

IBM InfoSphere Optim Workload Replay 2.x before 2.1.0.3 relies on client-side code to verify authorization, which allows remote attackers to bypass intended access restrictions by modifying the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Optim Workload Replay
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-6190 MEDIUM PATCH This Month

The log viewer in IBM Workload Deployer 3.1 before 3.1.0.7 allows remote attackers to obtain sensitive information via a direct request for the URL of a log document. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Workload Deployer
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-0962 MEDIUM This Month

Barracuda Web Filter 7.x and 8.x before 8.1.0.005, when SSL Inspection is enabled, uses the same root Certification Authority certificate across different customers' installations, which makes it. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Barracuda Information Disclosure Web Filter
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-0961 MEDIUM This Month

Barracuda Web Filter before 8.1.0.005, when SSL Inspection is enabled, does not verify X.509 certificates from upstream SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Barracuda Information Disclosure Web Filter
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-1915 MEDIUM PATCH This Month

The Endpoint Manager for Remote Control component in IBM Tivoli Endpoint Manager for Lifecycle Management 9.0.1 before IF6 and 9.1.0 before IF6 does not set the secure flag for the session cookie in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Endpoint Manager Family
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-1911 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Sterling Order Management 8.5 before HF113, Sterling Selling and Fulfillment Foundation 9.0.0 before FP92, and Sterling Field Sales (SFS) 9.0 before HF7 in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Sterling Field Sales Sterling Order Management Sterling Selling And Fulfillment Foundation
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4778 MEDIUM This Month

IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 do not send an X-Frame-Options HTTP header in response to requests for the login page, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Endpoint Manager Family License Metric Tool
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-2118 MEDIUM PATCH This Month

Unspecified vulnerability in the Secure Pull Print and Security Pull Print components in HP Access Control (AC) Software 12.x through 14.x before 14.1.2 allows remote authenticated users to obtain. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

HP Information Disclosure Access Control
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2015-0169 MEDIUM This Month

IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to inject arguments via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Code Injection Security Siteprotector System
NVD
CVSS 2.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy