Skip to main content
CVE-2015-4185 MEDIUM This Month

The TCL interpreter in Cisco IOS 15.2 does not properly maintain the vty state, which allows local users to gain privileges by starting a session very soon after a TCL script execution, aka Bug ID. Rated medium severity (CVSS 6.9). No vendor patch available.

Apple Privilege Escalation Cisco iOS
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2015-2954 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to hijack the authentication of arbitrary users. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Milkystep Light Milkystep Professional Milkystep Professional Oem
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-3993 MEDIUM This Month

Actian Matrix 5.1.x through 5.1.2.4 and 5.2.x through 5.2.0.1 allows remote authenticated users to bypass intended write-access restrictions and execute an UPDATE statement by referencing a table. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Matrix
NVD
CVSS 2.0
6.5
EPSS
0.2%
CVE-2015-2952 MEDIUM This Month

The user-information management functionality in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote authenticated users to bypass intended access restrictions and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Milkystep Light Milkystep Professional Milkystep Professional Oem
NVD
CVSS 2.0
6.5
EPSS
0.2%
CVE-2015-2958 MEDIUM This Month

Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to bypass intended access restrictions and modify settings via unspecified vectors, a different. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Milkystep Light Milkystep Professional Milkystep Professional Oem
NVD
CVSS 2.0
6.4
EPSS
0.6%
CVE-2015-2340 MEDIUM PATCH This Month

TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Denial Of Service VMware Microsoft Horizon Client Horizon View Client +3
NVD
CVSS 2.0
6.1
EPSS
0.1%
CVE-2015-2339 MEDIUM PATCH This Month

TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Denial Of Service VMware Microsoft Horizon Client Horizon View Client +3
NVD
CVSS 2.0
6.1
EPSS
0.1%
CVE-2015-2338 MEDIUM PATCH This Month

TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Denial Of Service VMware Microsoft Horizon Client Horizon View Client +3
NVD
CVSS 2.0
6.1
EPSS
0.1%
CVE-2015-2337 MEDIUM This Month

TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

RCE VMware Microsoft Fusion Player +3
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2015-2336 MEDIUM PATCH This Month

TPView.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity.

RCE VMware Microsoft Fusion Player +3
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2015-4184 MEDIUM This Month

The anti-spam scanner on Cisco Email Security Appliance (ESA) devices 3.3.1-09, 7.5.1-gpl-022, and 8.5.6-074 allows remote attackers to bypass intended e-mail restrictions via a malformed DNS SPF. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Email Security Appliance
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2015-3951 MEDIUM This Month

RLE Nova-Wind Turbine HMI devices store cleartext credentials, which allows remote attackers to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nova Wind Turbine Hmi Firmware
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2015-2953 MEDIUM This Month

Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to bypass intended access restrictions and read files via unspecified vectors, a different. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Milkystep Light Milkystep Professional Milkystep Professional Oem
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2015-0343 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in admin/home/homepage/search in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via the query. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Adobe Connect
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2015-0344 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Adobe Connect
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-2957 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Milkystep Light Milkystep Professional Milkystep Professional Oem
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy