Skip to main content
CVE-2015-2590 CRITICAL KEV PATCH THREAT Act Now

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 63.0%.

Java Oracle Information Disclosure
NVD VulDB
CVSS 3.1
9.8
EPSS
63.0%
Threat
5.3
CVE-2015-4732 CRITICAL PATCH Act Now

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
10.0
EPSS
9.1%
CVE-2015-4760 CRITICAL PATCH Act Now

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
10.0
EPSS
9.1%
CVE-2015-4733 CRITICAL PATCH Act Now

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
10.0
EPSS
9.1%
CVE-2015-2628 CRITICAL PATCH Act Now

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
10.0
EPSS
8.1%
CVE-2015-4731 CRITICAL PATCH Act Now

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; Java SE Embedded 7u75; and Java SE Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and availability via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
10.0
EPSS
7.5%
CVE-2015-2638 CRITICAL PATCH Act Now

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Jdk Jre +1
NVD
CVSS 2.0
10.0
EPSS
6.8%
CVE-2015-5530 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Free Reprintables ArticleFR 3.0.6 allow remote attackers to hijack the authentication of administrators for requests that add an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Articlefr
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.7%
CVE-2015-4460 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in SecuritySetting/UserSecurity/UserManagement.aspx in B.A.S C2Box before 4.0.0 (r19171) allows remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF C2Box
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.3%
CVE-2015-4736 CRITICAL PATCH Act Now

Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
9.3
EPSS
5.6%
CVE-2015-5529 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Free Reprintables ArticleFR 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Articlefr
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
7.1%
CVE-2015-5386 CRITICAL PATCH Act Now

Siemens SICAM MIC devices with firmware before 2404 allow remote attackers to bypass authentication and obtain administrative access via unspecified HTTP requests. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.

Authentication Bypass Siemens Sicam Mic Firmware
NVD
CVSS 2.0
9.3
EPSS
0.7%
CVE-2015-3621 CRITICAL Act Now

Untrusted search path vulnerability in SAP Enterprise Central Component (ECC) allows local users to gain privileges via a Trojan horse program. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure SAP Enterprise Central Component
NVD
CVSS 2.0
9.3
EPSS
0.4%
CVE-2015-5080 CRITICAL Act Now

The Management Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before 10.1.132.8, 10.5 before Build 56.15, and 10.5.e before Build 56.1505.e allows. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Citrix Netscaler Application Delivery Controller Firmware Netscaler Gateway Firmware
NVD
CVSS 2.0
9.0
EPSS
1.0%
CVE-2015-2629 CRITICAL PATCH Act Now

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality,. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Database Server
NVD
CVSS 2.0
9.0
EPSS
0.6%
CVE-2015-4748 HIGH PATCH This Week

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable.

Information Disclosure Java Oracle Jrockit Jdk +1
NVD
CVSS 2.0
7.6
EPSS
7.3%
CVE-2015-1831 HIGH PATCH This Week

The default exclude patterns (excludeParams) in Apache Struts 2.3.20 allow remote attackers to "compromise internal state of an application" via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Apache Struts
NVD
CVSS 2.0
7.5
EPSS
4.5%
CVE-2015-5528 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the save_order function in class-floating-social-bar.php in the Floating Social Bar plugin before 1.1.6 for WordPress allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Floating Social Bar
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-0725 HIGH PATCH This Week

Cisco Videoscape Distribution Suite Service Broker (aka VDS-SB), when a VDSM configuration on UCS is used, and Videoscape Distribution Suite for Internet Streaming (aka VDS-IS or CDS-IS) before 3.3.1. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Cisco Denial Of Service Videoscape Distribution Suite Service Broker Videoscape Distribution Suite For Internet Streaming
NVD
CVSS 2.0
7.8
EPSS
0.2%
CVE-2015-4745 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Fusion Middleware
NVD
CVSS 2.0
7.5
EPSS
0.8%
CVE-2015-2606 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Fusion Middleware
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2015-2605 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Fusion Middleware
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2015-2604 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Fusion Middleware
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2015-2603 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Fusion Middleware
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2015-2602 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Fusion Middleware
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2015-2636 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Fusion Middleware
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2015-4727 HIGH PATCH This Week

Unspecified vulnerability in Oracle Virtualization Sun Ray Software before 5.4.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Virtualization Sun Ray
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2015-2663 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, and 6.3.0 through 6.3.7 allows remote authenticated users to affect. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Supply Chain Products Suite
NVD
CVSS 2.0
7.5
EPSS
0.2%
CVE-2015-2631 HIGH PATCH This Week

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to rmformat. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Information Disclosure Oracle Solaris
NVD
CVSS 2.0
7.2
EPSS
0.5%
CVE-2015-2597 HIGH PATCH This Week

Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Install. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2015-3449 HIGH This Week

The Windows client in SAP Afaria 7.0.6398.0 uses weak permissions (Everyone: read and Everyone: write) for the install folder, which allows local users to gain privileges via a Trojan horse. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure SAP Microsoft Afaria
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2015-2593 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.2.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Information Disclosure Oracle Fusion Middleware
NVD
CVSS 2.0
7.1
EPSS
0.1%
CVE-2015-4782 MEDIUM PATCH This Month

Unspecified vulnerability in the Data Store component in Oracle Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35 allows local users to affect confidentiality, integrity, and. Rated medium severity (CVSS 6.9).

Information Disclosure Oracle Berkeley Db
NVD
CVSS 2.0
6.9
EPSS
0.2%
CVE-2015-4781 MEDIUM PATCH This Month

Unspecified vulnerability in the Data Store component in Oracle Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35 allows local users to affect confidentiality, integrity, and. Rated medium severity (CVSS 6.9).

Information Disclosure Oracle Berkeley Db
NVD
CVSS 2.0
6.9
EPSS
0.2%
CVE-2015-4778 MEDIUM PATCH This Month

Unspecified vulnerability in the Data Store component in Oracle Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35 allows local users to affect confidentiality, integrity, and. Rated medium severity (CVSS 6.9).

Information Disclosure Oracle Berkeley Db
NVD
CVSS 2.0
6.9
EPSS
0.2%
CVE-2015-4777 MEDIUM PATCH This Month

Unspecified vulnerability in the Data Store component in Oracle Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35 allows local users to affect confidentiality, integrity, and. Rated medium severity (CVSS 6.9).

Information Disclosure Oracle Berkeley Db
NVD
CVSS 2.0
6.9
EPSS
0.2%
CVE-2015-2664 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Rated medium severity (CVSS 6.9).

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
6.9
EPSS
0.2%
CVE-2015-4759 MEDIUM PATCH This Month

Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Oracle Fusion Middleware
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2015-4758 MEDIUM PATCH This Month

Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Oracle Fusion Middleware
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2015-4747 MEDIUM PATCH This Month

Unspecified vulnerability in the Oracle Event Processing component in Oracle Fusion Middleware 11.1.1.7 and 12.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Oracle Fusion Middleware
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2015-2635 MEDIUM PATCH This Month

Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Oracle Fusion Middleware
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2015-2634 MEDIUM PATCH This Month

Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Oracle Fusion Middleware
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2015-0446 MEDIUM PATCH This Month

Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Oracle Fusion Middleware
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2015-0445 MEDIUM PATCH This Month

Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Oracle Fusion Middleware
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2015-0443 MEDIUM PATCH This Month

Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Oracle Fusion Middleware
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2015-0444 MEDIUM PATCH This Month

Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Oracle Fusion Middleware
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2015-4790 MEDIUM PATCH This Month

Unspecified vulnerability in the Data Store component in Oracle Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35 allows local users to affect confidentiality, integrity, and. Rated medium severity (CVSS 6.9).

Information Disclosure Oracle Berkeley Db
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2015-4789 MEDIUM PATCH This Month

Unspecified vulnerability in the Data Store component in Oracle Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35 allows local users to affect confidentiality, integrity, and. Rated medium severity (CVSS 6.9).

Information Disclosure Oracle Berkeley Db
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2015-4787 MEDIUM PATCH This Month

Unspecified vulnerability in the Data Store component in Oracle Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35 allows local users to affect confidentiality, integrity, and. Rated medium severity (CVSS 6.9).

Information Disclosure Oracle Berkeley Db
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2015-4786 MEDIUM PATCH This Month

Unspecified vulnerability in the Data Store component in Oracle Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35 allows local users to affect confidentiality, integrity, and. Rated medium severity (CVSS 6.9).

Information Disclosure Oracle Berkeley Db
NVD
CVSS 2.0
6.9
EPSS
0.1%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy