Skip to main content
CVE-2015-2426 HIGH POC KEV PATCH THREAT Act Now

Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Adobe Buffer Overflow Microsoft RCE
NVD Exploit-DB VulDB
CVSS 3.1
8.8
EPSS
91.8%
Threat
7.5
CVE-2015-2863 MEDIUM POC THREAT This Month

Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote attackers to redirect. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 49.0%.

Open Redirect Virtual System Administrator
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
49.0%
CVE-2015-5124 CRITICAL Act Now

Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.4% and no vendor patch available.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +5
NVD
CVSS 2.0
10.0
EPSS
11.4%
CVE-2015-3183 MEDIUM PATCH This Month

The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 28.3%.

Information Disclosure Apache Http Server Apache HTTP Server
NVD GitHub
CVSS 2.0
5.0
EPSS
28.3%
CVE-2015-1935 HIGH PATCH This Week

The scalar-function implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote attackers to cause a denial of service. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

IBM RCE Denial Of Service Microsoft Db2
NVD
CVSS 2.0
8.0
EPSS
4.2%
CVE-2015-2862 MEDIUM POC This Month

Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote authenticated users. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Virtual System Administrator
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
2.8%
CVE-2014-9196 HIGH This Week

Eaton Cooper Power Systems ProView 4.0 and 5.0 before 5.0 11 on Form 6 controls and Idea and IdeaPLUS relays generates TCP initial sequence number (ISN) values linearly, which makes it easier for. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Proview
NVD
CVSS 2.0
7.6
EPSS
2.2%
CVE-2015-4279 HIGH This Week

The Manager component in Cisco Unified Computing System (UCS) 2.2(3b) on B Blade Server devices allows local users to gain privileges for executing arbitrary CLI commands by leveraging access to the. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Cisco Unified Computing System
NVD
CVSS 2.0
7.2
EPSS
0.3%
CVE-2015-2418 MEDIUM PATCH This Month

Race condition in Microsoft Malicious Software Removal Tool (MSRT) before 5.26 allows local users to gain privileges via a crafted DLL, aka "MSRT Race Condition Vulnerability.". Rated medium severity (CVSS 6.9).

Race Condition Information Disclosure Microsoft Malicious Software Removal Tool
NVD
CVSS 2.0
6.9
EPSS
1.1%
CVE-2015-0253 MEDIUM This Month

The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.6% and no vendor patch available.

Denial Of Service Apache Http Server Mac Os X Mac Os X Server +3
NVD GitHub
CVSS 2.0
5.0
EPSS
10.6%
CVE-2015-0157 MEDIUM PATCH This Month

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Microsoft Db2
NVD
CVSS 2.0
6.8
EPSS
1.5%
CVE-2015-4111 MEDIUM This Month

mc_demux_mp4_ds.ax in an unspecified third-party codec demux in BlackBerry Link before 1.2.3.53 with installer before 1.1.0.22 allows remote attackers to execute arbitrary code via a crafted MP4 file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Blackberry Link
NVD
CVSS 2.0
6.8
EPSS
1.3%
CVE-2015-3185 MEDIUM This Month

The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Apache Ubuntu Linux Http Server Xcode +3
NVD GitHub
CVSS 2.0
4.3
EPSS
9.5%
CVE-2015-1883 MEDIUM PATCH This Month

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read certain administrative files via crafted use of. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Microsoft Db2
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2014-8910 MEDIUM PATCH This Month

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary text files via a crafted XML/XSLT. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Microsoft Db2
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2015-1982 MEDIUM PATCH This Month

IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to obtain sensitive information via a crafted request, which. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Infosphere Master Data Management
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2015-1984 MEDIUM PATCH This Month

IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to bypass intended access restrictions and read arbitrary. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Infosphere Master Data Management
NVD
CVSS 2.0
4.0
EPSS
0.1%
CVE-2015-1922 LOW PATCH Monitor

The Data Movement implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to bypass intended. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Microsoft IBM Authentication Bypass Db2
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-0130 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM XSS Rational Doors Next Generation Rational Team Concert Rational Collaborative Lifecycle Management +2
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-1979 LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in the Error dialog in IBM Case Manager 5.2.1 before 5.2.1.2 allow remote authenticated users to inject arbitrary web script or HTML via crafted. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM XSS Case Manager
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-1968 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM XSS Infosphere Master Data Management
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-1980 LOW PATCH Monitor

IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM Information Disclosure Infosphere Master Data Management
NVD
CVSS 2.0
3.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy