Skip to main content
CVE-2015-3224 MEDIUM POC PATCH THREAT This Month

request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 85.3%.

Authentication Bypass Web Console
NVD GitHub Exploit-DB
CVSS 2.0
4.3
EPSS
85.3%
Threat
4.9
CVE-2015-1840 MEDIUM POC PATCH This Month

jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

CSRF Information Disclosure Fedora Jquery Rails Jquery Ujs +1
NVD GitHub
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-3225 MEDIUM PATCH This Month

lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.3%.

Denial Of Service Rack Opensuse Debian Linux
NVD GitHub
CVSS 2.0
5.0
EPSS
13.3%
CVE-2015-1872 MEDIUM This Month

The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Buffer Overflow Ubuntu Linux Ffmpeg
NVD
CVSS 2.0
6.8
EPSS
0.7%
CVE-2015-2848 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo Touch before 5.2.19.0_VA allows remote attackers to hijack the authentication of arbitrary users for requests associated with. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Honeywell Tuxedo Touch
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-3227 MEDIUM PATCH This Month

The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Opensuse Rails
NVD
CVSS 2.0
5.0
EPSS
2.7%
CVE-2015-2847 MEDIUM This Month

Honeywell Tuxedo Touch before 5.2.19.0_VA relies on client-side authentication involving JavaScript, which allows remote attackers to bypass intended access restrictions by removing USERACCT requests. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Honeywell Authentication Bypass Tuxedo Touch
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-2975 MEDIUM PATCH This Month

Research Artisan Lite before 1.18 does not ensure that a user has authenticated, which allows remote attackers to perform unspecified actions via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Research Artisan Lite
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-4945 MEDIUM PATCH This Month

Unspecified vulnerability in the IBM Maximo Anywhere application 7.5.1 through 7.5.1.2 for Android allows attackers to bypass a passcode protection mechanism and obtain sensitive information via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Google Information Disclosure Maximo Anywhere
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-3226 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Rails Ruby On Rails
NVD
CVSS 2.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy