Skip to main content
CVE-2015-1486 HIGH POC THREAT Act Now

The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 78.5%.

Authentication Bypass Endpoint Protection Manager
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
78.5%
Threat
5.4
CVE-2015-1489 HIGH POC THREAT Act Now

The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 60.8%.

Privilege Escalation Endpoint Protection Manager
NVD Exploit-DB
CVSS 2.0
8.5
EPSS
60.8%
Threat
5.0
CVE-2015-1487 MEDIUM POC THREAT This Month

The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files, and consequently obtain administrator. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 51.2%.

Information Disclosure Endpoint Protection Manager
NVD Exploit-DB
CVSS 2.0
5.5
EPSS
51.2%
Threat
4.1
CVE-2015-1492 HIGH This Week

Untrusted search path vulnerability in the client in Symantec Endpoint Protection 12.1 before 12.1-RU6-MP1 allows local users to gain privileges via a Trojan horse DLL in a client install package. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Endpoint Protection Manager
NVD
CVSS 2.0
8.5
EPSS
0.8%
CVE-2015-4291 HIGH This Week

Cisco IOS XE 2.x before 2.4.3 and 2.5.x before 2.5.1 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted series of fragmented. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xe
NVD
CVSS 2.0
7.8
EPSS
0.4%
CVE-2015-5618 HIGH This Week

Chiyu BF-630 and BF-630W fingerprint access-control devices allow remote attackers to bypass authentication and (1) read or (2) modify (a) Voice Time Set configuration settings via a request to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Bf 630 Bf 630W
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2015-2871 HIGH This Week

Chiyu BF-660C fingerprint access-control devices allow remote attackers to bypass authentication and (1) read or (2) modify communication configuration settings via a request to net.htm, a different. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Bf 660C
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2015-4289 MEDIUM This Month

Directory traversal vulnerability in Cisco AnyConnect Secure Mobility Client 4.0(2049) allows remote head-end systems to write to arbitrary files via a crafted configuration attribute, aka Bug ID. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cisco Anyconnect Secure Mobility Client
NVD
CVSS 2.0
6.4
EPSS
0.5%
CVE-2015-1491 MEDIUM This Month

SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to execute arbitrary SQL commands via. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

SQLi Endpoint Protection Manager
NVD
CVSS 2.0
6.0
EPSS
1.0%
CVE-2015-2890 MEDIUM This Month

The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21 does not enforce a. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Bios
NVD
CVSS 3.1
6.0
EPSS
0.3%
CVE-2015-1490 MEDIUM This Month

Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via a. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Endpoint Protection Manager
NVD
CVSS 2.0
5.5
EPSS
2.3%
CVE-2015-2870 MEDIUM This Month

Cross-site scripting (XSS) vulnerability on Chiyu BF-630, BF-630W, and BF-660C fingerprint access-control devices allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Bf 630 Bf 630W Bf 660C
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2015-4292 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the management interface in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(2) allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Prime Central For Hosted Collaboration Solution Assurance
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-4294 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cisco IM and Presence Service before 10.5 MR1 allows remote attackers to inject arbitrary web script or HTML by constructing a crafted URL that leverages. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Unified Communications Manager Im And Presence Service
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-1488 MEDIUM This Month

An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via unknown. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Protection Manager
NVD
CVSS 2.0
4.0
EPSS
0.5%
CVE-2015-4295 MEDIUM This Month

The Prime Collaboration Deployment component in Cisco Unified Communications Manager 10.5(3.10000.9) allows remote authenticated users to discover root credentials via a direct request to an. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Unified Communications Manager
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2015-1904 LOW PATCH Monitor

IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0, when external Enterprise Content Management (ECM) integration is. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM Privilege Escalation Business Process Manager
NVD
CVSS 2.0
3.5
EPSS
0.1%
CVE-2015-1009 LOW Monitor

Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local. Rated low severity (CVSS 1.7), this vulnerability is low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure Web Studio Intouch
NVD
CVSS 2.0
1.7
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy