Skip to main content
CVE-2015-5600 HIGH POC THREAT Act Now

The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 73.6%.

Denial Of Service SSH Privilege Escalation
NVD VulDB
CVSS 3.1
8.1
EPSS
73.6%
Threat
5.3
CVE-2015-4932 CRITICAL PATCH Act Now

Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 23.3%.

IBM RCE Buffer Overflow Tivoli Storage Manager Fastback
NVD
CVSS 2.0
10.0
EPSS
23.3%
CVE-2015-4931 CRITICAL PATCH Act Now

Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 23.3%.

IBM RCE Buffer Overflow Tivoli Storage Manager Fastback
NVD
CVSS 2.0
10.0
EPSS
23.3%
CVE-2015-4935 CRITICAL PATCH Act Now

Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 23.1%.

IBM RCE Buffer Overflow Tivoli Storage Manager Fastback
NVD
CVSS 2.0
10.0
EPSS
23.1%
CVE-2015-4934 CRITICAL PATCH Act Now

Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 23.1%.

IBM RCE Buffer Overflow Tivoli Storage Manager Fastback
NVD
CVSS 2.0
10.0
EPSS
23.1%
CVE-2015-4933 CRITICAL PATCH Act Now

Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 23.1%.

IBM RCE Buffer Overflow Tivoli Storage Manager Fastback
NVD
CVSS 2.0
10.0
EPSS
23.1%
CVE-2015-5623 MEDIUM PATCH This Month

WordPress before 4.2.3 does not properly verify the edit_posts capability, which allows remote authenticated users to bypass intended access restrictions and create drafts by leveraging the. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 48.4%.

WordPress PHP Authentication Bypass Debian Linux
NVD
CVSS 2.0
4.0
EPSS
48.4%
CVE-2015-3440 MEDIUM POC PATCH THREAT This Month

Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 14.4%.

XSS WordPress PHP Debian Linux
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
14.4%
CVE-2015-1987 HIGH This Week

IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (disk consumption) via a crafted byte sequence in authentication data, a different vulnerability than CVE-2015-1956. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Websphere Mq Light
NVD
CVSS 2.0
7.8
EPSS
1.0%
CVE-2015-1958 HIGH This Week

IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (disk consumption) via a crafted byte sequence in authentication data, a different vulnerability than CVE-2015-1956. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Websphere Mq Light
NVD
CVSS 2.0
7.8
EPSS
1.0%
CVE-2015-1956 HIGH This Week

IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (disk consumption) via a crafted byte sequence in authentication data, a different vulnerability than CVE-2015-1958. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Websphere Mq Light
NVD
CVSS 2.0
7.8
EPSS
1.0%
CVE-2015-1955 HIGH This Week

IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (CPU consumption) via a crafted byte sequence in authentication data. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Websphere Mq Light
NVD
CVSS 2.0
7.8
EPSS
1.0%
CVE-2015-5352 MEDIUM This Month

The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

SSH Privilege Escalation Openssh
NVD
CVSS 2.0
4.3
EPSS
5.4%
CVE-2015-4936 MEDIUM PATCH This Month

Unspecified vulnerability in IBM WebSphere eXtreme Scale 8.6 through 8.6.0.8 allows remote attackers to cause a denial of service via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Websphere Extreme Scale
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2015-5537 MEDIUM PATCH This Month

The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Siemens Information Disclosure Oracle Ruggedcom Rox Ii Firmware Ruggedcom Rugged Operating System
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-5622 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in WordPress before 4.2.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS WordPress PHP Debian Linux
NVD
CVSS 2.0
3.5
EPSS
1.0%
CVE-2015-5084 LOW PATCH Monitor

The Siemens SIMATIC WinCC Sm@rtClient and Sm@rtClient Lite applications before 01.00.01.00 for Android do not properly store passwords, which allows physically proximate attackers to obtain sensitive. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure Siemens Simatic Wincc Sm Rtclient Simatic Wincc Sm Rtclient Lite
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-1970 LOW PATCH Monitor

The IBM WebSphere DataPower XC10 appliance 2.1 through 2.1.0.3 and 2.5 through 2.5.0.4 retains data on SSD cards, which might allow physically proximate attackers to obtain sensitive information by. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Websphere Datapower Xc10 Appliance Firmware
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy