Skip to main content
CVE-2015-0537 CRITICAL Act Now

Integer underflow in the base64-decoding implementation in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-C Micro Edition (Crypto-C ME) before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Buffer Overflow Bsafe Bsafe Crypto C +1
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2015-4533 CRITICAL Act Now

EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization after creation of an object, which allows. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Privilege Escalation Documentum Content Server
NVD
CVSS 2.0
9.0
EPSS
3.3%
CVE-2015-4534 CRITICAL Act Now

Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 allows remote authenticated users to execute. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Java Documentum Content Server
NVD
CVSS 2.0
9.0
EPSS
2.3%
CVE-2015-4532 CRITICAL Act Now

EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization and does not properly restrict object. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Privilege Escalation Documentum Content Server
NVD
CVSS 2.0
9.0
EPSS
2.2%
CVE-2015-4531 CRITICAL Act Now

EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization for subgroups of privileged groups, which. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Documentum Content Server
NVD
CVSS 2.0
9.0
EPSS
0.3%
CVE-2015-3219 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Debian Linux Horizon Solaris
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-6529 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in phpipam 1.1.010 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter to site/error.php or (2) ip. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Phpipam
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-6530 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in OpenText Secure MFT 2013 before 2013 R3 P6 and 2014 before 2014 R2 P2 allows remote attackers to inject arbitrary web script or HTML via the querytext. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Secure Mft 2013 Secure Mft 2014
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-6528 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Coppermine Photo Gallery
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-0536 HIGH This Week

EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier, when client authentication and an ephemeral Diffie-Hellman ciphersuite are. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bsafe Bsafe Ssl C
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2015-0534 HIGH This Week

EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2, RSA BSAFE SSL-J before 6.2, and RSA BSAFE SSL-C 2.8.9 and earlier do not enforce. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bsafe Bsafe Ssl C Bsafe Ssl J
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2015-4535 HIGH This Week

Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02, when __debug_trace__ is configured, allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Java Documentum Content Server
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2015-0535 HIGH This Week

EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier do not properly restrict TLS state transitions, which makes it easier for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bsafe Bsafe Ssl C
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2015-0533 HIGH This Week

EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier allow remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bsafe Bsafe Ssl C
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2015-4327 HIGH This Week

The CLI in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to obtain root privileges by writing script arguments to an unspecified file, aka Bug ID CSCuv12542. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Telepresence Video Communication Server Software
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2015-0542 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in EMC RSA Archer GRC 5.5 SP1 before P3 allow remote attackers to hijack the authentication of arbitrary users. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Rsa Archer Egrc
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-4530 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Documentum Administrator Documentum Digital Asset Manager Documentum Taskspace Documentum Web Publisher +1
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-4303 MEDIUM This Month

Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary commands in the context of the nobody user account via an unspecified web-page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Telepresence Video Communication Server Software
NVD
CVSS 2.0
6.5
EPSS
0.6%
CVE-2015-4329 MEDIUM This Month

The administrator web interface in Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, aka Bug ID. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Telepresence Video Communication Server Software
NVD
CVSS 2.0
6.5
EPSS
0.5%
CVE-2015-4319 MEDIUM This Month

The password-change feature in the administrative web interface in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 improperly performs authorization, which allows remote. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Telepresence Video Communication Server Software
NVD
CVSS 2.0
5.5
EPSS
0.6%
CVE-2015-4316 MEDIUM This Month

The Mobile and Remote Access (MRA) endpoint-validation feature in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly validates the phone line used for registration,. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Telepresence Video Communication Server Software
NVD
CVSS 2.0
5.5
EPSS
0.5%
CVE-2015-4315 MEDIUM This Month

The Call Policy Configuration page in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.3 improperly validates external DTDs, which allows remote authenticated users to read. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Telepresence Video Communication Server Software
NVD
CVSS 2.0
5.5
EPSS
0.5%
CVE-2015-4317 MEDIUM This Month

Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote attackers to cause a denial of service via invalid variables in an authentication packet, aka Bug ID CSCuv40469. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Telepresence Video Communication Server Software
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2015-4318 MEDIUM This Month

Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote attackers to cause a denial of service via invalid variables in a GET request, aka Bug ID CSCuv40528. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Telepresence Video Communication Server Software
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2015-4321 MEDIUM This Month

The Unicast Reverse Path Forwarding (uRPF) implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(1.50), 9.3(2.100), 9.3(3), and 9.4(1) mishandles cases where an IP address belongs to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Adaptive Security Appliance Software
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-4328 MEDIUM This Month

Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly checks for a user account's read-only attribute, which allows remote authenticated users to execute arbitrary OS. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Telepresence Video Communication Server Software
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2015-4320 MEDIUM This Month

The Configuration Log File component in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to obtain sensitive information by reading a log file,. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Telepresence Video Communication Server Software
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2015-4314 MEDIUM This Month

The System Snapshot feature in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 allows remote authenticated users to obtain sensitive password-hash information by reading the. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Telepresence Video Communication Server Software
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2015-4536 LOW Monitor

EMC Documentum Content Server before 7.0 P20, 7.1 before P18, and 7.2 before P02, when RPC tracing is configured, stores certain obfuscated password data in a log file, which allows remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Documentum Content Server
NVD
CVSS 2.0
3.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy