Skip to main content
CVE-2015-2908 CRITICAL Act Now

Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, do not validate firmware updates, which allows remote attackers to execute. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE C4 Obd Ii Dongle Firmware
NVD
CVSS 2.0
9.0
EPSS
0.4%
CVE-2015-2907 CRITICAL Act Now

Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure C4 Obd Ii Dongle Firmware
NVD
CVSS 2.0
9.0
EPSS
0.4%
CVE-2015-2906 CRITICAL Act Now

Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, store SSH private keys that are the same across different customers'. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure C4 Obd Ii Dongle Firmware
NVD
CVSS 2.0
9.0
EPSS
0.4%
CVE-2015-2904 HIGH This Week

Actiontec GT784WN modems with firmware before NCS01-1.0.13 have hardcoded credentials, which makes it easier for remote attackers to obtain root access by connecting to the web administration. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ncs01 Firmware
NVD
CVSS 2.0
8.3
EPSS
0.3%
CVE-2015-1992 HIGH This Week

IBM Systems Director 5.2.x, 6.1.x, 6.2.0.x, 6.2.1.x, 6.3.0.0, 6.3.1.x, 6.3.2.x, 6.3.3.x, 6.3.5.0, and 6.3.6.0 improperly processes events, which allows local users to gain privileges via unspecified. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Systems Director
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2015-2905 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability on Actiontec GT784WN modems with firmware before NCS01-1.0.13 allows remote attackers to hijack the authentication or intranet connectivity of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Ncs01 Firmware
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-2873 MEDIUM PATCH This Month

Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Trend Micro Information Disclosure Deep Discovery Inspector
NVD
CVSS 2.0
5.5
EPSS
2.5%
CVE-2015-2014 MEDIUM PATCH This Month

Open redirect vulnerability in the web server in IBM Domino 8.5 before 8.5.3 FP6 IF9 and 9.0 before 9.0.1 FP4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

IBM XSS Open Redirect Domino
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2015-2872 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS PHP Trend Micro Deep Discovery Inspector
NVD
CVSS 2.0
4.3
EPSS
2.6%
CVE-2015-2015 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in pubnames.ntf (aka the Directory template) in the web server in IBM Domino before 9.0.0 allows remote attackers to inject arbitrary web script or HTML via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Domino
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-4950 MEDIUM PATCH This Month

The mailbox-restore feature in IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 6.1 before 6.1.3.6, 6.3 before 6.3.1.3, 6.4 before 6.4.1.4, and 7.1 before 7.1.0.2;. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Microsoft Tivoli Storage Fastback For Microsoft Exchange Tivoli Storage Flashcopy Manager For Microsoft Exchange Server +1
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2015-2018 LOW PATCH Monitor

IBM Integration Bus 9 and 10 before 10.0.0.1 and WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.7 do not ensure that the correct security profile is selected, which allows remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Integration Bus Websphere Message Broker
NVD
CVSS 2.0
3.5
EPSS
0.1%
CVE-2015-4949 LOW PATCH Monitor

IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 7.1 before 7.1.2, Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 7.1 before 7.1.2,. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Microsoft Tivoli Storage Flashcopy Manager Tivoli Storage Manager For Databases Data Protection For Microsoft Sql Server +1
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-6557 LOW PATCH Monitor

IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 5.5 before 5.5.6.1, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; Tivoli Storage Manager for Mail:. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Microsoft Tivoli Storage Flashcopy Manager Tivoli Storage Manager For Databases Data Protection For Microsoft Sql Server +1
NVD
CVSS 2.0
2.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy