Skip to main content
CVE-2015-6306 HIGH POC PATCH This Week

Cisco AnyConnect Secure Mobility Client 4.1(8) on OS X and Linux does not verify pathnames before installation actions, which allows local users to obtain root privileges via a crafted installation. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available.

Cisco Privilege Escalation Anyconnect Secure Mobility Client
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
3.5%
CVE-2015-6305 HIGH POC This Week

Untrusted search path vulnerability in the CMainThread::launchDownloader function in vpndownloader.exe in Cisco AnyConnect Secure Mobility Client 2.0 through 4.1 on Windows allows local users to gain. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Cisco Information Disclosure Microsoft Anyconnect Secure Mobility Client
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
2.0%
CVE-2015-6282 HIGH This Week

Cisco IOS XE 2.x and 3.x before 3.10.6S, 3.11.xS through 3.13.xS before 3.13.3S, and 3.14.xS through 3.15.xS before 3.15.1S allows remote attackers to cause a denial of service (device reload) via. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xe
NVD
CVSS 2.0
7.8
EPSS
0.4%
CVE-2015-6468 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Resource Data Management Data Manager before 2.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Data Manager
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-4542 MEDIUM This Month

EMC RSA Archer GRC 5.x before 5.5.3 allows remote authenticated users to bypass intended access restrictions, and read or modify Discussion Forum Fields messages, via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Rsa Archer Grc
NVD
CVSS 2.0
6.5
EPSS
0.1%
CVE-2015-6470 MEDIUM This Month

Resource Data Management Data Manager before 2.2 allows remote authenticated users to modify arbitrary passwords via unspecified vectors. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Data Manager
NVD
CVSS 2.0
5.5
EPSS
0.3%
CVE-2015-6454 MEDIUM This Month

Everest PeakHMI before 8.7.0.2, when the video server is used, allows remote attackers to cause a denial of service (incorrect pointer dereference and daemon crash) via a crafted packet. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Peakhmi
NVD
CVSS 2.0
5.0
EPSS
1.1%
CVE-2015-6474 MEDIUM This Month

IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers to discover cleartext passwords by reading HTML source code. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Danfoss Tlx Pro Servemaster Tlp
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2015-6469 MEDIUM This Month

The interpreter in IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allows remote attackers to discover script source code via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Danfoss Tlx Pro Servemaster Tlp
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2015-6302 MEDIUM This Month

The RADIUS functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.0(250.0) and 7.0(252.0) allows remote attackers to disconnect arbitrary sessions via crafted Disconnect-Request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Wireless Lan Controller Software
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2015-6475 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Danfoss Tlx Pro Servemaster Tlp
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-4539 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Identity Management & Governance (IMG) before 7.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Rsa Identity Management And Governance
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-4543 MEDIUM This Month

EMC RSA Archer GRC 5.x before 5.5.3 uses cleartext for stored passwords in unspecified circumstances, which allows remote authenticated users to obtain sensitive information by reading database. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rsa Archer Grc
NVD
CVSS 2.0
4.0
EPSS
0.5%
CVE-2015-4541 LOW Monitor

Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.5.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Rsa Archer Grc
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2015-4540 LOW Monitor

Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Identity Management & Governance (IMG) before 6.8.1 P18 and 6.9.x before 6.9.1 P6 allow remote authenticated users to inject arbitrary. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Rsa Identity Management And Governance
NVD
CVSS 2.0
3.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy