Skip to main content
CVE-2015-6607 MEDIUM CISA This Month

SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Google Sqlite
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2014-9751 MEDIUM PATCH This Month

The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Ntp Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Workstation +2
NVD
CVSS 2.0
6.8
EPSS
4.8%
CVE-2015-5644 MEDIUM This Month

The installer in ICZ MATCHA SNS before 1.3.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE PHP Code Injection Matchasns
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2015-5643 MEDIUM This Month

The installer in ICZ MATCHA INVOICE before 2.5.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE PHP Code Injection Matchasns
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2014-9750 MEDIUM PATCH This Month

ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Denial Of Service Ntp Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Workstation +2
NVD
CVSS 2.0
5.8
EPSS
4.4%
CVE-2015-5645 MEDIUM This Month

ICZ MATCHA SNS before 1.3.7 allows remote authenticated users to obtain administrative privileges via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Matchasns
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2015-5640 MEDIUM PATCH This Month

baserCMS before 3.0.8 allows remote authenticated users to modify arbitrary user settings via a crafted request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Basercms
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2015-5642 MEDIUM This Month

Multiple SQL injection vulnerabilities in ICZ MATCHA INVOICE before 2.5.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Matchasns
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2015-5641 MEDIUM This Month

SQL injection vulnerability in baserCMS before 3.0.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Basercms
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2015-4967 MEDIUM PATCH This Month

SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM SQLi Change And Configuration Management Database Maximo Asset Management Maximo Asset Management Essentials +10
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2015-3847 MEDIUM This Month

Bluetooth in Android before 5.1.1 LMY48T allows attackers to remove stored SMS messages via a crafted application, aka internal bug 22343270. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 2.0
6.4
EPSS
0.1%
CVE-2015-4964 MEDIUM PATCH This Month

IBM UrbanCode Deploy 6.0 and 6.0.1.x before 6.0.1.10, 6.1.1.x before 6.1.1.8, and 6.1.2 writes admin AUTH_TOKEN values to execution logs, which allows remote authenticated users to gain privileges by. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

IBM Privilege Escalation Urbancode Deploy
NVD
CVSS 2.0
6.0
EPSS
1.8%
CVE-2015-5650 MEDIUM This Month

Directory traversal vulnerability in AjaXplorer 2.0 allows remote attackers to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ajaxplorer
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-7718 MEDIUM This Month

mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22278703, a different. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Android
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2015-3862 MEDIUM This Month

mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22954006. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Android
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2015-6605 MEDIUM This Month

mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bugs 20915134 and 23142203, a different vulnerability. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Android
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2015-3878 MEDIUM This Month

Media Projection in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to bypass an intended screen-recording warning feature and obtain sensitive screen-snapshot information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 2.0
4.3
EPSS
1.1%
CVE-2015-7314 MEDIUM PATCH This Month

The Precious module in gollum before 4.0.1 allows remote attackers to read arbitrary files by leveraging the lack of a certain temporary-file check. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Gollum
NVD GitHub
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-4973 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.3_2 allows remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS B2B Advanced Communications
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-4939 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in IBM Emptoris Supplier Lifecycle Management and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Emptoris Program Management Emptoris Supplier Lifecycle Management Emptoris Strategic Supply Management
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-5022 MEDIUM PATCH This Month

IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.3_2, when access by guests is enabled, place an internal hostname and a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure B2B Advanced Communications
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-5024 MEDIUM PATCH This Month

IBM Emptoris Sourcing 10.0.2.0 before iFix6, 10.0.2.2 before iFix11, 10.0.2.3, 10.0.2.5 before iFix4, 10.0.2.6 before iFix8, 10.0.2.7 before iFix1, and 10.0.4.x before iFix2 allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Emptoris Sourcing
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2015-4965 MEDIUM This Month

maximouiweb/webmodule/webclient/utility/merlin.jsp in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Change And Configuration Management Database Maximo Asset Management Maximo Asset Management Essentials +10
NVD
CVSS 2.0
4.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy