Skip to main content
CVE-2015-2342 CRITICAL POC PATCH THREAT Act Now

The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 92.0%.

RCE VMware Vcenter Server
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
92.0%
Threat
6.3
CVE-2015-5646 HIGH PATCH This Week

Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE PHP Code Injection Garoon
NVD
CVSS 2.0
8.5
EPSS
0.7%
CVE-2015-5647 HIGH This Week

The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-866. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

RCE PHP Code Injection Garoon
NVD
CVSS 2.0
8.5
EPSS
0.7%
CVE-2015-1304 HIGH This Week

object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome
NVD
CVSS 2.0
7.5
EPSS
1.9%
CVE-2015-1303 HIGH This Week

bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome
NVD
CVSS 2.0
7.5
EPSS
1.3%
CVE-2015-4548 HIGH This Week

EMC RSA Web Threat Detection before 5.1 SP1 allows local users to obtain root privileges by leveraging access to a service account and writing commands to a service configuration file. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Web Threat Detection
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2015-6318 MEDIUM This Month

Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 and X8.5.2 allows local users to write to arbitrary files via an unspecified symlink attack, aka Bug ID CSCuv11969. Rated medium severity (CVSS 6.9). No vendor patch available.

Cisco Information Disclosure Telepresence Video Communication Server Software
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2015-4325 MEDIUM This Month

The process-management implementation in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges by terminating a firestarter.py supervised process. Rated medium severity (CVSS 6.9). No vendor patch available.

Cisco Privilege Escalation Telepresence Video Communication Server Software
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2015-6322 MEDIUM This Month

The IPC channel in Cisco AnyConnect Secure Mobility Client 2.0.0343 through 4.1(8) allows local users to bypass intended access restrictions and move arbitrary files by leveraging the lack of. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Anyconnect Secure Mobility Client
NVD
CVSS 2.0
6.6
EPSS
0.1%
CVE-2015-6329 MEDIUM This Month

SQL injection vulnerability in Cisco Prime Collaboration Provisioning 10.6 and 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut64074. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Prime Collaboration Provisioning
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2015-6331 MEDIUM This Month

SQL injection vulnerability in the web framework in Cisco Prime Collaboration Assurance 10.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Prime Collaboration Assurance
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2015-6263 MEDIUM This Month

The RADIUS client implementation in Cisco IOS 15.4(3)M2.2, when a shared RADIUS secret is configured, allows remote RADIUS servers to cause a denial of service (device reload) via malformed answers,. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD
CVSS 2.0
6.3
EPSS
0.3%
CVE-2015-1047 MEDIUM PATCH This Month

vpxd in VMware vCenter Server 5.0 before u3e, 5.1 before u3, and 5.5 before u2 allows remote attackers to cause a denial of service via a long heartbeat message. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service VMware Vcenter Server
NVD
CVSS 2.0
5.0
EPSS
2.9%
CVE-2015-4265 MEDIUM This Month

Cisco Unified Computing System (UCS) B Blade Server Software 2.2.x before 2.2.6 allows local users to cause a denial of service (host OS or BMC hang) by sending crafted packets over the Inter-IC. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Cisco Denial Of Service Ucs B Series Blade Server Software
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2015-4547 MEDIUM This Month

EMC RSA Web Threat Detection before 5.1 SP1 stores a cleartext AnnoDB password in a configuration file, which allows remote authenticated users to obtain sensitive information by reading this file. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Web Threat Detection
NVD
CVSS 2.0
4.0
EPSS
0.5%
CVE-2015-5443 MEDIUM This Month

HP 3PAR Service Processor SP 4.2.0.GA-29 (GA) SPOCC, SP 4.3.0.GA-17 (GA) SPOCC, and SP 4.3.0-GA-24 (MU1) SPOCC allows remote authenticated users to obtain sensitive information via unspecified. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure 3Par Service Processor Sp
NVD
CVSS 2.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy