Skip to main content
CVE-2015-5014 CRITICAL PATCH Act Now

IBM Cognos Disclosure Management (CDM) 10.1.x and 10.2.x before 10.2.4 IF10 allows man-in-the-middle attackers to obtain access by spoofing an executable file during a client upload operation. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.

IBM Information Disclosure Cognos Disclosure Management
NVD
CVSS 2.0
9.3
EPSS
0.5%
CVE-2015-7699 CRITICAL Act Now

The files_external app in ownCloud Server before 7.0.9, 8.0.x before 8.0.7, and 8.1.x before 8.1.2 allows remote authenticated users to instantiate arbitrary classes and possibly execute arbitrary. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Owncloud Server
NVD GitHub
CVSS 2.0
9.0
EPSS
1.8%
CVE-2015-5289 MEDIUM This Month

Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow PostgreSQL Debian Linux Ubuntu Linux
NVD
CVSS 2.0
6.4
EPSS
10.0%
CVE-2015-5288 MEDIUM This Month

The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure PostgreSQL
NVD
CVSS 2.0
6.4
EPSS
8.9%
CVE-2015-6500 HIGH This Week

Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service (CPU. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Denial Of Service PHP Owncloud Server
NVD
CVSS 2.0
7.5
EPSS
0.9%
CVE-2015-7673 MEDIUM PATCH This Month

io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service RCE Buffer Overflow Opensuse Gdk Pixbuf
NVD
CVSS 2.0
6.8
EPSS
2.4%
CVE-2015-4974 HIGH PATCH This Week

IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain root privileges for command execution via. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

IBM Command Injection General Parallel File System Spectrum Scale
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2015-7674 MEDIUM PATCH This Month

Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service RCE Buffer Overflow Ubuntu Linux Gdk Pixbuf +1
NVD
CVSS 2.0
6.8
EPSS
1.6%
CVE-2015-3280 MEDIUM PATCH This Month

OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Nova
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2015-5286 MEDIUM PATCH This Month

OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Privilege Escalation Image Registry And Delivery Service Glance
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2014-8242 MEDIUM PATCH This Month

librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Information Disclosure Librsync
NVD GitHub
CVSS 2.0
5.8
EPSS
2.3%
CVE-2015-5251 MEDIUM PATCH This Month

OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Image Registry And Delivery Service Glance
NVD
CVSS 2.0
5.5
EPSS
0.2%
CVE-2015-5223 MEDIUM PATCH This Month

OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Swift
NVD
CVSS 2.0
5.0
EPSS
1.1%
CVE-2015-7298 MEDIUM This Month

ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Owncloud Desktop Client Qt
NVD
CVSS 2.0
5.1
EPSS
0.2%
CVE-2015-3255 MEDIUM This Month

The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Polkit
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2015-4625 MEDIUM This Month

Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Fedora Opensuse Polkit
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2015-3256 MEDIUM This Month

PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Buffer Overflow Polkit Opensuse
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2015-6670 MEDIUM This Month

ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1.1 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Owncloud Server
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2015-7881 LOW PATCH Monitor

The Colorbox module 7.x-2.x before 7.x-2.10 for Drupal allows remote authenticated users with certain permissions to bypass intended access restrictions and "add unexpected content to a Colorbox" via. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Authentication Bypass Colorbox
NVD
CVSS 2.0
3.5
EPSS
0.1%
CVE-2015-5011 LOW PATCH Monitor

IBM WebSphere Message Broker 8 before 8.0.0.6 and Integration Bus 9 before 9.0.0.4 do not check authorization for MQSISTARTMSGFLOW and MQSISTOPMSGFLOW commands, which allows local users to bypass. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

IBM Command Injection Websphere Message Broker Integration Bus
NVD
CVSS 2.0
3.2
EPSS
0.1%
CVE-2015-4456 LOW Monitor

ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which allows man-in-the-middle attackers to bypass the user's certificate. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Owncloud Desktop Client
NVD GitHub
CVSS 2.0
2.6
EPSS
0.2%
CVE-2015-3218 LOW Monitor

The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Polkit
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-5448 LOW PATCH Monitor

HP Asset Manager 9.40 and 9.41 before 9.41.11103 P4-rev1 and 9.50 before 9.50.11925 P3 allows local users to obtain sensitive information via unspecified vectors. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

HP Information Disclosure Asset Manager
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-4981 LOW PATCH Monitor

IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain sensitive information from system memory. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure General Parallel File System Spectrum Scale
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy