Skip to main content
CVE-2015-7986 HIGH POC THREAT Act Now

The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTTP request, aka SAP Security Note. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 27.3%.

Denial Of Service RCE SAP Buffer Overflow Hana
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
27.3%
CVE-2015-5188 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the Web Console (web-console) in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) before. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF File Upload Red Hat Jboss Enterprise Application Platform Jboss Wildfly Application Server
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2015-5220 MEDIUM PATCH This Month

The Web Console in Red Hat Enterprise Application Platform (EAP) before 6.4.4 and WildFly (formerly JBoss Application Server) allows remote attackers to cause a denial of service (memory consumption). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Red Hat Buffer Overflow Jboss Enterprise Application Platform Jboss Wildfly Application Server
NVD
CVSS 2.0
5.0
EPSS
1.5%
CVE-2015-5665 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.3 allows remote attackers to hijack the authentication of arbitrary users for requests that write to PHP scripts,. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. No vendor patch available.

CSRF PHP Ec Cube
NVD
CVSS 2.0
5.1
EPSS
0.1%
CVE-2015-6340 MEDIUM This Month

The Proxy Mobile IPv6 (PMIPv6) component in the CDMA implementation on Cisco ASR 5000 devices with software 19.0.M0.60737 allows remote attackers to cause a denial of service (hamgr process restart). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Buffer Overflow Asr 5000 Software
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2015-5262 MEDIUM PATCH This Month

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Java Apache Ubuntu Linux Fedora +1
NVD
CVSS 2.0
4.3
EPSS
1.6%
CVE-2015-5178 MEDIUM This Month

The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) does not send an X-Frame-Options HTTP header, which makes it easier for. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Information Disclosure Jboss Wildfly Application Server Jboss Enterprise Application Platform
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-3996 MEDIUM This Month

The default AFSecurityPolicy.validatesDomainName configuration for AFSSLPinningModeNone in the AFNetworking framework before 2.5.3, as used in the ownCloud iOS Library, disables verification of a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Afnetworking
NVD GitHub
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-5240 LOW PATCH Monitor

Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Race Condition Authentication Bypass Neutron
NVD VulDB
CVSS 2.0
3.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy