Skip to main content
CVE-2015-2901 MEDIUM This Month

Multiple stack-based buffer overflows in Medicomp MEDCIN Engine 2.22.20142.166 might allow remote attackers to execute arbitrary code via a crafted packet on port 8190, related to (1) the GetProperty. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 23.3% and no vendor patch available.

RCE Buffer Overflow Medcin Engine
NVD
CVSS 2.0
6.8
EPSS
23.3%
CVE-2015-2898 MEDIUM This Month

Multiple stack-based buffer overflows in Medicomp MEDCIN Engine before 2.22.20153.226 might allow remote attackers to execute arbitrary code via a crafted packet on port 8190, related to (1) the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 23.3% and no vendor patch available.

RCE Buffer Overflow Medcin Engine
NVD
CVSS 2.0
6.8
EPSS
23.3%
CVE-2015-2900 MEDIUM This Month

The AddUserFinding add_userfinding2 function in Medicomp MEDCIN Engine before 2.22.20153.226 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 18.3% and no vendor patch available.

Denial Of Service Buffer Overflow Medcin Engine
NVD
CVSS 2.0
6.8
EPSS
18.3%
CVE-2015-5285 MEDIUM POC PATCH This Month

CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection Kallithea
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
5.3%
CVE-2015-2899 MEDIUM This Month

Heap-based buffer overflow in the QualifierList retrieve_qualifier_list function in Medicomp MEDCIN Engine before 2.22.20153.226 might allow remote attackers to execute arbitrary code via a long list. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Buffer Overflow Medcin Engine
NVD
CVSS 2.0
6.8
EPSS
6.9%
CVE-2015-5292 MEDIUM This Month

Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Sssd
NVD
CVSS 2.0
6.8
EPSS
2.7%
CVE-2015-4997 MEDIUM PATCH This Month

IBM WebSphere Portal 8.5.0 before CF08 allows remote attackers to bypass intended access restrictions via a crafted request. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

IBM Privilege Escalation Websphere Portal
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2015-5669 MEDIUM This Month

Techno Project Japan Enisys Gw before 1.4.1 allows remote authenticated users to write to arbitrary files and consequently execute arbitrary code via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Enisys Gw
NVD
CVSS 2.0
6.5
EPSS
1.3%
CVE-2015-7713 MEDIUM PATCH This Month

OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nova
NVD
CVSS 2.0
5.0
EPSS
1.5%
CVE-2015-5955 MEDIUM This Month

ownCloud iOS app before 3.4.4 does not properly switch state between multiple instances, which might allow remote instance administrators to obtain sensitive credential and cookie information by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Owncloud Client
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-5671 MEDIUM This Month

Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to bypass intended access restrictions and read arbitrary uploaded files via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Enisys Gw
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-7859 MEDIUM This Month

The com_contenthistory component in Joomla!. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-7899 MEDIUM This Month

The com_content component in Joomla!. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Joomla
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2015-5670 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Enisys Gw
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy