Skip to main content
CVE-2015-2023 HIGH POC This Week

Buffer overflow in IBM i Access 7.1 on Windows allows local users to gain privileges via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

IBM Buffer Overflow Microsoft I Access
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.2%
CVE-2015-7407 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Lotus Mashups in IBM Mashup Center 3.0.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS CSRF Mashups Center
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2015-7429 HIGH This Week

The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.4 and. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure VMware Spectrum Protect For Virtual Environments Spectrum Protect Snapshot
NVD
CVSS 3.0
8.5
EPSS
0.3%
CVE-2015-7430 HIGH This Week

The Hadoop connector 1.1.1, 2.4, 2.5, and 2.7.0-0 before 2.7.0-3 for IBM Spectrum Scale and General Parallel File System (GPFS) allows local users to read or write to arbitrary GPFS data via. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Privilege Escalation Hadoop
NVD
CVSS 3.0
8.4
EPSS
0.0%
CVE-2015-5018 HIGH This Week

IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before 8.0.1.3 IF3, and Security Access Manager 9.0 before 9.0.0.0 IF1, allows remote authenticated users to execute arbitrary OS. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

IBM Command Injection Security Access Manager 9 0 Firmware Security Access Manager For Web 7 0 Firmware Security Access Manager For Web 8 0 Firmware
NVD
CVSS 3.0
8.0
EPSS
1.3%
CVE-2015-7400 HIGH This Week

The Lotus Mashups component in IBM Mashup Center 3.0.0.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an XML external entity declaration in conjunction with an. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service XXE Mashups Center
NVD
CVSS 3.0
7.7
EPSS
0.8%
CVE-2015-8027 HIGH This Week

Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the availability of a parser for each HTTP socket, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Node.js Node Js
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2015-7442 HIGH This Week

consoleinst.sh in IBM Installation Manager before 1.7.4.4 and 1.8.x before 1.8.4 and Packaging Utility before 1.7.4.4 and 1.8.x before 1.8.4 allows local users to gain privileges via a Trojan horse. Rated high severity (CVSS 7.0). No vendor patch available.

IBM Privilege Escalation Installation Manager Packaging Utility
NVD
CVSS 3.0
7.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy