Skip to main content
CVE-2015-7706 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Secure Data Space SDS-API before 3.5.7 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Secure Data Space
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-6566 HIGH This Week

zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-*. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zarafa Collaboration Platform Fedora
NVD
CVSS 3.0
8.4
EPSS
0.0%
CVE-2015-6980 HIGH This Week

Directory Utility in Apple OS X before 10.11.1 mishandles authentication for new sessions, which allows local users to gain privileges via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Mac Os X
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-8231 HIGH This Week

Huawei eSpace 7910 and 7950 IP phones with software before V200R002C00SPC800 allow remote attackers with established sessions to cause a denial of service (device restart) via unspecified packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Espace 7950 Espace 7910
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-8230 HIGH This Week

Memory leak in Huawei eSpace 8950 IP phones with software before V200R003C00SPC300 allows remote attackers to cause a denial of service (memory consumption and restart) via a large number of crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Espace 8950
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-8331 HIGH This Week

The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 does not properly invalidate the session ID when an "abnormal exit" occurs, which allows remote. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Huawei Vcn500
NVD
CVSS 3.0
7.4
EPSS
0.1%
CVE-2015-8333 HIGH This Week

The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 allows remote authenticated users to change the IP address of the media server via crafted packets. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Huawei Vcn500
NVD
CVSS 3.0
7.1
EPSS
0.4%
CVE-2015-7024 MEDIUM This Month

Untrusted search path vulnerability in Apple OS X before 10.11.1 allows local users to bypass intended Gatekeeper restrictions and gain privileges via a Trojan horse program that is loaded from an. Rated medium severity (CVSS 6.7). No vendor patch available.

Apple Authentication Bypass Mac Os X
NVD
CVSS 3.0
6.7
EPSS
0.0%
CVE-2015-8335 MEDIUM This Month

Huawei VCN500 with software before V100R002C00SPC201 logs passwords in cleartext, which allows remote authenticated users to obtain sensitive information by triggering log generation and then reading. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Huawei Vcn500
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2015-7399 MEDIUM This Month

IBM WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.6 and IBM Integration Bus 9 before 9.0.0.3 and 10 before 10.0.0.0 allow remote attackers to obtain sensitive information about the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Integration Bus Websphere Message Broker
NVD
CVSS 3.0
5.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy