Latest CVE Feed
-
6.8
MEDIUMCVE-2015-3939
Directory traversal vulnerability in the NC854 and NC856 modules for IDS RTU 850C devices allows remote authenticated users to read arbitrary files via unspecified vectors involving an internal web server, as demonstrated by reading a TELNET credentials f... Read more
- EPSS Score: %0.38
- Published: May. 31, 2015
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2015-3292
The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors.... Read more
Affected Products : oncommand_workflow_automation- EPSS Score: %28.03
- Published: May. 31, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-2949
Cross-site scripting (XSS) vulnerability in ZenPhoto20 1.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more
Affected Products : zenphoto- EPSS Score: %0.32
- Published: May. 31, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-2948
Cross-site scripting (XSS) vulnerability in the image processor in Zenphoto before 1.4.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more
Affected Products : zenphoto- EPSS Score: %0.31
- Published: May. 31, 2015
- Modified: Apr. 12, 2025
-
4.9
MEDIUMCVE-2015-1010
Rockwell Automation RSView32 7.60.00 (aka CPR9 SR4) and earlier does not properly encrypt credentials, which allows local users to obtain sensitive information by reading a file and conducting a decryption attack.... Read more
Affected Products : rsview32- EPSS Score: %0.01
- Published: May. 31, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-4138
The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not include the HTTPOnly flag in a Set-Cookie header for the administrator's cookie, which makes it easier for remote attacke... Read more
Affected Products : ssl_visibility_appliance_sv2800_firmware ssl_visibility_appliance_sv1800_firmware ssl_visibility_appliance_sv3800_firmware ssl_visibility_appliance_sv800_firmware ssl_visibility_appliance_sv2800 ssl_visibility_appliance_sv1800 ssl_visibility_appliance_sv3800 ssl_visibility_appliance_sv800- EPSS Score: %0.82
- Published: May. 30, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-2855
The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not set the secure flag for the administrator's cookie in an https session, which makes it easier for remote attackers to cap... Read more
Affected Products : ssl_visibility_appliance_sv2800_firmware ssl_visibility_appliance_sv1800_firmware ssl_visibility_appliance_sv3800_firmware ssl_visibility_appliance_sv800_firmware ssl_visibility_appliance_sv2800 ssl_visibility_appliance_sv1800 ssl_visibility_appliance_sv3800 ssl_visibility_appliance_sv800- EPSS Score: %1.33
- Published: May. 30, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-2854
The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via vectors... Read more
Affected Products : ssl_visibility_appliance_sv2800_firmware ssl_visibility_appliance_sv1800_firmware ssl_visibility_appliance_sv3800_firmware ssl_visibility_appliance_sv800_firmware ssl_visibility_appliance_sv2800 ssl_visibility_appliance_sv1800 ssl_visibility_appliance_sv3800 ssl_visibility_appliance_sv800- EPSS Score: %1.29
- Published: May. 30, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2015-2853
Session fixation vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack web sessions by providing a session ID.... Read more
Affected Products : ssl_visibility_appliance_sv2800_firmware ssl_visibility_appliance_sv1800_firmware ssl_visibility_appliance_sv3800_firmware ssl_visibility_appliance_sv800_firmware ssl_visibility_appliance_sv2800 ssl_visibility_appliance_sv1800 ssl_visibility_appliance_sv3800 ssl_visibility_appliance_sv800- EPSS Score: %0.59
- Published: May. 30, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-2852
Cross-site request forgery (CSRF) vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack the authentication of administrators.... Read more
Affected Products : ssl_visibility_appliance_sv2800_firmware ssl_visibility_appliance_sv1800_firmware ssl_visibility_appliance_sv3800_firmware ssl_visibility_appliance_sv800_firmware ssl_visibility_appliance_sv2800 ssl_visibility_appliance_sv1800 ssl_visibility_appliance_sv3800 ssl_visibility_appliance_sv800- EPSS Score: %0.17
- Published: May. 30, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2015-2851
client_chown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3320 on OS X allows local users to change the ownership of arbitrary files, and consequently obtain root access, by specifying a filename.... Read more
- EPSS Score: %0.11
- Published: May. 30, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-1937
IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2, and 1.2.2.x through 1.2.2.2 does not require authentication for the ceilometer NoSQL database, which allows remote attackers to read or write to arbitrary database records, and consequently obt... Read more
Affected Products : powervc- EPSS Score: %0.77
- Published: May. 30, 2015
- Modified: Apr. 12, 2025
-
3.5
LOWCVE-2015-0193
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject a... Read more
- EPSS Score: %0.20
- Published: May. 30, 2015
- Modified: Apr. 12, 2025
-
3.7
LOWCVE-2015-0121
IBM Rational Requirements Composer 3.0 through 3.0.1.6 and 4.0 through 4.0.7 and Rational DOORS Next Generation (RDNG) 4.0 through 4.0.7 and 5.0 through 5.0.2, when LTPA single sign on is used with WebSphere Application Server, do not terminate a Requirem... Read more
- EPSS Score: %0.19
- Published: May. 30, 2015
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2015-0758
The web-based user interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (X... Read more
Affected Products : unified_meetingplace- EPSS Score: %0.25
- Published: May. 30, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-0747
Cisco Conductor for Videoscape 3.0 and Cisco Headend System Release allow remote attackers to inject arbitrary cookies via a crafted HTTP request, aka Bug ID CSCuh25408.... Read more
Affected Products : headend_digital_broadband_delivery_system headend_system_release videoscape_conductor- EPSS Score: %0.22
- Published: May. 30, 2015
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-0745
Cisco Headend System Release allows remote attackers to read temporary script files or archive files, and consequently obtain sensitive information, via a crafted header in an HTTP request, aka Bug ID CSCus44909.... Read more
- EPSS Score: %0.24
- Published: May. 30, 2015
- Modified: Apr. 12, 2025
-
7.8
HIGHCVE-2015-0744
Cisco DTA Control System (DTACS) 4.0.0.9 and Cisco Headend System Release allow remote attackers to cause a denial of service (CPU and memory consumption, and TCP service outage) via (1) a SYN flood or (2) another type of TCP traffic flood, aka Bug IDs CS... Read more
Affected Products : headend_digital_broadband_delivery_system headend_system_release dta_control_system- EPSS Score: %0.85
- Published: May. 30, 2015
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-0743
Cisco Headend System Release allows remote attackers to cause a denial of service (DHCP and TFTP outage) via a flood of crafted UDP traffic, aka Bug ID CSCus04097.... Read more
- EPSS Score: %0.46
- Published: May. 30, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-0733
CRLF injection vulnerability in the HTTP Header Handler in Digital Broadband Delivery System in Cisco Headend System Release allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks or cross-site scripting (XSS... Read more
Affected Products : headend_digital_broadband_delivery_system- EPSS Score: %0.27
- Published: May. 30, 2015
- Modified: Apr. 12, 2025