Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-8269 | 1 Fisher-price | 1 Smart Toy Bear | 2016-02-24 | 6.5 MEDIUM | 7.5 HIGH |
| The API on Fisher-Price Smart Toy Bear devices allows remote attackers to obtain sensitive information or modify data by leveraging presence in an 802.11 network's coverage area and entering an account number. | |||||
| CVE-2016-1151 | 1 Cybozu | 1 Office | 2016-02-22 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu Office 9.9.0 through 10.3.0 allow remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2015-8483 | 1 Cybozu | 1 Office | 2016-02-22 | 5.8 MEDIUM | 7.4 HIGH |
| Open redirect vulnerability in Cybozu Office 10.2.0 through 10.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. | |||||
| CVE-2016-0958 | 4 Adobe, Apple, Linux and 1 more | 4 Experience Manager, Mac Os X, Linux Kernel and 1 more | 2016-02-18 | 7.8 HIGH | 7.5 HIGH |
| Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote attackers to have an unspecified impact via a crafted serialized Java object. | |||||
| CVE-2015-7678 | 1 Ipswitch | 1 Moveit Mobile | 2016-02-18 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Ipswitch MOVEit Mobile 1.2.0.962 and earlier allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2016-0865 | 1 Tollgrade | 1 Smartgrid Lighthouse Sensor Management System | 2016-02-18 | 9.0 HIGH | 8.8 HIGH |
| Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote authenticated users to change arbitrary passwords via unspecified vectors. | |||||
| CVE-2016-1139 | 1 Kddi | 2 Home Spot Cube, Home Spot Cube Firmware | 2016-02-10 | 6.8 MEDIUM | 7.5 HIGH |
| Cross-site request forgery (CSRF) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2016-1137 | 1 Kddi | 2 Home Spot Cube, Home Spot Cube Firmware | 2016-02-10 | 5.8 MEDIUM | 7.4 HIGH |
| Open redirect vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2015-7909 | 1 Hospira | 2 Communication Engine, Lifecare Pca Infusion System | 2016-02-09 | 7.5 HIGH | 7.3 HIGH |
| Stack-based buffer overflow in Hospira Communication Engine (CE) before 1.2 in LifeCare PCA Infusion System 5.07, Plum A+ Infusion System 13.40, and Plum A+3 Infusion System 13.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via traffic on TCP port 5000. | |||||
| CVE-2016-1233 | 1 Debian | 2 Debian Linux, Fuse | 2016-02-01 | 7.2 HIGH | 7.8 HIGH |
| An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an ioctl. | |||||
| CVE-2015-6925 | 1 Wolfssl | 1 Wolfssl | 2016-01-25 | 5.0 MEDIUM | 7.5 HIGH |
| wolfSSL (formerly CyaSSL) before 3.6.8 allows remote attackers to cause a denial of service (resource consumption or traffic amplification) via a crafted DTLS cookie in a ClientHello message. | |||||
| CVE-2015-8616 | 1 Php | 1 Php | 2016-01-22 | 7.5 HIGH | 8.6 HIGH |
| Use-after-free vulnerability in the Collator::sortWithSortKeys function in ext/intl/collator/collator_sort.c in PHP 7.x before 7.0.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging the relationships between a key buffer and a destroyed array. | |||||
| CVE-2015-6527 | 1 Php | 1 Php | 2016-01-22 | 7.5 HIGH | 7.3 HIGH |
| The php_str_replace_in_subject function in ext/standard/string.c in PHP 7.x before 7.0.0 allows remote attackers to execute arbitrary code via a crafted value in the third argument to the str_ireplace function. | |||||
| CVE-2015-4988 | 1 Ibm | 1 Tealeaf Customer Experience | 2016-01-22 | 7.8 HIGH | 8.6 HIGH |
| Directory traversal vulnerability in the replay server in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2016-0852 | 1 Advantech | 1 Webaccess | 2016-01-21 | 5.0 MEDIUM | 7.5 HIGH |
| Advantech WebAccess before 8.1 allows remote attackers to bypass an intended administrative requirement and obtain file or folder access via unspecified vectors. | |||||
| CVE-2016-0853 | 1 Advantech | 1 Webaccess | 2016-01-21 | 5.0 MEDIUM | 7.5 HIGH |
| Advantech WebAccess before 8.1 allows remote attackers to obtain sensitive information via crafted input. | |||||
| CVE-2015-7470 | 1 Ibm | 1 Jazz Reporting Service | 2016-01-21 | 5.0 MEDIUM | 7.5 HIGH |
| Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors, as demonstrated by login information. | |||||
| CVE-2015-8280 | 1 Samsung | 1 Web Viewer | 2016-01-21 | 5.0 MEDIUM | 7.5 HIGH |
| Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to discover credentials by reading detailed error messages. | |||||
| CVE-2016-0851 | 1 Advantech | 1 Webaccess | 2016-01-20 | 7.8 HIGH | 7.5 HIGH |
| Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service (out-of-bounds memory access) via unspecified vectors. | |||||
| CVE-2015-8281 | 1 Samsung | 1 Web Viewer | 2016-01-20 | 7.8 HIGH | 7.5 HIGH |
| Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows attackers to bypass filesystem encryption via XOR calculations. | |||||
| CVE-2015-8279 | 1 Samsung | 1 Web Viewer | 2016-01-20 | 5.0 MEDIUM | 8.6 HIGH |
| Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an unspecified PHP script. | |||||
| CVE-2015-6467 | 1 Advantech | 1 Webaccess | 2016-01-20 | 9.3 HIGH | 8.1 HIGH |
| Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code via vectors involving a browser plugin. | |||||
| CVE-2015-8400 | 2 Fedoraproject, Shellinabox Project | 2 Fedora, Shellinabox | 2016-01-20 | 4.3 MEDIUM | 7.4 HIGH |
| The HTTPS fallback implementation in Shell In A Box (aka shellinabox) before 2.19 makes it easier for remote attackers to conduct DNS rebinding attacks via the "/plain" URL. | |||||
| CVE-2015-8306 | 1 Huawei | 2 P8, P8 Firmware | 2016-01-20 | 9.3 HIGH | 7.8 HIGH |
| Buffer overflow in the HIFI driver in Huawei P8 phones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 allows attackers to cause a denial of service (system crash) or execute arbitrary code via an unspecified parameter. | |||||
| CVE-2015-3947 | 1 Advantech | 1 Webaccess | 2016-01-18 | 6.5 MEDIUM | 8.1 HIGH |
| SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-3946 | 1 Advantech | 1 Webaccess | 2016-01-18 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess before 8.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2015-7393 | 1 F5 | 20 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 17 more | 2016-01-14 | 6.9 MEDIUM | 7.4 HIGH |
| dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.3.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP DNS 12.0.0 before 12.0.0 HF1, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.0 through 11.3.0, BIG-IP GTM 11.2.0 through 11.6.0, BIG-IP PSM 11.2.0 through 11.4.1, Enterprise Manager 3.0.0 through 3.1.1, BIG-IQ Cloud 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, BIG-IQ Security 4.0.0 through 4.5.0, BIG-IQ ADC 4.5.0, BIG-IQ Centralized Management 4.6.0, and BIG-IQ Cloud and Orchestration 1.0.0 allows local users with advanced shell (bash) access to gain privileges via unspecified vectors. | |||||
| CVE-2015-8597 | 1 Bluecoat | 2 Advanced Secure Gateway, Proxysg | 2016-01-13 | 5.8 MEDIUM | 7.4 HIGH |
| Open redirect vulnerability in Blue Coat ProxySG 6.5 before 6.5.8.8 and 6.6 and Advanced Secure Gateway (ASG) 6.6 might allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in conjunction with a "clear text" one in a coaching page, as demonstrated by "http://www.%humbug-URL%.local/bluecoat-splash-API?%BASE64-URL%." | |||||
| CVE-2015-7754 | 1 Juniper | 1 Screenos | 2016-01-13 | 9.3 HIGH | 8.1 HIGH |
| Juniper ScreenOS before 6.3.0r21, when ssh-pka is configured and enabled, allows remote attackers to cause a denial of service (system crash) or execute arbitrary code via crafted SSH negotiation. | |||||
| CVE-2015-6566 | 2 Fedoraproject, Zarafa | 2 Fedora, Zarafa Collaboration Platform | 2016-01-13 | 7.2 HIGH | 8.4 HIGH |
| zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-*. | |||||
| CVE-2015-8333 | 1 Huawei | 1 Vcn500 | 2016-01-12 | 5.5 MEDIUM | 7.1 HIGH |
| The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 allows remote authenticated users to change the IP address of the media server via crafted packets. | |||||
| CVE-2015-8231 | 1 Huawei | 2 Espace 7910, Espace 7950 | 2016-01-12 | 7.8 HIGH | 7.5 HIGH |
| Huawei eSpace 7910 and 7950 IP phones with software before V200R002C00SPC800 allow remote attackers with established sessions to cause a denial of service (device restart) via unspecified packets. | |||||
| CVE-2015-8230 | 1 Huawei | 1 Espace 8950 | 2016-01-12 | 7.8 HIGH | 7.5 HIGH |
| Memory leak in Huawei eSpace 8950 IP phones with software before V200R003C00SPC300 allows remote attackers to cause a denial of service (memory consumption and restart) via a large number of crafted ARP packets. | |||||
| CVE-2015-8754 | 1 Acquia | 1 Mollom | 2016-01-12 | 5.0 MEDIUM | 7.5 HIGH |
| The Mollom module 6.x-2.7 before 6.x-2.15 for Drupal allows remote attackers to bypass intended access restrictions and modify the mollom blacklist via unspecified vectors. | |||||
| CVE-2015-7465 | 1 Ibm | 1 Jazz Reporting Service | 2016-01-12 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||||
| CVE-2015-6980 | 1 Apple | 1 Mac Os X | 2016-01-12 | 7.2 HIGH | 7.8 HIGH |
| Directory Utility in Apple OS X before 10.11.1 mishandles authentication for new sessions, which allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2015-8331 | 1 Huawei | 1 Vcn500 | 2016-01-11 | 5.8 MEDIUM | 7.4 HIGH |
| The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 does not properly invalidate the session ID when an "abnormal exit" occurs, which allows remote attackers to conduct replay attacks via the session ID. | |||||
| CVE-2016-1131 | 1 Dx Library Project | 1 Dx Library | 2016-01-08 | 6.8 MEDIUM | 7.8 HIGH |
| Buffer overflow in the CL_vsprintf function in Takumi Yamada DX Library before 3.16 allows remote attackers to execute arbitrary code via a crafted string. | |||||
| CVE-2015-7430 | 1 Apache | 1 Hadoop | 2016-01-07 | 4.6 MEDIUM | 8.4 HIGH |
| The Hadoop connector 1.1.1, 2.4, 2.5, and 2.7.0-0 before 2.7.0-3 for IBM Spectrum Scale and General Parallel File System (GPFS) allows local users to read or write to arbitrary GPFS data via unspecified vectors. | |||||
| CVE-2015-2912 | 1 Orientdb | 1 Orientdb | 2015-12-31 | 6.8 MEDIUM | 8.8 HIGH |
| The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted HTTP request. | |||||
| CVE-2015-2895 | 1 Idera | 1 Uptime Infrastructure Monitor | 2015-12-31 | 7.5 HIGH | 7.3 HIGH |
| Buffer overflow in the up.time client in Idera Uptime Infrastructure Monitor 7.4 might allow remote attackers to execute arbitrary code via long command input. | |||||
| CVE-2015-2875 | 2 Lacie, Seagate | 7 Lac9000436u, Lac9000436u Firmware, Lac9000464u and 4 more | 2015-12-31 | 7.8 HIGH | 7.5 HIGH |
| Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full pathname in a download request during a Wi-Fi session. | |||||
| CVE-2014-3260 | 1 Pacom | 2 1000 Ccu Gms, Rtu Gms | 2015-12-31 | 6.8 MEDIUM | 7.5 HIGH |
| Pacom 1000 CCU and RTU GMS devices allow remote attackers to spoof the controller-to-base data stream by leveraging improper use of cryptography. | |||||
| CVE-2015-5990 | 1 Belkin | 2 N600 Db Wi-fi Dual-band N\\\+ Router F9k1102, N600 Db Wi-fi Dual-band N\\\+ Router F9k1102 Firmware | 2015-12-31 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2015-5987 | 1 Belkin | 2 N600 Db Wi-fi Dual-band N\\\+ Router F9k1102, N600 Db Wi-fi Dual-band N\\\+ Router F9k1102 Firmware | 2015-12-31 | 5.0 MEDIUM | 8.6 HIGH |
| Belkin F9K1102 2 devices with firmware 2.10.17 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value. | |||||
| CVE-2015-2876 | 2 Lacie, Seagate | 7 Lac9000436u, Lac9000436u Firmware, Lac9000464u and 4 more | 2015-12-31 | 8.3 HIGH | 8.8 HIGH |
| Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to execute arbitrary code by uploading a file to /media/sda2 during a Wi-Fi session. | |||||
| CVE-2015-7788 | 1 Asus | 2 Wl-330nul, Wl-330nul Firmware | 2015-12-30 | 5.8 MEDIUM | 7.3 HIGH |
| ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2015-7907 | 1 Honeywell | 2 Midas Black Firmware, Midas Firmware | 2015-12-22 | 6.4 MEDIUM | 8.6 HIGH |
| Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and write to a configuration file or trigger a calibration or test, via unspecified vectors. | |||||
| CVE-2015-6481 | 1 Moxa | 1 Oncell Central Manager | 2015-12-22 | 7.5 HIGH | 8.3 HIGH |
| The login function in the RequestController class in Moxa OnCell Central Manager before 2.2 has a hardcoded root password, which allows remote attackers to obtain administrative access via a login session. | |||||
| CVE-2015-6480 | 1 Moxa | 1 Oncell Central Manager | 2015-12-21 | 7.5 HIGH | 8.3 HIGH |
| The MessageBrokerServlet servlet in Moxa OnCell Central Manager before 2.2 does not require authentication, which allows remote attackers to obtain administrative access via a command, as demonstrated by the addUserAndGroup action. | |||||