Vulnerabilities (CVE)

Total 13957 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-1896 1 Lexmark 28 C4150, C6160, Cs720de and 25 more 2016-02-01 10.0 HIGH 9.8 CRITICAL
Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper status.
CVE-2015-6412 1 Cisco 2 Modular Encoding Platform D9036, Modular Encoding Platform D9036 Software 2016-01-25 10.0 HIGH 9.8 CRITICAL
Cisco Modular Encoding Platform D9036 Software before 02.04.70 has hardcoded (1) root and (2) guest passwords, which makes it easier for remote attackers to obtain access via an SSH session, aka Bug ID CSCut88070.
CVE-2015-7939 1 Unitronics 1 Visilogic Oplc Ide 2016-01-18 9.3 HIGH 9.6 CRITICAL
Heap-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.09 allows remote attackers to execute arbitrary code via a long vlp filename.
CVE-2015-7938 1 Advantech 4 Eki-1321, Eki-1321 Series Firmware, Eki-1322 and 1 more 2016-01-18 10.0 HIGH 9.8 CRITICAL
Advantech EKI-132x devices with firmware before 2015-12-31 allow remote attackers to bypass authentication via unspecified vectors.
CVE-2015-7541 1 Colorscore Project 1 Colorscore 2016-01-18 10.0 HIGH 10.0 CRITICAL
The initialize method in the Histogram class in lib/colorscore/histogram.rb in the colorscore gem before 0.0.5 for Ruby allows context-dependent attackers to execute arbitrary code via shell metacharacters in the (1) image_path, (2) colors, or (3) depth variable.
CVE-2015-8098 1 F5 1 Big-ip Access Policy Manager 2016-01-15 10.0 HIGH 9.8 CRITICAL
F5 BIG-IP APM 11.4.1 before 11.4.1 HF9, 11.5.x before 11.5.3, and 11.6.0 before 11.6.0 HF4 allow remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors related to processing a Citrix Remote Desktop connection through a virtual server configured with a remote desktop profile, aka an "Out-of-bounds memory vulnerability."
CVE-2015-8611 1 F5 9 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 6 more 2016-01-14 10.0 HIGH 9.8 CRITICAL
BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, and PEM 12.0.0 before HF1 on the 2000, 4000, 5000, 7000, and 10000 platforms do not properly sync passwords with the Always-On Management (AOM) subsystem, which might allow remote attackers to obtain login access to AOM via an (1) expired or (2) default password.
CVE-2015-8761 1 Values Project 1 Values 2016-01-12 6.0 MEDIUM 9.0 CRITICAL
The Values module 7.x-1.x before 7.x-1.2 for Drupal does not properly check permissions, which allows remote administrators with the "Import value sets" permission to execute arbitrary PHP code via the exported values list in a ctools import.
CVE-2015-7426 1 Ibm 2 Spectrum Protect For Virtual Environments, Spectrum Protect Snapshot 2016-01-07 10.0 HIGH 10.0 CRITICAL
The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.3.0 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 4.1 before 4.1.3.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
CVE-2015-5995 2 Mediabridge, Tenda 3 Medialink Mwn-wapr300n, Medialink Mwn-wapr300n Firmware, N3 Wireless N150 2015-12-31 10.0 HIGH 9.8 CRITICAL
Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attackers to obtain administrative access via a certain admin substring in an HTTP Cookie header.
CVE-2015-2874 2 Lacie, Seagate 7 Lac9000436u, Lac9000436u Firmware, Lac9000464u and 4 more 2015-12-31 10.0 HIGH 9.8 CRITICAL
Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 have a default password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session.
CVE-2015-5988 1 Belkin 2 N600 Db Wi-fi Dual-band N\\\+ Router F9k1102, N600 Db Wi-fi Dual-band N\\\+ Router F9k1102 Firmware 2015-12-31 9.3 HIGH 9.8 CRITICAL
The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by leveraging a LAN session.
CVE-2015-5989 1 Belkin 2 N600 Db Wi-fi Dual-band N\\\+ Router F9k1102, N600 Db Wi-fi Dual-band N\\\+ Router F9k1102 Firmware 2015-12-31 10.0 HIGH 9.8 CRITICAL
Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to LockStatus and Login_Success values.
CVE-2015-6538 1 Ephiphanyheathdata 1 Cardio Server 2015-12-28 7.5 HIGH 9.8 CRITICAL
The login page in Epiphany Cardio Server 3.3, 4.0, and 4.1 mishandles authentication requests, which allows remote attackers to conduct LDAP injection attacks, and consequently bypass intended access restrictions, via a crafted URL.
CVE-2015-6537 1 Epiphanyhealthdata 1 Cardio Server 2015-12-28 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in the login page in Epiphany Cardio Server 3.3 allows remote attackers to execute arbitrary SQL commands via a crafted URL.
CVE-2015-7911 1 Saia Burgess Controls 28 Pcd1.m0xx0, Pcd1.m0xx0 Firmware, Pcd1.m2xx0 and 25 more 2015-12-23 10.0 HIGH 9.1 CRITICAL
Saia Burgess PCD1.M0xx0, PCD1.M2xx0, PCD2.M5xx0, PCD3.Mxx60, PCD3.Mxxx0, PCD7.D4xxD, PCD7.D4xxV, PCD7.D4xxWTPF, and PCD7.D4xxxT5F devices before 1.24.50 and PCD3.T665 and PCD3.T666 devices before 1.24.41 have hardcoded credentials, which allows remote attackers to obtain administrative access via an FTP session.
CVE-2015-7919 1 Searchblox 1 Searchblox 2015-12-21 6.4 MEDIUM 10.0 CRITICAL
SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of service (application crash), via unspecified vectors.