Vulnerabilities (CVE)

Total 16400 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-6873 1 Facebook 1 Hhvm 2017-02-22 7.5 HIGH 9.8 CRITICAL
Self recursion in compact in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.
CVE-2016-7630 1 Apple 1 Iphone Os 2017-02-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "WebSheet" component, which allows attackers to bypass a sandbox protection mechanism via unspecified vectors.
CVE-2016-9369 1 Moxa 51 Nport 5100 Series Firmware, Nport 5100a Series Firmware, Nport 5110 and 48 more 2017-02-17 10.0 HIGH 9.8 CRITICAL
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Firmware can be updated over the network without authentication, which may allow remote code execution.
CVE-2016-9361 1 Moxa 51 Nport 5100 Series Firmware, Nport 5100a Series Firmware, Nport 5110 and 48 more 2017-02-17 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Administration passwords can be retried without authenticating.
CVE-2016-9366 1 Moxa 51 Nport 5100 Series Firmware, Nport 5100a Series Firmware, Nport 5110 and 48 more 2017-02-17 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. An attacker can freely use brute force to determine parameters needed to bypass authentication.
CVE-2016-5818 1 Schneider-electric 2 Powerlogic Pm8ecc, Powerlogic Pm8ecc Firmware 2017-02-17 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device.
CVE-2016-8378 1 Lynxspring 1 Jenesys Bas Bridge 2017-02-17 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application's database lacks sufficient safeguards for protecting credentials.
CVE-2016-9005 1 Ibm 1 System Storage Ts3100-ts3200 Tape Library 2017-02-17 7.5 HIGH 9.8 CRITICAL
IBM System Storage TS3100-TS3200 Tape Library could allow an unauthenticated user with access to the company network, to change a user's password and gain remote access to the system.
CVE-2015-8459 5 Adobe, Apple, Google and 2 more 9 Air, Air Sdk, Air Sdk \& Compiler and 6 more 2017-02-17 10.0 HIGH 10.0 CRITICAL
Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8460, CVE-2015-8636, and CVE-2015-8645.
CVE-2017-5166 1 Binom3 2 Universal Multifunctional Electric Power Quality Meter, Universal Multifunctional Electric Power Quality Meter Firmware 2017-02-16 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. An INFORMATION EXPOSURE flaw can be used to gain privileged access to the device.
CVE-2017-5162 1 Binom3 2 Universal Multifunctional Electric Power Quality Meter, Universal Multifunctional Electric Power Quality Meter Firmware 2017-02-16 10.0 HIGH 9.8 CRITICAL
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Lack of authentication for remote service gives access to application set up and configuration.
CVE-2016-8954 1 Ibm 1 Dashdb Local 2017-02-15 7.5 HIGH 9.8 CRITICAL
IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database.
CVE-2016-8938 1 Ibm 1 Urbancode Deploy 2017-02-13 10.0 HIGH 10.0 CRITICAL
IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host customer's production applications.
CVE-2016-6199 1 Gradle 1 Gradle 2017-02-13 7.5 HIGH 9.8 CRITICAL
ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object.
CVE-2016-5964 1 Ibm 1 Security Privileged Identity Manager 2017-02-13 5.0 MEDIUM 9.8 CRITICAL
IBM Security Privileged Identity Manager Virtual Appliance version 2.0.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
CVE-2016-8325 1 Oracle 1 One-to-one Fulfillment 2017-02-11 6.4 MEDIUM 9.1 CRITICAL
Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Internal Operations). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle One-to-One Fulfillment accessible data as well as unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 9.1 (Confidentiality and Integrity impacts).
CVE-2016-10098 1 Sendquick 4 Avera Sms Gateway, Avera Sms Gateway Firmware, Entera Sms Gateway and 1 more 2017-02-10 7.5 HIGH 9.8 CRITICAL
An issue was discovered on SendQuick Entera and Avera devices before 2HF16. Multiple Command Injection vulnerabilities allow attackers to execute arbitrary system commands.
CVE-2016-9639 1 Saltstack 1 Salt 2017-02-09 7.5 HIGH 9.1 CRITICAL
Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.
CVE-2016-10150 1 Linux 1 Linux Kernel 2017-02-09 10.0 HIGH 9.8 CRITICAL
Use-after-free vulnerability in the kvm_ioctl_create_device function in virt/kvm/kvm_main.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of service (host OS crash) or possibly gain privileges via crafted ioctl calls on the /dev/kvm device.
CVE-2017-5879 1 Exponentcms 1 Exponent Cms 2017-02-08 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulnerability affects source_selector.php and the following parameter: src.