Vulnerabilities (CVE)

Total 16395 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-3065 1 Postgresql 1 Postgresql 2016-04-14 8.5 HIGH 9.1 CRITICAL
The (1) brin_page_type and (2) brin_metapage_info functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and consequently obtain sensitive server memory information or cause a denial of service (server crash) via a crafted bytea value in a BRIN index page.
CVE-2016-3154 1 Spip 1 Spip 2016-04-14 7.5 HIGH 9.8 CRITICAL
The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object.
CVE-2016-3153 2 Debian, Spip 2 Debian Linux, Spip 2016-04-14 7.5 HIGH 9.8 CRITICAL
SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function.
CVE-2016-2343 1 Patterson Dental 1 Eaglesoft 2016-04-04 10.0 HIGH 9.8 CRITICAL
Patterson Dental Eaglesoft 17 has a hardcoded password of sql for the dba account, which allows remote attackers to obtain sensitive Dental.DB patient information via SQL statements.
CVE-2016-2245 1 Hp 1 Support Assistant 2016-03-22 10.0 HIGH 9.8 CRITICAL
HP Support Assistant before 8.1.52.1 allows remote attackers to bypass authentication via unspecified vectors.
CVE-2016-0804 1 Google 1 Android 2016-03-14 10.0 HIGH 9.8 CRITICAL
The NuPlayer::GenericSource::notifyPreparedAndCleanup function in media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 improperly manages mDrmManagerClient objects, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25070434.
CVE-2015-7261 1 Qnap 2 Iartist Lite, Signage Station 2016-03-11 7.5 HIGH 9.8 CRITICAL
The FTP service in QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, has hardcoded credentials, which makes it easier for remote attackers to obtain access via a session on TCP port 21.
CVE-2016-2275 1 Advantech 4 Vesp211-232, Vesp211-232 Firmware, Vesp211-eu and 1 more 2016-03-10 10.0 HIGH 9.8 CRITICAL
The web interface on Advantech/B+B SmartWorx VESP211-EU devices with firmware 1.7.2 and VESP211-232 devices with firmware 1.5.1 and 1.7.2 relies on the client to implement access control, which allows remote attackers to perform administrative actions via modified JavaScript code.
CVE-2016-2231 1 Huawei 2 Mt882, Mt882 Firmware 2016-03-10 9.0 HIGH 9.8 CRITICAL
The Windows-based Host Interface Program (WHIP) service on Huawei SmartAX MT882 devices V200R002B022 Arg relies on the client to send a length field that is consistent with a buffer size, which allows remote attackers to cause a denial of service (device outage) or possibly have unspecified other impact via crafted traffic on TCP port 8701.
CVE-2016-0803 1 Google 1 Android 2016-03-10 10.0 HIGH 9.8 CRITICAL
libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a large memory allocation in the (1) SoftMPEG4Encoder or (2) SoftVPXEncoder component, aka internal bug 25812794.
CVE-2015-7923 1 Westermo 1 Weos 2016-03-07 9.3 HIGH 9.0 CRITICAL
Westermo WeOS before 4.19.0 uses the same SSL private key across different customers' installations, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a key.
CVE-2015-8286 1 Zhuhai 1 Raysharp Firmware 2016-03-07 10.0 HIGH 9.8 CRITICAL
Zhuhai RaySharp firmware has a hardcoded root password, which makes it easier for remote attackers to obtain access via a session on TCP port 23 or 9000.
CVE-2015-8772 1 Mcafee 1 File Lock 2016-03-04 8.5 HIGH 9.1 CRITICAL
McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total Protection allows local users to obtain sensitive information from kernel memory or cause a denial of service (system crash) via a large VERIFY_INFORMATION.Length value in an IOCTL_DISK_VERIFY ioctl call.
CVE-2016-0212 1 Ibm 1 Tivoli Storage Manager Fastback 2016-03-03 10.0 HIGH 9.8 CRITICAL
Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2016-0213 and CVE-2016-0216.
CVE-2016-0213 1 Ibm 1 Tivoli Storage Manager Fastback 2016-03-03 10.0 HIGH 9.8 CRITICAL
Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2016-0212 and CVE-2016-0216.
CVE-2016-0216 1 Ibm 1 Tivoli Storage Manager Fastback 2016-03-03 10.0 HIGH 9.8 CRITICAL
Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2016-0212 and CVE-2016-0213.
CVE-2016-1154 1 Cuore 1 Ec-cube Help Plugin 2016-03-02 7.5 HIGH 9.1 CRITICAL
SQL injection vulnerability in the Help plug-in 1.3.5 and earlier in Cuore EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2016-2230 1 Openelec 1 Openelec 2016-02-25 10.0 HIGH 9.8 CRITICAL
OpenELEC and RasPlex devices have a hardcoded password for the root account, which makes it easier for remote attackers to obtain access via an SSH session.
CVE-2016-1896 1 Lexmark 28 C4150, C6160, Cs720de and 25 more 2016-02-01 10.0 HIGH 9.8 CRITICAL
Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper status.
CVE-2015-6412 1 Cisco 2 Modular Encoding Platform D9036, Modular Encoding Platform D9036 Software 2016-01-25 10.0 HIGH 9.8 CRITICAL
Cisco Modular Encoding Platform D9036 Software before 02.04.70 has hardcoded (1) root and (2) guest passwords, which makes it easier for remote attackers to obtain access via an SSH session, aka Bug ID CSCut88070.