Vulnerabilities (CVE)

Total 17151 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-7280 1 Readynet Solutions 2 Wrt300n-dd, Wrt300n-dd Firmware 2016-11-28 10.0 HIGH 9.8 CRITICAL
The web administration interface on ReadyNet WRT300N-DD devices with firmware 1.0.26 has a default password of admin for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session.
CVE-2015-7277 1 Ampedwireless 2 R10000, R10000 Firmware 2016-11-28 9.3 HIGH 9.8 CRITICAL
The web administration interface on Amped Wireless R10000 devices with firmware 2.5.2.11 has a default password of admin for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session.
CVE-2015-5721 1 Misp-project 1 Malware Information Sharing Platform 2016-11-28 7.5 HIGH 9.8 CRITICAL
Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp.
CVE-2015-5719 1 Misp-project 1 Malware Information Sharing Platform 2016-11-28 10.0 HIGH 9.8 CRITICAL
app/Controller/TemplatesController.php in Malware Information Sharing Platform (MISP) before 2.3.92 does not properly restrict filenames under the tmp/files/ directory, which has unspecified impact and attack vectors.
CVE-2014-9906 2 Dbd-mysql Project, Debian 2 Dbd-mysql, Debian Linux 2016-11-28 10.0 HIGH 9.8 CRITICAL
Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection.
CVE-2014-9902 1 Google 1 Android 2016-11-28 10.0 HIGH 9.8 CRITICAL
Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a crafted Information Element (IE) in an 802.11 management frame, aka Android internal bug 28668638 and Qualcomm internal bugs CR553937 and CR553941.
CVE-2014-5415 1 Beckhoff 2 Embedded Pc Images, Twincat 2016-11-28 9.4 HIGH 9.1 CRITICAL
Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service.
CVE-2014-5414 1 Beckhoff 2 Embedded Pc Images, Twincat 2016-11-28 9.4 HIGH 9.1 CRITICAL
Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
CVE-2016-8869 1 Joomla 1 Joomla\! 2016-11-07 7.5 HIGH 9.8 CRITICAL
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site.
CVE-2015-1000000 1 Mailcwp Project 1 Mailcwp 2016-10-27 5.0 MEDIUM 9.8 CRITICAL
Remote file upload vulnerability in mailcwp v1.99 wordpress plugin
CVE-2015-1000009 1 Google-adsense-and-hotel-booking Project 1 Google-adsense-and-hotel-booking 2016-10-27 6.4 MEDIUM 9.1 CRITICAL
Open proxy in Wordpress plugin google-adsense-and-hotel-booking v1.05
CVE-2016-8276 1 Huawei 4 Usg2100, Usg2200, Usg5100 and 1 more 2016-10-04 9.3 HIGH 9.8 CRITICAL
Buffer overflow in the Point-to-Point Protocol over Ethernet (PPPoE) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600, when CHAP authentication is configured on the server, allows remote attackers to cause a denial of service (server restart) or execute arbitrary code via crafted packets sent during authentication.
CVE-2016-0883 1 Pivotal Software 1 Operations Manager 2016-10-03 5.0 MEDIUM 9.8 CRITICAL
Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication by leveraging knowledge of this key from another installation.
CVE-2016-0897 1 Pivotal Software 1 Operations Manager 2016-10-03 7.5 HIGH 9.8 CRITICAL
Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 and 1.7.x before 1.7.8, when vCloud or vSphere is used, does not properly enable SSH access for operators, which has unspecified impact and remote attack vectors.
CVE-2016-4972 1 Openstack 4 Mitaka-murano, Murano, Murano-dashboard and 1 more 2016-09-28 7.5 HIGH 9.8 CRITICAL
OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), Murano-dashboard before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), and python-muranoclient before 0.7.3 (liberty) and 0.8.x before 0.8.5 (mitaka) improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files, which allows remote attackers to create arbitrary Python objects and execute arbitrary code via crafted extended YAML tags in UI definitions in packages.
CVE-2016-6137 1 Sap 1 Trex 2016-09-28 10.0 HIGH 9.8 CRITICAL
An unspecified function in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands via unknown vectors, aka SAP Security Note 2203591.
CVE-2016-4564 1 Imagemagick 1 Imagemagick 2016-09-23 7.5 HIGH 9.8 CRITICAL
The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
CVE-2016-6825 1 Huawei 12 Rh1288 V3 Server, Rh1288 V3 Server Firmware, Rh2288 V3 Server and 9 more 2016-09-08 5.0 MEDIUM 9.8 CRITICAL
Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, and RH2288H V3 servers with software before V100R003C00SPC515 allow remote attackers to obtain passwords via a brute-force attack, related to "lack of authentication protection mechanisms."
CVE-2016-7109 1 Huawei 1 Uma 2016-09-08 10.0 HIGH 9.8 CRITICAL
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via "special characters," a different vulnerability than CVE-2016-7110.
CVE-2016-7110 1 Huawei 1 Uma 2016-09-08 10.0 HIGH 9.8 CRITICAL
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via "special characters," a different vulnerability than CVE-2016-7109.