Vulnerabilities (CVE)

Total 17151 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-2018 1 Hp 2 Matrix Operating Environment, Systems Insight Manager 2016-08-24 6.4 MEDIUM 9.1 CRITICAL
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors.
CVE-2016-2024 1 Hp 2 Insight Contol, Server Migration Package 2016-08-24 7.5 HIGH 9.8 CRITICAL
HPE Insight Control before 7.5.1 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.
CVE-2016-6493 1 Citrix 2 Xenapp, Xendesktop 2016-08-23 7.5 HIGH 9.8 CRITICAL
Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via vectors related to memory permission.
CVE-2016-2029 1 Hp 2 Matrix Operating Environment, Systems Insight Manager 2016-08-23 6.4 MEDIUM 9.1 CRITICAL
HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4358.
CVE-2016-5817 1 Navis 1 Webaccess 2016-08-22 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in news pages in Cargotec Navis WebAccess before 2016-08-10 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2016-5667 1 Crestron 2 Dm-txrx-100-str, Dm-txrx-100-str Firmware 2016-08-15 7.5 HIGH 9.8 CRITICAL
Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication via a direct request to a page other than index.html.
CVE-2016-5640 1 Crestron 2 Airmedia Am-100, Airmedia Am-100 Firmware 2016-08-15 10.0 HIGH 9.8 CRITICAL
Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to execute arbitrary commands via a .. (dot dot) in the ATE_COMMAND parameter.
CVE-2016-5669 1 Crestron 2 Dm-txrx-100-str, Dm-txrx-100-str Firmware 2016-08-15 5.0 MEDIUM 9.8 CRITICAL
Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 use a hardcoded 0xb9eed4d955a59eb3 X.509 certificate from an OpenSSL Test Certification Authority, which makes it easier for remote attackers to conduct man-in-the-middle attacks against HTTPS sessions by leveraging the certificate's trust relationship.
CVE-2016-5666 1 Crestron 2 Dm-txrx-100-str, Dm-txrx-100-str Firmware 2016-08-15 5.0 MEDIUM 9.8 CRITICAL
Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 rely on the client to perform authentication, which allows remote attackers to obtain access by setting the value of objresp.authenabled to 1.
CVE-2016-5668 1 Crestron 2 Dm-txrx-100-str, Dm-txrx-100-str Firmware 2016-08-15 7.5 HIGH 9.8 CRITICAL
Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication and change settings via a JSON API call.
CVE-2016-5670 1 Crestron 2 Dm-txrx-100-str, Dm-txrx-100-str Firmware 2016-08-15 10.0 HIGH 9.8 CRITICAL
Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via the web management interface.
CVE-2016-6178 1 Huawei 10 Cloudengine 12800, Cloudengine 12800 Firmware, Cx600 and 7 more 2016-08-03 7.5 HIGH 9.8 CRITICAL
Huawei NE40E and CX600 devices with software before V800R007SPH017; PTN 6900-2-M8 devices with software before V800R007SPH019; NE5000E devices with software before V800R006SPH018; and CloudEngine devices 12800 with software before V100R003SPH010 and V100R005 before V100R005SPH006 allow remote attackers with control plane access to cause a denial of service or execute arbitrary code via a crafted packet.
CVE-2016-1909 1 Fortinet 1 Fortios 2016-07-15 10.0 HIGH 9.8 CRITICAL
Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17 and 5.0.x before 5.0.8 have a hardcoded passphrase for the Fortimanager_Access account, which allows remote attackers to obtain administrative access via an SSH session.
CVE-2016-3742 1 Google 1 Android 2016-07-11 7.5 HIGH 9.8 CRITICAL
decoder/ih264d_process_intra_mb.c in mediaserver in Android 6.x before 2016-07-01 mishandles intra mode, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28165659.
CVE-2016-3743 1 Google 1 Android 2016-07-11 7.5 HIGH 9.8 CRITICAL
decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-07-01 does not initialize certain data structures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 27907656.
CVE-2016-3741 1 Google 1 Android 2016-07-11 7.5 HIGH 9.8 CRITICAL
The H.264 decoder in mediaserver in Android 6.x before 2016-07-01 does not initialize certain slice data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28165661.
CVE-2016-3745 1 Google 1 Android 2016-07-11 7.5 HIGH 9.8 CRITICAL
Multiple buffer overflows in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to gain privileges via a crafted application that provides an AudioEffect reply, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 28173666.
CVE-2016-2506 1 Google 1 Android 2016-07-11 10.0 HIGH 9.8 CRITICAL
DRMExtractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate a certain offset value, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28175045.
CVE-2016-0391 1 Ibm 2 Bluemix, Watson Developer Cloud 2016-07-07 7.5 HIGH 9.8 CRITICAL
The IBM Watson Developer Cloud services on Bluemix platforms do not properly generate random numbers for service-instance credentials, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
CVE-2016-0224 1 Ibm 1 Marketing Platform 2016-06-28 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.