Vulnerabilities (CVE)

Total 18424 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-5415 1 Beckhoff 2 Embedded Pc Images, Twincat 2016-11-28 9.4 HIGH 9.1 CRITICAL
Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service.
CVE-2016-8869 1 Joomla 1 Joomla\! 2016-11-07 7.5 HIGH 9.8 CRITICAL
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site.
CVE-2015-1000009 1 Google-adsense-and-hotel-booking Project 1 Google-adsense-and-hotel-booking 2016-10-27 6.4 MEDIUM 9.1 CRITICAL
Open proxy in Wordpress plugin google-adsense-and-hotel-booking v1.05
CVE-2015-1000000 1 Mailcwp Project 1 Mailcwp 2016-10-27 5.0 MEDIUM 9.8 CRITICAL
Remote file upload vulnerability in mailcwp v1.99 wordpress plugin
CVE-2016-8276 1 Huawei 4 Usg2100, Usg2200, Usg5100 and 1 more 2016-10-04 9.3 HIGH 9.8 CRITICAL
Buffer overflow in the Point-to-Point Protocol over Ethernet (PPPoE) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600, when CHAP authentication is configured on the server, allows remote attackers to cause a denial of service (server restart) or execute arbitrary code via crafted packets sent during authentication.
CVE-2016-0883 1 Pivotal Software 1 Operations Manager 2016-10-03 5.0 MEDIUM 9.8 CRITICAL
Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication by leveraging knowledge of this key from another installation.
CVE-2016-0897 1 Pivotal Software 1 Operations Manager 2016-10-03 7.5 HIGH 9.8 CRITICAL
Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 and 1.7.x before 1.7.8, when vCloud or vSphere is used, does not properly enable SSH access for operators, which has unspecified impact and remote attack vectors.
CVE-2016-4972 1 Openstack 4 Mitaka-murano, Murano, Murano-dashboard and 1 more 2016-09-28 7.5 HIGH 9.8 CRITICAL
OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), Murano-dashboard before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), and python-muranoclient before 0.7.3 (liberty) and 0.8.x before 0.8.5 (mitaka) improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files, which allows remote attackers to create arbitrary Python objects and execute arbitrary code via crafted extended YAML tags in UI definitions in packages.
CVE-2016-6137 1 Sap 1 Trex 2016-09-28 10.0 HIGH 9.8 CRITICAL
An unspecified function in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands via unknown vectors, aka SAP Security Note 2203591.
CVE-2016-4564 1 Imagemagick 1 Imagemagick 2016-09-23 7.5 HIGH 9.8 CRITICAL
The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
CVE-2016-6825 1 Huawei 12 Rh1288 V3 Server, Rh1288 V3 Server Firmware, Rh2288 V3 Server and 9 more 2016-09-08 5.0 MEDIUM 9.8 CRITICAL
Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, and RH2288H V3 servers with software before V100R003C00SPC515 allow remote attackers to obtain passwords via a brute-force attack, related to "lack of authentication protection mechanisms."
CVE-2016-7109 1 Huawei 1 Uma 2016-09-08 10.0 HIGH 9.8 CRITICAL
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via "special characters," a different vulnerability than CVE-2016-7110.
CVE-2016-7110 1 Huawei 1 Uma 2016-09-08 10.0 HIGH 9.8 CRITICAL
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via "special characters," a different vulnerability than CVE-2016-7109.
CVE-2016-2018 1 Hp 2 Matrix Operating Environment, Systems Insight Manager 2016-08-24 6.4 MEDIUM 9.1 CRITICAL
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors.
CVE-2016-2024 1 Hp 2 Insight Contol, Server Migration Package 2016-08-24 7.5 HIGH 9.8 CRITICAL
HPE Insight Control before 7.5.1 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.
CVE-2016-6493 1 Citrix 2 Xenapp, Xendesktop 2016-08-23 7.5 HIGH 9.8 CRITICAL
Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via vectors related to memory permission.
CVE-2016-2029 1 Hp 2 Matrix Operating Environment, Systems Insight Manager 2016-08-23 6.4 MEDIUM 9.1 CRITICAL
HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4358.
CVE-2016-5817 1 Navis 1 Webaccess 2016-08-22 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in news pages in Cargotec Navis WebAccess before 2016-08-10 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2016-5667 1 Crestron 2 Dm-txrx-100-str, Dm-txrx-100-str Firmware 2016-08-15 7.5 HIGH 9.8 CRITICAL
Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication via a direct request to a page other than index.html.
CVE-2016-5640 1 Crestron 2 Airmedia Am-100, Airmedia Am-100 Firmware 2016-08-15 10.0 HIGH 9.8 CRITICAL
Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to execute arbitrary commands via a .. (dot dot) in the ATE_COMMAND parameter.