Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7415 | 1 Ibm | 1 Urbancode Deploy | 2016-01-05 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM UrbanCode Deploy 6.0 before 6.0.1.12, 6.1 before 6.1.3.2, and 6.2 before 6.2.0.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2015-5994 | 1 Mediabridge | 2 Medialink Mwn-wapr300n, Medialink Mwn-wapr300n Firmware | 2015-12-31 | 7.9 HIGH | 6.8 MEDIUM |
| The web management interface on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 has a default password of admin for the admin account and a default password of password for the medialink account, which allows remote attackers to obtain administrative privileges by leveraging a Wi-Fi session. | |||||
| CVE-2015-5995 | 2 Mediabridge, Tenda | 3 Medialink Mwn-wapr300n, Medialink Mwn-wapr300n Firmware, N3 Wireless N150 | 2015-12-31 | 10.0 HIGH | 9.8 CRITICAL |
| Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attackers to obtain administrative access via a certain admin substring in an HTTP Cookie header. | |||||
| CVE-2015-2918 | 1 Orientdb | 1 Orientdb | 2015-12-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. | |||||
| CVE-2015-2913 | 1 Orientdb | 1 Orientdb | 2015-12-31 | 4.3 MEDIUM | 5.9 MEDIUM |
| server/network/protocol/http/OHttpSessionManager.java in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 improperly relies on the java.util.Random class for generation of random Session ID values, which makes it easier for remote attackers to predict a value by determining the internal state of the PRNG in this class. | |||||
| CVE-2015-2912 | 1 Orientdb | 1 Orientdb | 2015-12-31 | 6.8 MEDIUM | 8.8 HIGH |
| The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted HTTP request. | |||||
| CVE-2015-2896 | 1 Idera | 1 Uptime Infrastructure Monitor | 2015-12-31 | 5.0 MEDIUM | 5.3 MEDIUM |
| The up.time client in Idera Uptime Infrastructure Monitor through 7.6 allows remote attackers to obtain potentially sensitive version, OS, process, and event-log information via a command. | |||||
| CVE-2015-2894 | 1 Idera | 1 Uptime Infrastructure Monitor | 2015-12-31 | 5.0 MEDIUM | 5.3 MEDIUM |
| Format string vulnerability in the up.time client in Idera Uptime Infrastructure Monitor 6.0 and 7.2 allows remote attackers to cause a denial of service (application crash) via format string specifiers. | |||||
| CVE-2015-2895 | 1 Idera | 1 Uptime Infrastructure Monitor | 2015-12-31 | 7.5 HIGH | 7.3 HIGH |
| Buffer overflow in the up.time client in Idera Uptime Infrastructure Monitor 7.4 might allow remote attackers to execute arbitrary code via long command input. | |||||
| CVE-2015-2874 | 2 Lacie, Seagate | 7 Lac9000436u, Lac9000436u Firmware, Lac9000464u and 4 more | 2015-12-31 | 10.0 HIGH | 9.8 CRITICAL |
| Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 have a default password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session. | |||||
| CVE-2015-2875 | 2 Lacie, Seagate | 7 Lac9000436u, Lac9000436u Firmware, Lac9000464u and 4 more | 2015-12-31 | 7.8 HIGH | 7.5 HIGH |
| Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full pathname in a download request during a Wi-Fi session. | |||||
| CVE-2014-3260 | 1 Pacom | 2 1000 Ccu Gms, Rtu Gms | 2015-12-31 | 6.8 MEDIUM | 7.5 HIGH |
| Pacom 1000 CCU and RTU GMS devices allow remote attackers to spoof the controller-to-base data stream by leveraging improper use of cryptography. | |||||
| CVE-2014-4876 | 1 Toshiba | 1 4690 Operating System | 2015-12-31 | 4.3 MEDIUM | 3.7 LOW |
| Toshiba 4690 Operating System 6 Release 3, when the ADXSITCF logical name is not properly restricted, allows remote attackers to read potentially sensitive system environment variables via a crafted request to TCP port 54138. | |||||
| CVE-2015-5990 | 1 Belkin | 2 N600 Db Wi-fi Dual-band N\\\+ Router F9k1102, N600 Db Wi-fi Dual-band N\\\+ Router F9k1102 Firmware | 2015-12-31 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2015-5988 | 1 Belkin | 2 N600 Db Wi-fi Dual-band N\\\+ Router F9k1102, N600 Db Wi-fi Dual-band N\\\+ Router F9k1102 Firmware | 2015-12-31 | 9.3 HIGH | 9.8 CRITICAL |
| The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. | |||||
| CVE-2015-5987 | 1 Belkin | 2 N600 Db Wi-fi Dual-band N\\\+ Router F9k1102, N600 Db Wi-fi Dual-band N\\\+ Router F9k1102 Firmware | 2015-12-31 | 5.0 MEDIUM | 8.6 HIGH |
| Belkin F9K1102 2 devices with firmware 2.10.17 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value. | |||||
| CVE-2015-5989 | 1 Belkin | 2 N600 Db Wi-fi Dual-band N\\\+ Router F9k1102, N600 Db Wi-fi Dual-band N\\\+ Router F9k1102 Firmware | 2015-12-31 | 10.0 HIGH | 9.8 CRITICAL |
| Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to LockStatus and Login_Success values. | |||||
| CVE-2015-2876 | 2 Lacie, Seagate | 7 Lac9000436u, Lac9000436u Firmware, Lac9000464u and 4 more | 2015-12-31 | 8.3 HIGH | 8.8 HIGH |
| Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to execute arbitrary code by uploading a file to /media/sda2 during a Wi-Fi session. | |||||
| CVE-2015-7793 | 1 Corega | 1 Cg-wlbaragm Firmware | 2015-12-30 | 5.0 MEDIUM | 5.8 MEDIUM |
| Corega CG-WLBARAGM devices provide an open proxy service, which allows remote attackers to trigger outbound network traffic via unspecified vectors. | |||||
| CVE-2015-7794 | 1 Corega | 1 Cg-wlncm4g Firmware | 2015-12-30 | 5.0 MEDIUM | 5.8 MEDIUM |
| Corega CG-WLNCM4G devices provide an open DNS resolver, which allows remote attackers to cause a denial of service (traffic amplification) via crafted queries. | |||||