Alert News -  Alert News  Cyber Campaigns  Operation  CERT Alert  CERT Analysy New  CERT Publication New 

 

Update 15.12.2018 10:00:40

Published

Public 

Updated 

VU#

CVSS 

Title

2018-12-132018-12-122018-12-13VU#7569133.3Pixars Tractor contains a stored cross-site scripting vulnerability

2018-11-06

2018-11-05

2018-11-07

VU#395981

3.7

Self-Encrypting Drives Have Multiple Vulnerabilities

2018-11-01

2018-11-01

2018-11-07

VU#317277

4.6

Texas Instruments Microcontrollers CC2640 and CC2650 are vulnerable to heap overflow

2018-11-01

2018-10-31

2018-11-05

VU#339704

5.5

Cisco ASA and FTD SIP Inspection denial-of-service vulnerability

2018-10-06

2018-10-06

2018-10-16

VU#176301

0

Auto-Maskin DCU 210E RP 210E and Marine Pro Observer App

2018-09-26

2018-09-18

2018-11-08

VU#581311

5.9

TP-Link EAP Controller lacks RMI authentication and is vulnerable to deserialization attacks

2018-09-05

2018-09-05

2018-10-23

VU#598349

0

Automatic DNS registration and proxy autodiscovery allow spoofing of network services

2018-08-28

2018-08-27

2018-09-13

VU#906424

6.4

Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the ALPC interface

2018-08-21

2018-02-21

2018-10-01

VU#332928

6.8

Ghostscript contains multiple -dSAFER sandbox bypass vulnerabilities

2018-08-15

2018-04-14

2018-09-10

VU#982149

5.6

Intel processors are vulnerable to a speculative execution side-channel attack called L1 Terminal Fault (L1TF)

2018-08-14

2018-08-10

2018-09-14

VU#787952

6.0

Android and iOS apps contain multiple vulnerabilities

2018-08-14

2018-08-14

2018-08-17

VU#857035

7.9

IKEv1 Main Mode vulnerable to brute force attacks

2018-08-14

2018-08-14

2018-10-12

VU#641765

6.6

Linux kernel IP fragment re-assembly vulnerable to denial of service

2018-08-06

2018-07-23

2018-09-14

VU#962459

6.4

TCP implementations vulnerable to Denial of Service

2018-08-03

2013-06-09

2018-08-03

VU#307144

0

mingw-w64 by default produces executables that opt in to ASLR, but are not compatible with ASLR

2018-07-23

2018-07-23

2018-08-17

VU#304725

5.7

Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange

2018-05-23

2018-05-22

2018-06-13

VU#338343

3.9

strongSwan VPN charon server vulnerable to buffer underflow

2018-05-21

2018-05-21

2018-06-19

VU#180049

3.4

CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks

2018-05-14

2018-05-14

2018-05-15

VU#122919

0

OpenPGP and S/MIME mail client vulnerabilities

2018-05-08

2018-05-08

2018-06-06

VU#631579

5.3

Hardware debug exception documentation may result in unexpected behavior

2018-05-03

2018-05-03

2018-05-03

VU#283803

2.7

Integrated GPUs may allow side-channel and rowhammer attacks using WebGL ("Glitch")

2018-04-10

2018-04-10

2018-04-10

VU#974272

4.1

Microsoft Outlook retrieves remote OLE content without prompting

2018-03-29

2018-03-27

2018-04-24

VU#277400

5.9

Windows 7 and Windows Server 2008 R2 x64 fail to protect kernel memory when the Microsoft update for meltdown is installed

2018-03-27

2018-02-07

2018-03-27

VU#184077

8.7

Navarino Infinity web interface is affected by multiple vulnerabilities.

2018-03-19

2012-03-20

2018-04-04

VU#306792

1.7

Bouncy Castle BKS-V1 keystore files vulnerable to trivial hash collisions

2018-02-27

2018-02-27

2018-06-05

VU#475445

4.9

Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal

2018-02-15

2018-02-15

2018-02-19

VU#940439

7.3

Quagga bgpd is affected by multiple vulnerabilities

2018-02-01

2018-02-01

2018-02-01

VU#319904

3

Pulse Secure Linux client GUI fails to validate SSL certificates

2018-01-04

2018-01-03

2018-07-03

VU#584653

5.1

CPU hardware vulnerable to side-channel attacks

2017-12-12

2017-12-12

2018-04-09

VU#144389

4.2

TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding

2017-11-29

2017-11-13

2017-11-30

VU#113765

4.6

Apple MacOS High Sierra disabled account authentication bypass

2017-11-21

2017-11-21

2017-11-21

VU#681983

1.3

Install Norton Security for Mac does not verify SSL certificates

2017-11-17

2017-11-16

2017-11-20

VU#817544

0

Windows 8 and later fail to properly randomize every application if system-wide mandatory ASLR is enabled via EMET or Windows Defender Exploit Guard

2017-11-15

2017-11-14

2017-11-20

VU#421280

5.5

Microsoft Office Equation Editor stack buffer overflow

2017-11-03

2017-11-01

2017-11-09

VU#739007

6.2

IEEE P1735 implementations may have weak cryptographic protections

2017-11-02

2017-10-03

2017-11-06

VU#446847

5.2

Savitech USB audio drivers install a new root CA certificate

2017-10-16

2017-10-16

2017-11-08

VU#307015

6.9

Infineon RSA library does not properly generate RSA key pairs

2017-10-16

2017-10-16

2017-11-16

VU#228519

5.7

Wi-Fi Protected Access (WPA) handshake traffic can be manipulated to induce nonce and session key reuse

2017-10-12

2017-10-12

2018-01-22

VU#590639

5.5

NXP Semiconductors MQX RTOS contains multiple vulnerabilities

2017-10-02

2017-10-02

2018-02-02

VU#973527

8.7

Dnsmasq contains multiple vulnerabilities

2017-09-13

2017-09-12

2017-09-16

VU#101048

6.5

Microsoft .NET framework SOAP Moniker PrintClientProxy remote code execution vulnerability

2017-09-12

2017-09-12

2017-11-08

VU#240311

6.2

Multiple Bluetooth implementation vulnerabilities affect many devices

2017-09-08

2017-09-08

2017-10-12

VU#166743

3.8

Das U-Boot AES-CBC encryption implementation contains multiple vulnerabilities

2017-09-06

2017-09-05

2017-09-06

VU#112992

8.3

Apache Struts 2 framework REST plugin insecurely deserializes untrusted XML data

2017-08-29

2017-08-28

2017-08-31

VU#403768

1.3

Akeo Consulting Rufus fails to update itself securely

2017-08-03

2017-06-13

2017-08-09

VU#824672

 

Microsoft Windows automatically executes code specified in shortcut files

2017-07-27

2017-07-27

2017-10-18

VU#793496

3.6

Open Shortest Path First (OSPF) protocol implementations may improperly determine LSA recency

2017-07-25

2017-06-26

2017-07-25

VU#838200

5.6

Telerik Web UI contains cryptographic weakness

2017-07-20

2017-07-20

2017-10-30

VU#586501

0

Inmarsat AmosConnect8 Mail Client Vulnerable to SQL Injection and Backdoor Account

2017-07-18

2017-07-18

2017-07-26

VU#547255

5.9

Dahua IP cameras Sonia web interface is vulnerable to stack buffer overflow

2017-06-19

2017-06-19

2017-06-28

VU#489392

5.6

Acronis True Image fails to update itself securely

2017-06-15

2017-06-15

2017-06-15

VU#846320

4.9

Samsung Magician fails to update itself securely

2017-06-13

2017-06-13

2017-06-29

VU#768399

5.3

HPE SiteScope contains multiple vulnerabilities

2017-06-08

2017-06-08

2017-06-14

VU#251927

6.7

CalAmp LMU-3030 devices may not authenticate SMS interface

2017-06-07

2017-06-07

2017-07-24

VU#350135

6.7

Various WiMAX routers contain a authentication bypass vulnerability in custom libmtk httpd plugin

2017-05-04

2017-05-04

2017-05-04

VU#556600

4.5

Space Coast Credit Union SCCU Mobile for Android and iPhone fails to properly validate SSL certificates

2017-05-04

2017-05-04

2017-05-10

VU#276408

4.5

Think Mutual Bank Mobile Banking App for iPhone fails to properly validate SSL certificates

2017-05-02

2017-05-01

2017-12-21

VU#491375

5.5

Intel Active Management Technology (AMT) does not properly enforce access control

2017-04-25

2017-04-24

2017-04-25

VU#219739

1.5

Portrait Displays SDK applications are vulnerable to arbitrary code execution and privilege escalation

2017-04-17

2017-04-14

2017-04-27

VU#676632

6.4

IBM Lotus Domino server mailbox name stack buffer overflow

2017-04-11

2017-04-11

2017-04-24

VU#334207

 

DBPOWER U818A WIFI quadcopter drone allows full filesystem permissions to anonymous FTP

2017-04-10

2017-04-07

2017-04-13

VU#921560

6.8

Microsoft OLE URL Moniker improperly handles remotely-linked HTA data

2017-04-04

2017-04-04

2017-04-14

VU#307983

6.3

Action Message Format (AMF3) Java implementations are vulnerable to insecure deserialization and XML external entities references

2017-03-31

2017-03-31

2017-03-31

VU#507496

7.1

GIGABYTE BRIX UEFI firmware fails to implement write protection and is not cryptographically signed

2017-03-28

2017-03-28

2017-04-13

VU#342303

5.3

Pandora iOS app does not properly validate SSL certificates

2017-03-21

2017-03-15

2017-04-21

VU#600671

4.2

PCAUSA Rawether for Windows local privilege escalation

2017-03-16

2017-03-15

2017-03-16

VU#214283

2

Commvault Edge contains a buffer overflow vulnerability

2017-03-15

2017-03-15

2017-03-24

VU#553503

6.7

D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass and do not protect credentials

2017-03-14

2017-03-06

2017-03-14

VU#834067

8.7

Apache Struts 2 is vulnerable to remote code execution

2017-03-08

2017-03-08

2017-03-08

VU#305448

4.9

D-Link DIR-850L web admin interface contains a stack-based buffer overflow vulnerability

2017-03-08

2017-03-08

2017-03-13

VU#247016

4.5

Flash Seats Mobile App for Android and iOS fails to validate SSL certificates

2017-03-07

2017-03-07

2017-03-07

VU#355151

6.4

ACTi cameras models from the D, B, I, and E series contain multiple security vulnerabilities

2017-03-07

2016-12-17

2017-03-07

VU#608591

5.8

PHP FormMail Generator generates code vulnerable to multiple issues

2017-03-06

2017-03-06

2017-03-07

VU#168699

4.6

dotCMS contains multiple vulnerabilities

2017-02-28

2017-02-28

2017-02-28

VU#742632

5.3

Sage XRT Treasury database fails to properly restrict access to authorized users

2017-02-15

2017-02-15

2018-02-27

VU#614751

4.7

Hughes satellite modems contain multiple vulnerabilities

2017-02-08

2017-01-31

2017-02-08

VU#745607

2.5

Accellion FTP server contains information exposure and cross-site scripting vulnerabilities

2017-02-02

2017-02-01

2017-03-17

VU#867968

7

Microsoft Windows SMB Tree Connect Response denial of service vulnerability

2017-01-31

2017-01-31

2017-04-07

VU#167623

6

SHDesigns Resident Download Manager does not authenticate firmware downloads

2017-01-27

2017-01-23

2017-01-27

VU#909240

6.8

Cisco WebEx web browser extension allows arbitrary code execution

2017-01-13

2017-01-13

2017-01-13

VU#865216

4

CodeLathe FileCloud is vulnerable to cross-site request forgery

2017-01-10

2017-01-10

2017-01-11

VU#767208

3.9

ThreatMetrix SDK for iOS fails to validate SSL certificates

2017-01-03

2017-01-03

2017-02-08

VU#475907

1.8

ShoreTel Mobility Client mobile application does not verify SSL certificates

2016-12-13

2016-12-12

2016-12-19

VU#535111

4.6

McAfee VirusScan Enterprise for Windows scriptproxy COM object memory corruption vulnerability

2016-12-13

2016-12-13

2016-12-14

VU#779243

4.5

EpubCheck 4.0.1 contains a XML external entity processing vulnerability

2016-12-12

2016-12-09

2016-12-13

VU#245327

5.5

McAfee VirusScan for Linux contains multiple vulnerabilities

2016-12-09

2016-12-07

2017-01-03

VU#582384

7

Multiple Netgear routers are vulnerable to arbitrary command injection

2016-12-08

2016-12-05

2016-12-08

VU#494015

7.5

PHP FormMail Generator generates code with multiple vulnerabilities

2016-12-07

2016-12-07

2016-12-07

VU#768331

4.4

ForeScout CounterACT SecureConnector agent is vulnerable to privilege escalation

2016-12-06

2016-12-06

2016-12-08

VU#548487

1.7

BSD libc contains a buffer overflow vulnerability in link_ntoa()

2016-12-06

2016-12-06

2016-12-12

VU#846103

6

Sungard eTRAKiT3 may be vulnerable to SQL injection

2016-11-30

2016-11-29

2016-12-02

VU#791496

6.5

Mozilla Firefox SVG animation nsSMILTimeContainer use-after-free vulnerability

2016-11-21

2016-11-21

2017-11-20

VU#633847

6.1

NTP.org ntpd contains multiple denial of service vulnerabilities

2016-11-17

2016-11-11

2016-11-17

VU#624539

6.3

Ragentek Android OTA update mechanism vulnerable to MITM attack

2016-11-16

2016-11-15

2016-11-16

VU#346175

5.3

Imagely NextGen Gallery plugin for Wordpress contains a local file inclusion vulnerability

2016-11-07

2016-11-07

2017-03-08

VU#677427

6

D-Link routers HNAP service contains stack-based buffer overflow

2016-10-25

2016-10-25

2016-10-25

VU#974055

1.4

iTrack Easy contains multiple vulnerabilities

2016-10-25

2016-10-25

2016-10-25

VU#402847

1.7

Zizai Tech Nut contains multiple vulnerabilities

2016-10-25

2016-10-25

2016-10-27

VU#617567

1.4

TrackR Bravo contains multiple vulnerabilities

2016-10-21

2016-10-20

2016-11-17

VU#243144

5.6

Linux kernel memory subsystem copy on write mechanism contains a race condition vulnerability

2016-10-20

2016-10-20

2016-10-20

VU#404187

4.7

Synology NAS servers contain insecure default credentials

2016-10-20

2016-10-20

2016-10-20

VU#970379

4.7

Green Packet DX-350 contains insecure default credentials

2016-10-20

2016-10-20

2016-10-20

VU#200907

3

Intellian Satellite TV t-Series and v-Series firmware contains insecure default credentials

2016-10-20

2016-10-20

2016-12-13

VU#326395

4.7

Nuuo NT-4040 firmware contains insecure default credentials

2016-10-17

2016-10-17

2016-10-28

VU#763843

6

ASUS RP-AC52 contains multiple vulnerabilities

2016-10-11

2016-10-10

2016-10-14

VU#396440

5.9

MatrixSSL contains multiple vulnerabilities

2016-10-04

2016-10-04

2016-10-11

VU#884840

6.5

Animas OneTouch Ping insulin pump contains multiple vulnerabilities

2016-09-30

2016-09-30

2016-10-10

VU#338624

1.8

U by BB&T iOS banking application fails to properly validate SSL certificates

2016-09-28

2016-09-28

2016-09-28

VU#706359

5.7

Aternity version 9 vulnerable to cross-site scripting and remote code execution

2016-09-13

2016-09-13

2016-09-22

VU#667480

2.3

AVer Information EH6108H+ hybrid DVR contains multiple vulnerabilities

2016-09-07

2016-09-06

2016-09-07

VU#282991

6.4

DEXIS Imaging Suite 10 contains hard-coded credentials

2016-09-06

2016-09-06

2016-09-07

VU#548399

7.1

Dentsply Sirona CDR DICOM contains multiple hard-coded credentials

2016-09-06

2016-09-06

2016-09-13

VU#619767

1.9

Open Dental uses blank database password by default

2016-09-06

2016-09-06

2016-09-09

VU#724487

6

Fortinet FortiWAN load balancer appliance contains multiple vulnerabilities

2016-08-26

2016-08-23

2016-08-26

VU#305607

5.3

Accellion Kiteworks contains multiple vulnerabilities

2016-08-16

2016-08-16

2016-08-16

VU#294272

4.8

ReadyDesk contains multiple vulnerabilities

2016-08-15

2016-08-15

2018-04-04

VU#905344

3.4

HTTP CONNECT and 407 Proxy Authentication Required messages are not integrity protected

2016-08-12

2016-08-11

2016-08-26

VU#301735

2.1

Zmodo ZP-NE14-S DVR and ZP-IBH-13W cameras contain hard-coded credentials

2016-08-11

2016-08-11

2016-08-12

VU#332115

6.3

D-Link routers contain buffer overflow vulnerability

2016-08-08

2016-08-06

2016-08-08

VU#735416

1

UltraVNC repeater does not restrict IP addresses or ports by default

2016-08-04

2016-08-04

2017-07-11

VU#877625

1.7

Proxy auto-config (PAC) files have access to full HTTPS URLs

2016-08-04

2016-08-04

2016-08-05

VU#856152

7

NUUO and Netgear Network Video Recorder (NVR) products web interfaces contain multiple vulnerabilities

2016-08-01

2016-08-01

2016-08-02

VU#603047

6.2

Crestron AirMedia AM-100 contains multiple vulnerabilities

2016-08-01

2016-08-01

2016-08-01

VU#974424

6.2

Crestron Electronics DM-TXRX-100-STR web interface contains multiple vulnerabilities

2016-07-29

2016-07-29

2016-07-29

VU#217871

3.4

Intel CrossWalk project does not validate SSL certificates after first acceptance

2016-07-19

2016-07-19

2016-08-08

VU#682704

2.2

Misys FusionCapital Opics Plus contains multiple vulnerabilities

2016-07-19

2016-07-18

2016-08-26

VU#790839

5.4

Objective Systems ASN1C generates code that contains a heap overflow vulnerability

2016-07-18

2016-07-18

2016-07-19

VU#797896

1.1

CGI web servers assign Proxy header values from client requests to internal HTTP_PROXY environment variables

2016-07-13

2016-07-13

2016-07-13

VU#665280

3.5

Accela Civic Platform Citizen Access portal contains multiple vulnerabilities

2016-07-12

2016-07-12

2016-07-12

VU#123799

4.4

libbpg contains a type confusion vulnerability that leads to out of bounds write

2016-07-05

2016-07-05

2016-07-05

VU#690343

3.4

Acer Portal app for Android does not properly validate SSL certificates

2016-06-23

2016-06-23

2016-06-23

VU#302544

3

Alertus Desktop Notification for OS X sets insecure permissions for configuration and other files

2016-06-20

2016-06-20

2016-06-20

VU#143335

4

mDNSResponder contains multiple memory-based vulnerabilities

2016-06-15

2016-06-14

2016-06-16

VU#748992

7.1

Adobe Flash memory corruption vulnerability

2016-06-10

2016-06-10

2016-07-01

VU#778696

5.6

Netgear D6000 and D3600 contain hard-coded cryptographic keys and are vulnerable to authentication bypass

2016-06-02

2016-06-02

2016-06-06

VU#321640

6.4

NTP.org ntpd is vulnerable to denial of service and other vulnerabilities

2016-06-01

2016-06-01

2016-12-21

VU#754056

5.8

Fonality contains a hard-coded password and embedded SSL private key

2016-05-26

2016-05-26

2016-05-26

VU#482135

2

MEDHOST Perioperative Information Management System contains hard-coded database credentials

2016-05-19

2016-05-11

2016-06-14

VU#204232

4.6

Up.time agent for Linux does not authenticate a user before allowing read access to the file system

2016-05-17

2016-05-17

2016-05-17

VU#586503

5.9

Chef Manage deserializes cookie data insecurely

2016-05-13

2016-05-13

2016-05-13

VU#785823

4.9

Lantronix xPrintServer contains multiple vulnerabilities

2016-05-04

2016-05-03

2016-05-04

VU#250519

7.3

ImageMagick does not properly validate input before processing images using a delegate

2016-05-04

2013-07-10

2016-05-04

VU#369800

7.4

Little CMS 2 DefaultICCintents double-free vulnerability

2016-05-02

2016-05-01

2016-05-04

VU#862384

4.6

libarchive contains a heap-based buffer overflow due to improper input validation

2016-04-29

2016-04-21

2016-04-29

VU#505560

4.4

Accellion File Transfer Appliance (FTA) contains multiple vulnerabilities

2016-04-27

2016-04-26

2016-04-28

VU#718152

5.3

NTP.org ntpd contains multiple vulnerabilities

2016-04-25

2016-04-29

2016-05-02

VU#229047

4.8

Allround Automations PL/SQL Developer v11 performs updates over HTTP

2016-04-22

2016-04-22

2016-04-22

VU#822980

7.1

SysLINK M2M Modular Gateway contains multiple vulnerabilities

2016-04-22

2016-04-18

2016-04-22

VU#267328

6.3

HP Data Protector does not perform authentication and contains an embedded SSL private key

2016-04-12

2016-04-12

2016-04-14

VU#813296

6.9

Microsoft Windows and Samba may allow spoofing of authenticated users ("Badlock")

2016-04-07

2016-04-07

2016-04-20

VU#615456

6.7

Lemur Vehicle Monitors BlueDriver LSB2 does not authenticate users for Bluetooth access

2016-03-30

2016-02-15

2016-03-30

VU#344432

2.4

Patterson Dental Eaglesoft uses a hard-coded database password across installations

2016-03-28

2016-03-28

2016-03-28

VU#732760

1.8

Autodesk Backburner Manager contains a stack-based buffer overflow vulnerability

2016-03-26

2016-03-25

2016-03-26

VU#319816

3.8

npm fails to restrict the actions of malicious npm packages

2016-03-24

2016-03-24

2016-03-24

VU#279472

1.4

Granite Data Services AMF framework fails to properly parse XML input containing a reference to external entities

2016-03-17

2016-03-17

2016-04-18

VU#897144

4.4

Solarwinds Dameware Remote Mini Controller Windows service is vulnerable to stack buffer overflow

2016-03-11

2016-03-10

2016-03-14

VU#713312

2.3

DTE Energy Insight app vulnerable to information exposure

2016-03-10

2016-03-10

2016-03-10

VU#270232

1.5

Quagga bgpd with BGP peers enabled for VPNv4 contains a buffer overflow vulnerability

2016-03-01

2016-03-01

2016-03-14

VU#583776

6.5

Network traffic encrypted using RSA-based SSL certificates over SSLv2 may be decrypted by the DROWN attack

2016-02-29

2016-02-24

2016-03-04

VU#938151

4.6

Forwarding Loop Attacks in Content Delivery Networks may result in denial of service

2016-02-29

2016-02-25

2017-07-18

VU#419128

6.7

IKE/IKEv2 protocol implementations may allow network amplification attacks

2016-02-25

2016-02-25

2016-02-25

VU#444472

5.6

QNAP Signage Station and iArtist Lite contain multiple vulnerabilities

2016-02-24

2016-02-23

2016-03-01

VU#981271

1.9

Multiple wireless keyboard/mouse devices use an unsafe proprietary wireless protocol

2016-02-22

2016-02-22

2016-04-04

VU#485744

5.9

Flexera Software FlexNet Publisher lmgrd contains a buffer overflow vulnerability

2016-02-17

2016-02-17

2016-02-19

VU#899080

6.4

Zhuhai Raysharp firmware for DVRs from multiple vendors contains hard-coded credentials

2016-02-17

2016-02-17

2016-02-17

VU#923388

6.2

Swann SRNVW-470 allows unauthorized access to video stream and contains a hard-coded password

2016-02-17

2016-02-16

2016-03-14

VU#457759

8.1

glibc vulnerable to stack buffer overflow in DNS resolver

2016-02-16

2016-02-16

2016-11-09

VU#507216

5.2

Hirschmann "Classic Platform" switches reveal administrator password in SNMP community string by default

2016-02-11

2016-02-11

2016-02-16

VU#327976

5.9

Cisco Adaptive Security Appliance (ASA) IKEv1 and IKEv2 contains a buffer overflow vulnerability

2016-02-04

2016-02-04

2016-02-08

VU#305096

1.6

Comodo Chromodo browser with Ad Sanitizer does not enforce same origin policy and is based on an outdated version of Chromium

2016-02-03

2016-02-03

2016-02-04

VU#777024

5.6

Netgear Management System NMS300 contains arbitrary file upload and path traversal vulnerabilities

2016-02-02

2016-02-02

2016-02-02

VU#544527

2.1

OpenELEC and RasPlex have a hard-coded SSH root password

2016-02-02

2016-02-02

2016-02-02

VU#719736

4.4

Fisher-Price Smart Toy platform allows some unauthenticated web API commands

2016-02-01

2016-02-01

2016-02-01

VU#972224

1

Huawei Mobile WiFi E5151 and E5186 routers use insufficiently random values for DNS queries

2016-01-28

2016-01-28

2016-01-29

VU#257823

6.9

OpenSSL re-uses unsafe prime numbers in Diffie-Hellman protocol

2016-01-21

2016-01-21

2016-01-27

VU#992624

5.9

Harman AMX multimedia devices contain hard-coded credentials

2016-01-20

2016-01-19

2016-01-20

VU#916896

5.9

Oracle Outside In 8.5.2 contains multiple stack buffer overflows

2016-01-20

2016-01-12

2016-03-10

VU#772447

2.9

ffmpeg and Libav cross-domain information disclosure vulnerability

2016-01-14

2016-01-14

2016-01-20

VU#456088

2.7

OpenSSH Client contains a client information leak vulnerability and buffer overflow

2016-01-12

2016-01-11

2016-01-25

VU#913000

5

Samsung SRN-1670D camera contains multiple vulnerabilities

2016-01-07

2015-12-19

2016-01-07

VU#753264

5.9

IPSwitch WhatsUp Gold does not validate commands when deserializing XML objects

2016-01-05

2016-01-05

2016-01-05

VU#418072

4.2

Comcast XFINITY Home Security fails to properly handle wireless communications disruption

2016-01-04

2015-01-04

2016-01-04

VU#820196

1.8

Furuno Voyage Data Recorder (VDR) moduleserv firmware update utility fails to properly sanitize user-provided input

2015-12-21

2015-12-17

2015-12-22

VU#640184

6.2

Juniper ScreenOS contains multiple vulnerabilities

2015-12-18

2015-12-18

2015-12-18

VU#757840

1.5

Dovestones Software AD Self Password Reset fails to properly restrict password reset request to authorized users

2015-12-16

2015-12-16

2015-12-27

VU#176160

4.4

IPswitch WhatsUp Gold contains multiple XSS vulnerabilities and a SQLi

2015-12-10

2015-12-10

2015-12-10

VU#403568

1.1

Netgear G54/N150 Wireless Router WNR1000v3 uses insufficiently random values for DNS queries

2015-12-10

2015-12-10

2016-01-25

VU#646008

1.1

Buffalo AirStation Extreme N600 Router WZR-600DHP2 uses insufficiently random values for DNS queries

2015-12-10

2015-12-10

2015-12-10

VU#330000

1.6

ZyXEL NBG-418N router uses default credentials and is vulnerable to cross-site request forgery

2015-12-10

2015-12-10

2015-12-10

VU#167992

1.6

ReadyNet WRT300N-DD Wireless Router contains multiple vulnerabilities

2015-12-10

2015-12-10

2015-12-10

VU#763576

1.6

Amped Wireless R10000 router contains multiple vulnerabilities

2015-12-08

2015-12-08

2016-05-16

VU#377260

4.1

Up.time agent for Windows contains multiple vulnerabilities

2015-12-08

2015-12-08

2015-12-08

VU#439016

4.4

TaxiHail Android mobile app contains multiple vulnerabilties

2015-12-04

2015-12-03

2017-03-22

VU#294607

6.7

Lenovo Solution Center LSCTaskService privilege escalation, directory traversal, and CSRF

2015-12-01

2015-11-30

2015-12-09

VU#630239

4.9

Epiphany Cardio Server is vulnerable to SQL and LDAP injection

2015-11-30

2015-11-30

2015-11-30

VU#792004

5.5

RSI Video Technologies Videofied security system Frontel software uses an insecure custom protocol

2015-11-25

2015-11-25

2016-09-06

VU#566724

3.5

Embedded devices use non-unique X.509 certificates and SSH host keys

2015-11-24

2015-11-24

2015-12-01

VU#925497

6.4

Dell System Detect installs root certificate and private key (DSDTestProvider)

2015-11-24

2015-11-23

2015-12-01

VU#870761

6.5

Dell Foundation Services installs root certificate and private key (eDellRoot)

2015-11-23

2015-11-23

2015-11-23

VU#428280

2

CSL DualCom GPRS CS2300-R alarm signalling boards contain multiple vulnerabilties

2015-11-20

2015-11-20

2015-11-23

VU#419568

6.7

ARRIS cable modems generate passwords deterministically and contain XSS and CSRF vulnerabilities

2015-11-13

2015-01-28

2018-08-27

VU#576313

6.4

Apache Commons Collections Java library insecurely deserializes data

2015-11-06

2015-11-06

2015-11-09

VU#438928

2

Huawei HG532 routers contain a path traversal vulnerability

2015-11-03

2015-11-03

2015-11-04

VU#391604

5.9

ZTE ZXHN H108N R1A routers contain multiple vulnerabilities

2015-11-03

2015-11-03

2015-11-06

VU#866432

2.1

Commvault Edge Server deserializes cookie data insecurely

2015-11-02

2015-10-31

2015-11-02

VU#316888

4.4

MobaXterm server may allow arbitrary command injection due to missing X11 authentication

2015-10-29

2015-10-29

2015-10-29

VU#573848

5.1

Qolsys IQ Panel contains multiple vulnerabilities

2015-10-27

2015-10-19

2015-11-03

VU#350508

4.6

HP ArcSight SmartConnector fails to properly validate SSL and contains a hard-coded password

2015-10-27

2015-10-27

2015-11-19

VU#672500

4.1

EPSON Network Utility installs EpsonBidirectionalService with insecure permissions

2015-10-21

2015-10-21

2015-10-21

VU#840844

4.4

HP Photosmart B210 printer SMB server buffer overflow vulnerability

2015-10-20

2015-07-20

2017-08-14

VU#966927

5.9

HP Client Automation and Radia Client Automation is vulnerable to remote code execution

2015-10-20

2015-07-30

2015-10-21

VU#935424

1

Virtual Machine Monitors (VMM) contain a memory deduplication vulnerability

2015-10-20

2015-10-20

2015-10-20

VU#675052

5

Medicomp MEDCIN Engine contains multiple vulnerabilities

2015-10-19

2015-10-19

2015-10-26

VU#842252

2.3

HP ArcSight Logger contains multiple vulnerabilities

2015-10-16

2015-10-13

2015-10-20

VU#943167

4.7

Voice over LTE implementations contain multiple vulnerabilities

2015-10-13

2015-10-13

2015-10-29

VU#870744

5.3

ZyXEL NBG-418N, PMG5318-B20A and P-660HW-T1 routers contain multiple vulnerabilities

2015-10-12

2015-10-12

2015-10-13

VU#751328

3.9

QNAP QTS is vulnerable to a path traversal attack when used with the AFP protocol and OS X

2015-09-30

2015-09-30

2015-09-30

VU#693036

6.4

Datalex airline booking software allowed authorization bypass for arbitrary users

2015-09-24

2015-08-13

2015-10-28

VU#804060

5.8

Cookies set via HTTP requests may be used to bypass HTTPS and reveal private information

2015-09-21

2015-09-21

2015-09-21

VU#374092

1.7

Web Reference Database (refbase) contains multiple vulnerabilities

2015-09-10

2015-09-10

2015-09-15

VU#906576

4.4

Securifi Almond routers contains multiple vulnerabilities

2015-09-09

2015-07-14

2015-09-10

VU#549807

5.9

Impero Education Pro classroom management software vulnerable to remote code execution

2015-09-03

2015-09-03

2016-05-31

VU#630872

4.6

Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N contains multiple vulnerabilities

2015-09-03

2015-08-31

2015-09-03

VU#845332

3.8

OrientDB and Studio prior to version 2.1.1 contain multiple vulnerabilities

2015-09-01

2015-09-01

2015-12-08

VU#903500

4.5

Seagate and LaCie wireless storage products contain multiple vulnerabilities

2015-08-31

2015-08-31

2016-09-22

VU#201168

4.6

Belkin N600 DB Wireless Dual Band N+ router contains multiple vulnerabilities

2015-08-31

2015-08-31

2016-01-04

VU#361684

3.7

Router devices do not implement sufficient UPnP authentication and security

2015-08-31

2015-08-31

2016-04-17

VU#525276

4.7

Philippine Long Distance Telephone SpeedSurf 504AN and Kasda KW58293 contain multiple vulnerabilities

2015-08-25

2015-08-25

2015-08-27

VU#950576

6

DSL routers contain hard-coded "XXXXairocon" credentials

2015-08-20

2015-08-20

2015-08-20

VU#276148

6.4

Dedicated Micros DVR products use plaintext protocols and require no password by default

2015-08-18

2015-08-18

2015-08-18

VU#248692

3

Trend Micro Deep Discovery threat appliance contains multiple vulnerabilities

2015-08-17

2015-07-31

2015-08-17

VU#300820

6.4

Cisco Prime Infrastructure contains SUID root binaries

2015-08-11

2015-08-11

2015-08-11

VU#335192

4.9

Actiontec GT784WN Wireless N DSL Modem contains multiple vulnerabilities

2015-08-11

2015-08-11

2015-08-28

VU#209512

7.1

Mobile Devices C4 ODB2 dongle contains multiple vulnerabilities

2015-08-07

2015-08-07

2015-08-10

VU#628568

6.7

Sierra Wireless GX, ES, and LS gateways running ALEOS contain hard-coded credentials

2015-07-31

2015-07-31

2015-07-31

VU#360431

4.8

Chiyu Technology fingerprint access control contains multiple vulnerabilities

2015-07-30

2015-07-30

2015-08-12

VU#577140

7.2

BIOS implementations fail to properly set UEFI write protections after waking from sleep mode

2015-07-28

2015-07-21

2016-01-08

VU#924951

3.5

Android Stagefright contains multiple vulnerabilities

2015-07-24

2015-07-21

2015-09-14

VU#819439

6.2

Fiat Chrysler Automobiles UConnect allows a vehicle to be remotely controlled

2015-07-24

2015-07-24

2017-03-22

VU#857948

1.8

Honeywell Tuxedo Touch Controller contains multiple vulnerabilities

2015-07-20

2015-07-20

2015-07-20

VU#912036

4.9

N-Able RSMWinService contains hard coded security constants allowing decryption of domain administrator password

2015-07-20

2015-07-16

2015-07-20

VU#813631

0.9

Total Commander File Info plugin vulnerable to denial of service via an out-of-bounds read

2015-07-13

2015-07-13

2015-07-13

VU#919604

2.5

Kaseya Virtual System Administrator contains multiple vulnerabilities

2015-07-12

2015-07-05

2015-07-14

VU#918568

6.7

Adobe Flash ActionScript 3 BitmapData memory corruption vulnerability

2015-07-11

2015-07-05

2015-07-14

VU#338736

7.5

Adobe Flash ActionScript 3 opaqueBackground use-after-free vulnerability

2015-07-08

2015-07-05

2015-07-14

VU#103336

6.8

Windows Adobe Type Manager privilege escalation vulnerability

2015-07-07

2015-07-07

2015-07-07

VU#253708

3.8

Grandsteam GXV3611_HD camera is vulnerable to SQL injection

2015-07-07

2015-07-05

2015-07-11

VU#561288

7.1

Adobe Flash ActionScript 3 ByteArray use-after-free vulnerability

2015-07-06

2015-07-06

2015-07-06

VU#485324

4.6

ANTLabs InnGate gateway device contains SQL injection and reflected cross-site scripting vulnerabilities

2015-06-16

2015-06-16

2015-06-25

VU#155412

4.5

Samsung Galaxy S phones fail to properly validate SwiftKey language pack updates

2015-06-16

2015-06-05

2015-06-16

VU#842780

3.5

Vesta Control Panel is vulnerable to cross-site request forgery

2015-06-16

2015-06-15

2015-06-16

VU#626420

1.3

Pearson ProctorCache contains hard coded credentials

2015-06-15

2014-07-09

2015-06-15

VU#101500

4.6

Retrospect Backup Client uses weak password hashing

2015-06-10

2015-06-08

2015-06-10

VU#555984

4.6

Avigilon Control Center is vulnerable to path traversal

2015-06-09

2015-06-08

2015-06-10

VU#810572

5.5

CUPS print service is vulnerable to privilege escalation and cross-site scripting

2015-06-08

2015-06-08

2015-07-01

VU#595884

2

Aptexx Resident Anywhere exposes sensitive account information

2015-06-08

2015-06-08

2015-06-08

VU#924506

3.4

Toshiba 4690 OS contains an information disclosure vulnerability

2015-06-08

2015-06-08

2015-06-08

VU#301788

4.5

Toshiba CHEC contains a hard-coded cryptographic key

2015-06-04

2015-06-04

2015-06-05

VU#264092

5

McAfee ePolicy Orchestrator fails to properly validate SSL/TLS certificates

2015-05-29

2015-05-29

2015-06-02

VU#498348

4

Blue Coat SSL Visibility Appliance contains multiple vulnerabilities

2015-05-26

2015-05-26

2015-05-27

VU#551972

1.3

Synology Cloud Station sync client for OS X allows regular users to claim ownership of system files

2015-05-19

2015-05-19

2015-06-05

VU#177092

3.7

KCodes NetUSB kernel driver is vulnerable to buffer overflow

2015-05-08

2015-04-27

2015-05-08

VU#110532

5.3

Subrion CMS vulnerable to SQL injection by an authenticated user

2015-05-05

2015-05-05

2015-05-05

VU#978652

1.3

Bomgar Remote Support Portal deserializes untrusted data

2015-05-04

2015-05-04

2015-08-03

VU#602540

3.4

ICU Project ICU4C library contains multiple overflow vulnerabilities

2015-04-30

2015-04-30

2015-04-30

VU#581276

6.3

EMC AutoStart is vulnerable to remote code execution via specially crafted packets

2015-04-28

2015-04-28

2015-04-28

VU#534407

5.2

Barracuda Web Filter insecurely performs SSL inspection

2015-04-20

2015-04-20

2015-05-07

VU#260780

4.9

NetNanny uses a shared private key and root CA

2015-04-17

2015-04-17

2015-04-17

VU#750060

4

Hewlett-Packard Network Automation contains multiple vulnerabilities

2015-04-14

2015-04-14

2015-04-17

VU#274244

3.9

Blue Coat Malware Analysis appliance contains a cross-site scripting (XSS) vulnerability and information disclosure

2015-04-14

2015-04-14

2015-04-14

VU#697316

5.5

SearchBlox contains multiple vulnerabilities

2015-04-13

2015-04-13

2017-09-05

VU#672268

5.7

Microsoft Windows NTLM automatically authenticates via SMB when following a file:// URL

2015-04-07

2015-04-07

2015-04-10

VU#374268

4.2

NTP Project ntpd reference implementation contains multiple vulnerabilities

2015-04-02

2015-04-02

2015-04-02

VU#924124

3.6

X-Cart contains multiple vulnerabilities

2015-03-31

2015-03-31

2015-05-15

VU#550620

3.9

Multicast DNS (mDNS) implementations may respond to unicast queries originating outside the local link

2015-03-27

2008-12-31

2015-04-07

VU#591120

6.4

Multiple SSL certificate authorities use predefined email addresses as proof of domain ownership

2015-03-26

2015-03-26

2015-03-26

VU#930956

6.2

Multiple ANTlabs InnGate models allow unauthenticated read/write to filesystem

2015-03-20

2015-03-20

2015-07-08

VU#631788

5.3

BIOS implementations permit unsafe SMM function calls to memory locations outside of SMRAM

2015-03-20

2011-01-31

2015-09-08

VU#894897

7.3

NSIS Inetc plug-in fails to validate SSL certificates

2015-03-17

2015-03-12

2015-03-17

VU#868948

1.8

HP ArcSight contains multiple vulnerabilities

2015-03-16

2015-03-13

2015-03-16

VU#184100

5.9

D-Link DAP-1320 Rev Ax is vulnerable to a command injection

2015-03-16

2015-03-13

2015-03-16

VU#377348

6.1

D-Link DCS-93xL model family allows unrestricted upload

2015-03-10

2015-03-10

2015-03-13

VU#794095

1.2

Telerik Analytics Monitor Library allows DLL hijacking

2015-03-06

2015-03-06

2015-10-27

VU#243585

6.4

SSL/TLS implementations accept export-grade RSA keys (FREAK attack)

2015-03-03

2015-03-02

2015-03-03

VU#302668

1.3

ShareLaTeX vulnerable to remote command execution and information disclosure

2015-02-27

2015-02-26

2015-03-05

VU#632140

3.9

Multiple Toshiba products are vulnerable to trusted service path privilege escalation

2015-02-23

2015-02-22

2015-02-26

VU#366544

8

Adtrustmedia PrivDog fails to validate SSL certificates

2015-02-19

2015-02-19

2015-03-17

VU#529496

8.6

Komodia Redirector with SSL Digestor fails to properly validate SSL and installs non-unique root CA certificates and private keys

2015-02-13

2015-02-04

2015-02-27

VU#695940

2.9

Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability

2015-02-13

2015-02-13

2015-02-13

VU#787252

8.5

Microsoft Windows domain-configured client Group Policy fails to authenticate servers

2015-02-05

2014-02-05

2015-02-10

VU#377644

3.2

Ektron Content Management System (CMS) contains multiple vulnerabilities

2015-02-05

2015-02-05

2015-02-06

VU#669156

1.3

Topline Systems Opportunity Form vulnerable to information disclosure

2015-02-02

2015-02-02

2015-02-02

VU#522460

5.9

SerVision HVG Video Gateway web interface contains multiple vulnerabilities

2015-01-28

2015-01-28

2015-10-22

VU#967332

5.9

GNU C Library (glibc) __nss_hostname_digits_dots() function vulnerable to buffer overflow

2015-01-23

2015-01-23

2015-01-23

VU#546340

2.5

QPR Portal contains multiple vulnerabilities

2015-01-23

2015-01-23

2015-01-29

VU#637068

5.8

LabTech contains privilege escalation vulnerability

2015-01-21

2015-01-21

2015-01-21

VU#110652

5

iPass Open Mobile Windows Client contains a remote code execution vulnerability

2015-01-16

2015-01-16

2015-01-21

VU#936356

6.8

Ceragon FiberAir IP-10 Microwave Bridge contains a default root password

2015-01-13

2014-12-11

2015-01-13

VU#117604

1

Panasonic Arbitrator Back-End Server (BES) uses unencrypted communication

2015-01-05

2014-12-28

2015-08-03

VU#976132

5.6

UEFI implementations do not properly secure the EFI S3 Resume Boot Path boot script

2015-01-05

2014-12-28

2015-07-23

VU#766164

5.3

Intel BIOS locking mechanism contains race condition that enables write protection bypass

 

20