Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-12-24 | CVE-2015-8661 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ffmpeg The h264_slice_header_init function in libavcodec/h264_slice.c in FFmpeg before 2.8.3 does not validate the relationship between the number of threads and the number of slices, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted H.264 data. | 8.3 |
| 2015-12-24 | CVE-2015-7934 | Information Exposure vulnerability in Adcon A840 Telemetry Gateway Base Station Firmware The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to discover log-file pathnames via unspecified vectors. | 8.6 |
| 2015-12-24 | CVE-2015-7932 | Information Exposure vulnerability in Adcon A840 Telemetry Gateway Base Station Firmware Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to obtain sensitive information by sniffing the network. | 8.6 |
| 2015-12-24 | CVE-2015-7931 | Improper Input Validation vulnerability in Adcon A840 Telemetry Gateway Base Station Firmware The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station does not authenticate the station device, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information by reading cleartext packet data, related to the lack of SSL support. | 8.7 |
| 2015-12-24 | CVE-2015-7930 | Unspecified vulnerability in Adcon A840 Telemetry Gateway Base Station Firmware Adcon Telemetry A840 Telemetry Gateway Base Station has hardcoded credentials, which allows remote attackers to obtain administrative access via unspecified vectors. | 10.0 |
| 2015-12-24 | CVE-2015-8267 | Permissions, Privileges, and Access Controls vulnerability in Dovestones AD Self Password Reset 3.0.3.0 The PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll in Dovestones AD Self Password Reset before 3.0.4.0 allows remote attackers to reset arbitrary passwords via a crafted request with a valid username. | 10.0 |
| 2015-12-23 | CVE-2015-7929 | Information Exposure vulnerability in Ewon Firmware 10.0S0 eWON devices with firmware through 10.1s0 support unspecified GET requests, which might allow remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. | 4.3 |
| 2015-12-23 | CVE-2015-7928 | Information Exposure vulnerability in Ewon Firmware 10.0S0 eWON devices with firmware before 10.1s0 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | 8.5 |
| 2015-12-23 | CVE-2015-7927 | Cross-site Scripting vulnerability in Ewon Firmware 10.0S0 Cross-site scripting (XSS) vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2015-12-23 | CVE-2015-7926 | Information Exposure vulnerability in Ewon Firmware 10.0S0 eWON devices with firmware before 10.1s0 omit RBAC for I/O server information and status requests, which allows remote attackers to obtain sensitive information via an unspecified URL. | 9.9 |