Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-02-06 | CVE-2015-7914 | 7PK - Security Features vulnerability in Sauter Moduweb Vision 1.5.5 Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote attackers to bypass authentication by leveraging knowledge of a password hash without knowledge of the associated password. | 8.1 |
| 2016-02-05 | CVE-2016-0862 | Information Exposure vulnerability in GE Snmp/Web Adapter Firmware 4.7 General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext account information via unspecified vectors. | 6.5 |
| 2016-02-05 | CVE-2016-0861 | Command Injection vulnerability in GE UPS Snmp web Adapter Firmware General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to execute arbitrary commands via unspecified vectors. | 8.8 |
| 2016-02-04 | CVE-2016-1284 | Improper Input Validation vulnerability in ISC Bind 9.9.8 rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S before 9.9.8-S5, when nxdomain-redirect is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via crafted flag values in a query. | 5.9 |
| 2016-02-04 | CVE-2015-8269 | Improper Authentication vulnerability in Fisher-Price Smart TOY Bear The API on Fisher-Price Smart Toy Bear devices allows remote attackers to obtain sensitive information or modify data by leveraging presence in an 802.11 network's coverage area and entering an account number. | 7.5 |
| 2016-02-03 | CVE-2016-1906 | Permissions, Privileges, and Access Controls vulnerability in Kubernetes Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed. | 9.8 |
| 2016-02-03 | CVE-2016-1905 | Improper Access Control vulnerability in Kubernetes The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object. | 7.7 |
| 2016-02-03 | CVE-2016-1505 | Pathname Traversal and Equivalence Errors vulnerability in Radicale 1.0/1.0.1 The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore. | 10.0 |
| 2016-02-03 | CVE-2015-8748 | Permissions, Privileges, and Access Controls vulnerability in Radicale 1.0/1.0.1 Radicale before 1.1 allows remote authenticated users to bypass owner_write and owner_only limitations via regex metacharacters in the user name, as demonstrated by ".*". | 5.3 |
| 2016-02-03 | CVE-2015-8747 | Improper Input Validation vulnerability in Radicale 1.0/1.0.1 The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name. | 10.0 |