Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-10-28 | CVE-2015-3972 | 7PK - Security Features vulnerability in Janitza products The web interface on Janitza UMG 508, 509, 511, 604, and 605 devices supports only short PIN values for authentication, which makes it easier for remote attackers to obtain access via a brute-force attack. | 10.0 |
| 2015-10-26 | CVE-2015-7699 | Improper Input Validation vulnerability in Owncloud The files_external app in ownCloud Server before 7.0.9, 8.0.x before 8.0.7, and 8.1.x before 8.1.2 allows remote authenticated users to instantiate arbitrary classes and possibly execute arbitrary code via a crafted mount point option, related to "objectstore." | 9.0 |
| 2015-10-26 | CVE-2015-5014 | Improper Input Validation vulnerability in IBM Cognos Disclosure Management IBM Cognos Disclosure Management (CDM) 10.1.x and 10.2.x before 10.2.4 IF10 allows man-in-the-middle attackers to obtain access by spoofing an executable file during a client upload operation. | 9.3 |
| 2015-10-25 | CVE-2015-6335 | Permissions, Privileges, and Access Controls vulnerability in Cisco Firesight System Software 5.3.1.7/5.4.0.4/6.0.0 The policy implementation in Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4, and 6.0.0 for VMware allows remote authenticated administrators to bypass intended policy restrictions and execute Linux commands as root via unspecified vectors, aka Bug ID CSCuw12839. | 9.0 |
| 2015-10-25 | CVE-2015-1001 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ininet Solutions Scada web Server Multiple stack-based buffer overflows in IniNet embeddedWebServer (aka eWebServer) before 2.02 allow remote attackers to execute arbitrary code via a long field in an HTTP request. | 10.0 |
| 2015-10-23 | CVE-2015-6988 | Multiple Security vulnerability in Apple Iphone OS and mac OS X The kernel in Apple iOS before 9.1 and OS X before 10.11.1 does not initialize an unspecified data structure, which allows remote attackers to execute arbitrary code via vectors involving an unknown network-connectivity requirement. | 10.0 |
| 2015-10-23 | CVE-2015-6974 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos IOHIDFamily in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 9.3 |
| 2015-10-23 | CVE-2015-6986 | Multiple Security vulnerability in Apple iOS APPLE-SA-2015-10-21-1 com.apple.driver.AppleVXD393 in the Graphics Driver subsystem in Apple iOS before 9.1 allows attackers to execute arbitrary code via a crafted app that leverages an unspecified "type confusion." <a href="http://cwe.mitre.org/data/definitions/843.html">CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')</a> | 9.3 |
| 2015-10-23 | CVE-2015-6979 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and Watchos GasGauge in Apple iOS before 9.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 9.3 |
| 2015-10-22 | CVE-2015-4915 | Remote Security vulnerability in Oracle and SUN Systems Product Suite 3.0/3.1/3.2 Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to System Management. | 10.0 |