Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2015-12-21 CVE-2015-7908 Information Exposure vulnerability in Honeywell Midas Black Firmware and Midas Firmware
Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allow remote attackers to discover cleartext passwords by sniffing the network.
network
honeywell CWE-200
critical
9.3
2015-12-21 CVE-2015-7906 Credentials Management vulnerability in Loytec L-Switch and L-Ip Firmware 6.0.1
LOYTEC LIP-3ECTB 6.0.1, LINX-100, LVIS-3E100, and LIP-ME201 devices allow remote attackers to read a password-hash backup file via unspecified vectors.
network
low complexity
loytec CWE-255
critical
10.0
2015-12-19 CVE-2015-7755 Improper Authentication vulnerability in Juniper Screenos 6.3.0
Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 allows remote attackers to obtain administrative access by entering an unspecified password during a (1) SSH or (2) TELNET session.
network
low complexity
juniper CWE-287
critical
10.0
2015-12-16 CVE-2015-8358 Path Traversal vulnerability in Bitrix Mpbuilder 1.0.11
Directory traversal vulnerability in the bitrix.mpbuilder module before 1.0.12 for Bitrix allows remote administrators to include and execute arbitrary local files via a ..
network
low complexity
bitrix CWE-22
critical
9.0
2015-12-16 CVE-2015-7221 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer overflow in the nsDeque::GrowCapacity function in xpcom/glue/nsDeque.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a deque size change.
network
low complexity
mozilla fedoraproject opensuse CWE-119
critical
10.0
2015-12-16 CVE-2015-7220 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer overflow in the XDRBuffer::grow function in js/src/vm/Xdr.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code.
network
low complexity
opensuse mozilla fedoraproject CWE-119
critical
10.0
2015-12-16 CVE-2015-7203 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer overflow in the DirectWriteFontInfo::LoadFontFamilyData function in gfx/thebes/gfxDWriteFontList.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font-family name.
network
low complexity
mozilla fedoraproject opensuse CWE-119
critical
10.0
2015-12-16 CVE-2015-7202 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
network
low complexity
mozilla opensuse fedoraproject CWE-119
critical
10.0
2015-12-13 CVE-2015-6389 Improper Authentication vulnerability in Cisco Prime Collaboration Assurance 10.5.1/10.6.0
Cisco Prime Collaboration Assurance before 11.0 has a hardcoded cmuser account, which allows remote attackers to obtain access by establishing an SSH session and leveraging knowledge of this account's password, aka Bug ID CSCus62707.
network
low complexity
cisco CWE-287
critical
9.0
2015-12-11 CVE-2015-7113 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and Watchos
The LaunchServices component in Apple iOS before 9.2 and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a malformed plist.
network
low complexity
apple CWE-119
critical
10.0