Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-11-27 | CVE-2015-8214 | Permissions, Privileges, and Access Controls vulnerability in Siemens products Siemens SIMATIC CP 343-1 Advanced devices before 3.0.44, CP 343-1 Lean devices, CP 343-1 devices, TIM 3V-IE devices, TIM 3V-IE Advanced devices, TIM 3V-IE DNP3 devices, TIM 4R-IE devices, TIM 4R-IE DNP3 devices, CP 443-1 devices, and CP 443-1 Advanced devices might allow remote attackers to obtain administrative access via a session on TCP port 102. | 9.7 |
| 2015-11-25 | CVE-2015-8103 | Deserialization of Untrusted Data vulnerability in multiple products The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the "Groovy variant in 'ysoserial'". | 9.8 |
| 2015-11-24 | CVE-2015-5053 | Improper Access Control vulnerability in Nvidia GPU Driver The host memory mapping path feature in the NVIDIA GPU graphics driver R346 before 346.87 and R352 before 352.41 for Linux and R352 before 352.46 for GRID vGPU and vSGA does not properly restrict access to third-party device IO memory, which allows attackers to gain privileges, cause a denial of service (resource consumption), or possibly have unspecified other impact via unknown vectors related to the follow_pfn kernel-mode API call. | 10.0 |
| 2015-11-21 | CVE-2015-7912 | Unspecified vulnerability in Tibbo Aggregate 5.21.02 The Ice Faces servlet in ag_server_service.exe in the AggreGate Server Service in Tibbo AggreGate before 5.30.06 allows remote attackers to upload and execute arbitrary Java code via a crafted XML document. | 10.0 |
| 2015-11-21 | CVE-2015-7289 | Credentials Management vulnerability in Arris NA Model 862 GW Mono Firmware Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 have a hardcoded administrator password derived from a serial number, which makes it easier for remote attackers to obtain access via the web management interface, SSH, TELNET, or SNMP. | 9.3 |
| 2015-11-19 | CVE-2015-8236 | Permissions, Privileges, and Access Controls vulnerability in Arista EOS Arista EOS before 4.11.12, 4.12 before 4.12.11, 4.13 before 4.13.14M, 4.14 before 4.14.5FX.5, and 4.15 before 4.15.0FX1.1 allows remote attackers to execute arbitrary code as root by leveraging management-plane access, aka Bug 138716. | 10.0 |
| 2015-11-18 | CVE-2015-8051 | Security vulnerability in Adobe Premiere Clip The Adobe Premiere Clip app before 1.2.1 for iOS mishandles unspecified input, which has unknown impact and attack vectors. | 10.0 |
| 2015-11-18 | CVE-2015-4852 | Deserialization of Untrusted Data vulnerability in Oracle products The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. | 9.8 |
| 2015-11-17 | CVE-2015-8221 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Picasa Integer overflow in Google Picasa before 3.9.140 Build 259 allows remote attackers to execute arbitrary code via the CAMF section in a FOVb image, which triggers a heap-based buffer overflow. | 10.0 |
| 2015-11-17 | CVE-2015-7805 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex value in the header in an AIFF file. | 9.3 |