Vulnerabilities > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-11-03 | CVE-2015-6612 | Permissions, Privileges, and Access Controls vulnerability in Google Android libmedia in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges via a crafted application, aka internal bug 23540426. | 9.3 |
2015-11-03 | CVE-2015-6610 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android libstagefright in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka internal bug 23707088. | 10.0 |
2015-11-03 | CVE-2015-6609 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android libutils in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22953624. | 10.0 |
2015-11-03 | CVE-2015-6608 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android mediaserver in Android 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 19779574, 23680780, 23876444, and 23658148, a different vulnerability than CVE-2015-8072 and CVE-2015-8073. | 10.0 |
2015-10-31 | CVE-2015-6033 | Cryptographic Issues vulnerability in Qolsys IQ Panel Qolsys IQ Panel (aka QOL) before 1.5.1 does not verify the digital signatures of software updates, which allows man-in-the-middle attackers to bypass intended access restrictions via a modified update. | 9.3 |
2015-10-31 | CVE-2015-6032 | Credentials Management vulnerability in Qolsys IQ Panel Qolsys IQ Panel (aka QOL) before 1.5.1 has hardcoded cryptographic keys, which allows remote attackers to create digital signatures for code by leveraging knowledge of a key from a different installation. | 9.3 |
2015-10-28 | CVE-2015-7649 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Shockwave Player Adobe Shockwave Player before 12.2.1.171 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | 10.0 |
2015-10-28 | CVE-2015-6490 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rockwellautomation Micrologix 1100 Firmware and Micrologix 1400 Firmware Stack-based buffer overflow on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices through B FRN 15.003 allows remote attackers to execute arbitrary code via unspecified vectors. | 10.0 |
2015-10-28 | CVE-2015-3972 | 7PK - Security Features vulnerability in Janitza products The web interface on Janitza UMG 508, 509, 511, 604, and 605 devices supports only short PIN values for authentication, which makes it easier for remote attackers to obtain access via a brute-force attack. | 10.0 |
2015-10-26 | CVE-2015-7699 | Improper Input Validation vulnerability in Owncloud The files_external app in ownCloud Server before 7.0.9, 8.0.x before 8.0.7, and 8.1.x before 8.1.2 allows remote authenticated users to instantiate arbitrary classes and possibly execute arbitrary code via a crafted mount point option, related to "objectstore." | 9.0 |