Vulnerabilities > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-04-08 | CVE-2015-2828 | Permissions, Privileges, and Access Controls vulnerability in Broadcom Spectrum 9.2/9.3 CA Spectrum 9.2.x and 9.3.x before 9.3 H02 does not properly validate serialized Java objects, which allows remote authenticated users to obtain administrative privileges via crafted object data. | 9.0 |
2015-04-06 | CVE-2015-0134 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Domino Buffer overflow in the SSLv2 implementation in IBM Domino 8.5.x before 8.5.1 FP5 IF3, 8.5.2 before FP4 IF3, 8.5.3 before FP6 IF6, 9.0 before IF7, and 9.0.1 before FP2 IF3 allows remote attackers to execute arbitrary code via unspecified vectors. | 10.0 |
2015-04-06 | CVE-2015-0117 | Arbitrary Code Execution vulnerability in IBM Domino The LDAP Server in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, aka SPR KLYH9SLRGM. | 10.0 |
2015-04-06 | CVE-2014-6221 | Cryptographic Issues vulnerability in IBM Rational Clearcase The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 does not properly generate random numbers, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. | 9.4 |
2015-04-05 | CVE-2015-0932 | Permissions, Privileges, and Access Controls vulnerability in Antlabs products The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write to arbitrary files via TCP traffic on port 873. | 10.0 |
2015-04-03 | CVE-2014-5405 | Information Exposure vulnerability in Hospira Mednet 5.8 Hospira MedNet before 6.1 uses a hardcoded cleartext password to control SQL database authorization, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. | 9.0 |
2015-03-31 | CVE-2014-2830 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Debian Cifs-Utils 6.3 Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils before 6.4, as used in pam_cifscreds, allows remote attackers to have unspecified impact via unknown vectors. | 10.0 |
2015-03-31 | CVE-2014-7876 | Remote Code Execution vulnerability in HP products Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27 and 4 before 2.03 and iLO Chassis Management (CM) firmware before 1.30 allows remote attackers to gain privileges, execute arbitrary code, or cause a denial of service via unknown vectors. | 10.0 |
2015-03-31 | CVE-2015-0984 | Path Traversal vulnerability in Honeywell products Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C500 300 I/O, XL1000C1000 600 I/O, XL1000C50U 52 I/O UUKL, XL1000C100U 104 I/O UUKL, XL1000C500U 300 I/O UUKL, and XL1000C1000U 600 I/O UUKL controllers before 2.04.01 allows remote attackers to read files under the web root, and consequently obtain administrative login access, via a crafted pathname. | 10.0 |
2015-03-29 | CVE-2015-2786 | Security Bypass vulnerability in MyBB Unspecified vulnerability in MyBB (aka MyBulletinBoard) before 1.8.4 has unknown attack vectors related to "Group join request notifications sent to wrong group leaders." | 10.0 |