Vulnerabilities > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-03-29 | CVE-2014-5428 | Unspecified vulnerability in Johnsoncontrols Metsys 4.1/6.5 Unrestricted file upload vulnerability in unspecified web services in Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to execute arbitrary code by uploading a shell script. | 10.0 |
2015-03-27 | CVE-2015-2767 | Security vulnerability in Websense TRITON AP-EMAIL Unspecified vulnerability in Websense TRITON AP-EMAIL before 8.0.0 has unknown impact and attack vectors, related to "Autocomplete Enabled." | 10.0 |
2015-03-27 | CVE-2015-2763 | Security vulnerability in Websense TRITON AP-EMAIL Unspecified vulnerability in Websense TRITON AP-EMAIL before 8.0.0 has unknown impact and attack vectors, related to port 17703. | 10.0 |
2015-03-26 | CVE-2015-0635 | Improper Input Validation vulnerability in Cisco IOS and IOS XE The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to spoof Autonomic Networking Registration Authority (ANRA) responses, and consequently bypass intended device and node access restrictions or cause a denial of service (disrupted domain access), via crafted AN messages, aka Bug ID CSCup62191. | 9.0 |
2015-03-24 | CVE-2015-2284 | Permissions, Privileges, and Access Controls vulnerability in Solarwinds Firewall Security Manager 6.6.5 userlogin.jsp in SolarWinds Firewall Security Manager (FSM) before 6.6.5 HotFix1 allows remote attackers to gain privileges and execute arbitrary code via unspecified vectors, related to client session handling. | 10.0 |
2015-03-24 | CVE-2015-0198 | Improper Authentication vulnerability in IBM General Parallel File System 3.4/3.5/4.1 IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 in certain cipherList configurations allows remote attackers to bypass authentication and execute arbitrary programs as root via unspecified vectors. | 10.0 |
2015-03-14 | CVE-2015-0980 | Improper Input Validation vulnerability in Scadaengine Bacnet OPC Server Format string vulnerability in BACnOPCServer.exe in the SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to execute arbitrary code via format string specifiers in a request. | 9.0 |
2015-03-14 | CVE-2015-0979 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Scadaengine Bacnet OPC Server Heap-based buffer overflow in the SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to execute arbitrary code via a crafted packet. | 9.0 |
2015-03-14 | CVE-2014-7885 | Unspecified vulnerability in Microfocus Arcsight Enterprise Security Manager Multiple unspecified vulnerabilities in HP ArcSight Enterprise Security Manager (ESM) before 6.8c have unknown impact and remote attack vectors. | 10.0 |
2015-03-14 | CVE-2014-7884 | Multiple Remote Security vulnerability in HP Arcsight Logger 6.0 Multiple unspecified vulnerabilities in HP ArcSight Logger before 6.0P1 have unknown impact and remote authenticated attack vectors. | 9.0 |