Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-12-27 | CVE-2015-6538 | Unspecified vulnerability in Ephiphanyheathdata Cardio Server 3.3/4.0/4.1 The login page in Epiphany Cardio Server 3.3, 4.0, and 4.1 mishandles authentication requests, which allows remote attackers to conduct LDAP injection attacks, and consequently bypass intended access restrictions, via a crafted URL. | 9.8 |
| 2015-12-27 | CVE-2015-6537 | SQL Injection vulnerability in Epiphanyhealthdata Cardio Server 3.3 SQL injection vulnerability in the login page in Epiphany Cardio Server 3.3 allows remote attackers to execute arbitrary SQL commands via a crafted URL. | 9.8 |
| 2015-12-24 | CVE-2015-6792 | Unspecified vulnerability in Google Chrome The MIDI subsystem in Google Chrome before 47.0.2526.106 does not properly handle the sending of data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to midi_manager.cc, midi_manager_alsa.cc, and midi_manager_mac.cc, a different vulnerability than CVE-2015-8664. | 9.8 |
| 2015-12-24 | CVE-2015-7930 | Unspecified vulnerability in Adcon A840 Telemetry Gateway Base Station Firmware Adcon Telemetry A840 Telemetry Gateway Base Station has hardcoded credentials, which allows remote attackers to obtain administrative access via unspecified vectors. | 10.0 |
| 2015-12-24 | CVE-2015-8267 | Permissions, Privileges, and Access Controls vulnerability in Dovestones AD Self Password Reset 3.0.3.0 The PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll in Dovestones AD Self Password Reset before 3.0.4.0 allows remote attackers to reset arbitrary passwords via a crafted request with a valid username. | 10.0 |
| 2015-12-23 | CVE-2015-7926 | Information Exposure vulnerability in Ewon Firmware 10.0S0 eWON devices with firmware before 10.1s0 omit RBAC for I/O server information and status requests, which allows remote attackers to obtain sensitive information via an unspecified URL. | 9.9 |
| 2015-12-23 | CVE-2015-7911 | Credentials Management vulnerability in Saia Burgess Controls products Saia Burgess PCD1.M0xx0, PCD1.M2xx0, PCD2.M5xx0, PCD3.Mxx60, PCD3.Mxxx0, PCD7.D4xxD, PCD7.D4xxV, PCD7.D4xxWTPF, and PCD7.D4xxxT5F devices before 1.24.50 and PCD3.T665 and PCD3.T666 devices before 1.24.41 have hardcoded credentials, which allows remote attackers to obtain administrative access via an FTP session. | 9.1 |
| 2015-12-21 | CVE-2015-7919 | Permissions, Privileges, and Access Controls vulnerability in Searchblox 8.3.0 SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of service (application crash), via unspecified vectors. | 10.0 |
| 2015-12-06 | CVE-2015-6764 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loads array elements, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via crafted JavaScript code. | 9.8 |
| 2015-12-02 | CVE-2015-8394 | Integer Overflow or Wraparound vulnerability in multiple products PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. | 9.8 |