Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-12-30 | CVE-2015-7251 | Credentials Management vulnerability in ZTE Zxhn H108N R1A Firmware Zte.Bhs.Zxhnh108Nr1A.Hpe ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session. | 9.8 |
| 2015-12-28 | CVE-2015-8459 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8460, CVE-2015-8636, and CVE-2015-8645. | 10.0 |
| 2015-12-27 | CVE-2015-6538 | Unspecified vulnerability in Ephiphanyheathdata Cardio Server 3.3/4.0/4.1 The login page in Epiphany Cardio Server 3.3, 4.0, and 4.1 mishandles authentication requests, which allows remote attackers to conduct LDAP injection attacks, and consequently bypass intended access restrictions, via a crafted URL. | 9.8 |
| 2015-12-27 | CVE-2015-6537 | SQL Injection vulnerability in Epiphanyhealthdata Cardio Server 3.3 SQL injection vulnerability in the login page in Epiphany Cardio Server 3.3 allows remote attackers to execute arbitrary SQL commands via a crafted URL. | 9.8 |
| 2015-12-24 | CVE-2015-6792 | Unspecified vulnerability in Google Chrome The MIDI subsystem in Google Chrome before 47.0.2526.106 does not properly handle the sending of data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to midi_manager.cc, midi_manager_alsa.cc, and midi_manager_mac.cc, a different vulnerability than CVE-2015-8664. | 9.8 |
| 2015-12-24 | CVE-2015-7930 | Unspecified vulnerability in Adcon A840 Telemetry Gateway Base Station Firmware Adcon Telemetry A840 Telemetry Gateway Base Station has hardcoded credentials, which allows remote attackers to obtain administrative access via unspecified vectors. | 10.0 |
| 2015-12-24 | CVE-2015-8267 | Permissions, Privileges, and Access Controls vulnerability in Dovestones AD Self Password Reset 3.0.3.0 The PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll in Dovestones AD Self Password Reset before 3.0.4.0 allows remote attackers to reset arbitrary passwords via a crafted request with a valid username. | 10.0 |
| 2015-12-23 | CVE-2015-7926 | Information Exposure vulnerability in Ewon Firmware 10.0S0 eWON devices with firmware before 10.1s0 omit RBAC for I/O server information and status requests, which allows remote attackers to obtain sensitive information via an unspecified URL. | 9.9 |
| 2015-12-23 | CVE-2015-7911 | Credentials Management vulnerability in Saia Burgess Controls products Saia Burgess PCD1.M0xx0, PCD1.M2xx0, PCD2.M5xx0, PCD3.Mxx60, PCD3.Mxxx0, PCD7.D4xxD, PCD7.D4xxV, PCD7.D4xxWTPF, and PCD7.D4xxxT5F devices before 1.24.50 and PCD3.T665 and PCD3.T666 devices before 1.24.41 have hardcoded credentials, which allows remote attackers to obtain administrative access via an FTP session. | 9.1 |
| 2015-12-21 | CVE-2015-7919 | Permissions, Privileges, and Access Controls vulnerability in Searchblox 8.3.0 SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of service (application crash), via unspecified vectors. | 10.0 |