Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-04-10 CVE-2016-5057 7PK - Security Features vulnerability in Osram Lightify PRO
OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL pinning.
network
low complexity
osram CWE-254
7.5
7.5
2017-04-10 CVE-2016-5056 Inadequate Encryption Strength vulnerability in Osram Lightify PRO
OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex digits for a PSK.
network
low complexity
osram CWE-326
7.5
7.5
2017-04-10 CVE-2016-5054 Improper Access Control vulnerability in Osram Lightify Home 1.6.1
OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 allows Zigbee replay.
network
low complexity
osram CWE-284
7.5
7.5
2017-04-10 CVE-2016-5052 7PK - Security Features vulnerability in Osram Lightify Home 1.6.1
OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 does not use SSL pinning.
network
low complexity
osram CWE-254
7.5
7.5
2017-04-10 CVE-2016-5051 Information Exposure vulnerability in Osram Lightify Home 1.6.1
OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 stores a PSK in cleartext under /private/var/mobile/Containers/Data/Application.
network
low complexity
osram CWE-200
7.5
7.5
2017-04-10 CVE-2016-4319 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira
Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings.
network
low complexity
atlassian CWE-352
8.8
8.8
2017-04-10 CVE-2016-1516 Double Free vulnerability in multiple products
OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code.
network
low complexity
opencv debian CWE-415
8.8
8.8
2017-04-10 CVE-2015-8258 Injection vulnerability in Axis Communications Firmware 5.80.3
AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability."
network
low complexity
axis CWE-74
7.5
7.5
2017-04-10 CVE-2015-8255 Cross-Site Request Forgery (CSRF) vulnerability in Axis Communications Firmware
AXIS Communications products allow CSRF, as demonstrated by admin/pwdgrp.cgi, vaconfig.cgi, and admin/local_del.cgi.
network
low complexity
axis CWE-352
8.8
8.8
2017-04-10 CVE-2015-7274 Permissions, Privileges, and Access Controls vulnerability in Dell Integrated Remote Access Controller Firmware 1.99
Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 allows remote attackers to execute arbitrary administrative HTTP commands.
network
low complexity
dell CWE-264
8.8
8.8