Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-08-09 CVE-2015-6498 7PK - Security Features vulnerability in Alcatel-Lucent Home Device Manager 4.1.9/4.2.0/4.2.1
Alcatel-Lucent Home Device Manager before 4.1.10, 4.2.x before 4.2.2 allows remote attackers to spoof and make calls as target devices.
network
low complexity
alcatel-lucent CWE-254
7.5
2017-08-09 CVE-2015-3277 Information Exposure vulnerability in MOD NSS Project MOD NSS
The mod_nss module before 1.0.11 in Fedora allows remote attackers to obtain cipher lists due to incorrect parsing of multi-keyword cipherstring.
network
low complexity
mod-nss-project CWE-200
7.5
2017-08-09 CVE-2015-2313 Resource Exhaustion vulnerability in Capnproto
Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.2, when an application invokes the totalSize method on an object reader, allows remote peers to cause a denial of service (CPU consumption) via a crafted small message, which triggers a "tight" for loop.
network
low complexity
capnproto CWE-400
7.5
2017-08-09 CVE-2015-2312 Resource Exhaustion vulnerability in Capnproto
Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service (CPU and possibly general resource consumption) via a list with a large number of elements.
network
low complexity
capnproto CWE-400
7.5
2017-08-09 CVE-2015-2291 Improper Input Validation vulnerability in Intel products
(1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x80862013, (b) 0x8086200B, (c) 0x8086200F, or (d) 0x80862007 IOCTL call.
local
low complexity
intel CWE-20
7.8
2017-08-09 CVE-2015-0785 Information Exposure vulnerability in Novell Zenworks Configuration Management
com.novell.zenworks.inventory.rtr.actionclasses.wcreports in Novell ZENworks Configuration Management (ZCM) allows remote attackers to read arbitrary folders via the dirname variable.
network
low complexity
novell CWE-200
7.5
2017-08-09 CVE-2015-0784 Information Exposure vulnerability in Novell Zenworks Configuration Management
Rtrlet.class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to obtain Session IDs of logged in users via a value of ShowLogins for the maintenance variable.
network
low complexity
novell CWE-200
7.5
2017-08-09 CVE-2017-9370 Improper Authentication vulnerability in Blackberry Workspaces
An information disclosure / elevation of privilege vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker who has legitimate access to BlackBerry Workspaces to gain access to another user's workspace by making multiple login requests to the server.
network
low complexity
blackberry CWE-287
8.8
2017-08-09 CVE-2015-7764 Insufficient Entropy vulnerability in Netflix Lemur 0.1.4
Lemur 0.1.4 does not use sufficient entropy in its IV when encrypting AES in CBC mode.
network
low complexity
netflix CWE-331
7.5
2017-08-09 CVE-2015-4165 Permissions, Privileges, and Access Controls vulnerability in Elasticsearch 1.5.2
The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on which Elasticsearch is running can write to a location that the other application can read and execute from, allows remote authenticated users to write to and create arbitrary snapshot metadata files, and potentially execute arbitrary code.
network
high complexity
elasticsearch CWE-264
7.5