Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-01-06 | CVE-2015-6637 | Permissions, Privileges, and Access Controls vulnerability in Google Android The MediaTek misc-sd driver in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 25307013. | 7.8 |
| 2016-01-05 | CVE-2015-6861 | Permissions, Privileges, and Access Controls vulnerability in Eucalyptus HPE Helion Eucalyptus 3.4.0 through 4.2.0 allows remote authenticated users to bypass an intended AssumeRole permission requirement and assume an IAM role by leveraging a policy setting for a user's account. | 7.5 |
| 2016-01-05 | CVE-2015-6860 | Permissions, Privileges, and Access Controls vulnerability in HP products HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6859. | 8.4 |
| 2016-01-05 | CVE-2015-6859 | Permissions, Privileges, and Access Controls vulnerability in HP Network Switch Software 15.18.0 HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6860. | 7.8 |
| 2016-01-05 | CVE-2015-5446 | Unspecified vulnerability in HP Storeonce Backup System Software 3.13.0 HP StoreOnce Backup system software before 3.13.1 allows remote attackers to execute arbitrary code via unspecified vectors. high complexity hp | 7.5 |
| 2016-01-05 | CVE-2015-5445 | Cross-Site Request Forgery (CSRF) vulnerability in HP Storeonce Backup System Software 3.13.0 Cross-site request forgery (CSRF) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | 8.8 |
| 2016-01-05 | CVE-2015-6432 | Resource Management Errors vulnerability in Cisco IOS XR Cisco IOS XR 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.2.0, 5.2.2, 5.2.4, 5.3.0, and 5.3.2 does not properly restrict the number of Path Computation Elements (PCEs) for OSPF LSA opaque area updates, which allows remote attackers to cause a denial of service (device reload) via a crafted update, aka Bug ID CSCuw83486. | 7.5 |
| 2016-01-03 | CVE-2015-5038 | Unspecified vulnerability in IBM Connections IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 does not properly detect recursion during XML entity expansion, which allows remote attackers to cause a denial of service (CPU consumption and application crash) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | 7.5 |
| 2016-01-03 | CVE-2015-5003 | Command Injection vulnerability in IBM Tivoli Monitoring 6.2.2/6.2.3/6.3.0 The portal in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 before FP7 allows remote authenticated users to execute arbitrary commands by leveraging Take Action view authority and providing crafted input. | 8.5 |
| 2016-01-02 | CVE-2015-8027 | Code vulnerability in Nodejs Node.Js Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the availability of a parser for each HTTP socket, which allows remote attackers to cause a denial of service (uncaughtException and service outage) via a pipelined HTTP request. | 7.5 |