Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-12-21 | CVE-2015-4545 | Permissions, Privileges, and Access Controls vulnerability in EMC Isilon Onefs EMC Isilon OneFS 7.1 before 7.1.1.8, 7.2.0 before 7.2.0.4, and 7.2.1 before 7.2.1.1 allows remote authenticated administrators to bypass a SmartLock root-login restriction by creating a root account and establishing a login session. | 8.0 |
| 2015-12-21 | CVE-2015-7907 | Path Traversal vulnerability in Honeywell Midas Black Firmware and Midas Firmware Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and write to a configuration file or trigger a calibration or test, via unspecified vectors. | 8.6 |
| 2015-12-21 | CVE-2015-6481 | Unspecified vulnerability in Moxa Oncell Central Manager 2.0 The login function in the RequestController class in Moxa OnCell Central Manager before 2.2 has a hardcoded root password, which allows remote attackers to obtain administrative access via a login session. | 8.3 |
| 2015-12-21 | CVE-2015-6480 | Improper Authentication vulnerability in Moxa Oncell Central Manager 2.0 The MessageBrokerServlet servlet in Moxa OnCell Central Manager before 2.2 does not require authentication, which allows remote attackers to obtain administrative access via a command, as demonstrated by the addUserAndGroup action. | 8.3 |
| 2015-12-21 | CVE-2015-1836 | Improper Access Control vulnerability in multiple products Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service (daemon outage), obtain sensitive information, or modify data via unspecified client traffic. | 7.3 |
| 2015-12-21 | CVE-2015-1772 | Improper Authentication vulnerability in multiple products The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, mishandles simple unauthenticated and anonymous bind configurations, which allows remote attackers to bypass authentication via a crafted LDAP request. | 7.3 |
| 2015-12-21 | CVE-2015-6934 | Improper Input Validation vulnerability in VMWare Vcenter Orchestrator and Vrealize Orchestrator Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | 7.3 |
| 2015-12-11 | CVE-2015-7068 | NULL Pointer Dereference vulnerability in Apple products IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an app that provides an unspecified userclient type. | 7.8 |
| 2015-12-09 | CVE-2015-6175 | Unspecified vulnerability in Microsoft Windows 10 1507 The kernel in Microsoft Windows 10 Gold allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability." | 7.8 |
| 2015-12-07 | CVE-2015-3276 | The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors. | 7.5 |