Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2016-01-11 CVE-2015-8231 Resource Management Errors vulnerability in Huawei Espace 7910 and Espace 7950
Huawei eSpace 7910 and 7950 IP phones with software before V200R002C00SPC800 allow remote attackers with established sessions to cause a denial of service (device restart) via unspecified packets.
network
low complexity
huawei CWE-399
7.5
2016-01-11 CVE-2015-8230 Resource Management Errors vulnerability in Huawei Espace 8950 V200R003C00Spc200
Memory leak in Huawei eSpace 8950 IP phones with software before V200R003C00SPC300 allows remote attackers to cause a denial of service (memory consumption and restart) via a large number of crafted ARP packets.
network
low complexity
huawei CWE-399
7.5
2016-01-11 CVE-2015-6566 Link Following vulnerability in multiple products
zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-*.
local
low complexity
zarafa fedoraproject CWE-59
8.4
2016-01-11 CVE-2015-6980 Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X
Directory Utility in Apple OS X before 10.11.1 mishandles authentication for new sessions, which allows local users to gain privileges via unspecified vectors.
local
low complexity
apple CWE-264
7.8
2016-01-10 CVE-2015-7465 Cross-Site Request Forgery (CSRF) vulnerability in IBM Jazz Reporting Service 6.0
Cross-site request forgery (CSRF) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
network
low complexity
ibm CWE-352
8.8
2016-01-10 CVE-2015-7397 Unspecified vulnerability in IBM Websphere Commerce 7.0
Multiple open redirect vulnerabilities in the Aurora starter store in IBM WebSphere Commerce 7.0 through Feature Pack 8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referrer parameter.
network
low complexity
ibm
7.4
2016-01-08 CVE-2016-1499 Resource Management Errors vulnerability in Owncloud
ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allow remote authenticated users to obtain sensitive information from a directory listing and possibly cause a denial of service (CPU consumption) via the force parameter to index.php/apps/files/ajax/scan.php.
network
low complexity
owncloud CWE-399
8.5
2016-01-08 CVE-2015-8765 Unspecified vulnerability in Mcafee Epolicy Orchestrator
Intel McAfee ePolicy Orchestrator (ePO) 4.6.9 and earlier, 5.0.x, 5.1.x before 5.1.3 Hotfix 1106041, and 5.3.x before 5.3.1 Hotfix 1106041 allow remote attackers to execute arbitrary code via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
network
low complexity
mcafee
8.3
2016-01-08 CVE-2015-4694 Path Traversal vulnerability in ZIP Attachments Project ZIP Attachments 1.5
Directory traversal vulnerability in download.php in the Zip Attachments plugin before 1.5.1 for WordPress allows remote attackers to read arbitrary files via a ..
network
low complexity
zip-attachments-project CWE-22
8.6
2016-01-08 CVE-2014-8886 Cryptographic Issues vulnerability in AVM Fritz! OS 6.23
AVM FRITZ!OS before 6.30 extracts the contents of firmware updates before verifying their cryptographic signature, which allows remote attackers to create symlinks or overwrite critical files, and consequently execute arbitrary code, via a crafted firmware image.
network
high complexity
avm CWE-310
8.1