Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2016-01-08 CVE-2015-8754 Permissions, Privileges, and Access Controls vulnerability in Acquia Mollom
The Mollom module 6.x-2.7 before 6.x-2.15 for Drupal allows remote attackers to bypass intended access restrictions and modify the mollom blacklist via unspecified vectors.
network
low complexity
acquia CWE-264
7.5
2016-01-08 CVE-2015-8612 Permissions, Privileges, and Access Controls vulnerability in Blueman Project Blueman 1.99/2.0
The EnableNetwork method in the Network class in plugins/mechanism/Network.py in Blueman before 2.0.3 allows local users to gain privileges via the dhcp_handler argument.
local
low complexity
blueman-project CWE-264
8.4
2016-01-08 CVE-2015-8597 Unspecified vulnerability in Bluecoat Advanced Secure Gateway and Proxysg
Open redirect vulnerability in Blue Coat ProxySG 6.5 before 6.5.8.8 and 6.6 and Advanced Secure Gateway (ASG) 6.6 might allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in conjunction with a "clear text" one in a coaching page, as demonstrated by "http://www.%humbug-URL%.local/bluecoat-splash-API?%BASE64-URL%."
network
low complexity
bluecoat
7.4
2016-01-08 CVE-2015-8547 Code vulnerability in multiple products
The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the "/op *" command in a query.
network
low complexity
quassel-irc opensuse CWE-17
7.5
2016-01-08 CVE-2015-7754 Improper Input Validation vulnerability in Juniper Screenos 6.3.0
Juniper ScreenOS before 6.3.0r21, when ssh-pka is configured and enabled, allows remote attackers to cause a denial of service (system crash) or execute arbitrary code via crafted SSH negotiation.
network
high complexity
juniper CWE-20
8.1
2016-01-08 CVE-2015-7362 Permissions, Privileges, and Access Controls vulnerability in Fortinet Forticlient
Fortinet FortiClient Linux SSLVPN before build 2313, when installed on Linux in a home directory that is world readable and executable, allows local users to gain privileges via the helper/subroc setuid program.
local
low complexity
fortinet CWE-264
7.8
2016-01-08 CVE-2015-6856 Permissions, Privileges, and Access Controls vulnerability in Dell Pre-Boot Authentication Driver 1.0.1.5
Dell Pre-Boot Authentication Driver (PBADRV.sys) 1.0.1.5 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x0022201c IOCTL call.
local
low complexity
dell CWE-264
7.8
2016-01-08 CVE-2015-5259 Numeric Errors vulnerability in Apache Subversion 1.9.0/1.9.1/1.9.2
Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read.
network
low complexity
apache CWE-189
8.6
2016-01-08 CVE-2016-1131 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in DX Library Project DX Library 3.15E
Buffer overflow in the CL_vsprintf function in Takumi Yamada DX Library before 3.16 allows remote attackers to execute arbitrary code via a crafted string.
local
low complexity
dx-library-project CWE-119
7.8
2016-01-08 CVE-2015-6862 Improper Access Control vulnerability in HP Ucmdb Browser 4.0.1
HPE UCMDB Browser before 4.02 allows remote attackers to obtain sensitive information or bypass intended access restrictions via unspecified vectors.
local
low complexity
hp CWE-284
8.4