Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-24 | CVE-2016-5722 | Information Exposure vulnerability in Huawei Ocean Stor Firmware Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct replay attacks and obtain sensitive information by sniffing the network. | 7.3 |
| 2016-06-24 | CVE-2016-4802 | Permissions, Privileges, and Access Controls vulnerability in Haxx Curl Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory. | 7.8 |
| 2016-06-23 | CVE-2016-1438 | 7PK - Security Features vulnerability in Cisco Asyncos 9.7.0125 Cisco AsyncOS 9.7.0-125 on Email Security Appliance (ESA) devices allows remote attackers to bypass intended spam filtering via crafted executable content in a ZIP archive, aka Bug ID CSCuy39210. | 7.5 |
| 2016-06-23 | CVE-2016-1436 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco ASR 5000 Software The General Packet Radio Switching Tunneling Protocol 1 (aka GTPv1) implementation on Cisco ASR 5000 Packet Data Network Gateway devices before 19.4 allows remote attackers to cause a denial of service (Session Manager process restart) via a crafted GTPv1 packet, aka Bug ID CSCuz46198. | 7.5 |
| 2016-06-23 | CVE-2016-1435 | Permissions, Privileges, and Access Controls vulnerability in Cisco IP Phone 8800 Series Firmware 11.0(1) Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014. | 7.0 |
| 2016-06-23 | CVE-2015-6289 | Resource Management Errors vulnerability in Cisco IOS 15.5(3)M Cisco IOS 15.5(3)M on Integrated Services Router (ISR) 800, 819, and 829 devices allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets on the SSH port, aka Bug ID CSCuu13476. | 7.5 |
| 2016-06-20 | CVE-2016-2364 | Unspecified vulnerability in Fonality and HUD web The Chrome HUDweb plugin before 2016-05-05 for Fonality (previously trixbox Pro) 12.6 through 14.1i uses the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation. | 7.5 |
| 2016-06-20 | CVE-2016-2363 | Permissions, Privileges, and Access Controls vulnerability in Fonality 12.6/12.8/14.1I Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 uses weak permissions for the /var/www/rpc/surun script, which allows local users to obtain root access for unspecified command execution by leveraging access to the nobody account. | 7.8 |
| 2016-06-20 | CVE-2015-8289 | Information Exposure vulnerability in Netgear D3600 Firmware and D6000 Firmware The password-recovery feature on NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier allows remote attackers to discover the cleartext administrator password by reading the cgi-bin/passrec.asp HTML source code. | 7.5 |
| 2016-06-19 | CVE-2016-4514 | Incorrect Authorization vulnerability in Moxa Pt-7728 and Pt-7728 Firmware Moxa PT-7728 devices with software 3.4 build 15081113 allow remote authenticated users to change the configuration via vectors involving a local proxy. | 7.7 |