Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-12-24 | CVE-2015-7934 | Information Exposure vulnerability in Adcon A840 Telemetry Gateway Base Station Firmware The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to discover log-file pathnames via unspecified vectors. | 8.6 |
| 2015-12-24 | CVE-2015-7932 | Information Exposure vulnerability in Adcon A840 Telemetry Gateway Base Station Firmware Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to obtain sensitive information by sniffing the network. | 8.6 |
| 2015-12-24 | CVE-2015-7931 | Improper Input Validation vulnerability in Adcon A840 Telemetry Gateway Base Station Firmware The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station does not authenticate the station device, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information by reading cleartext packet data, related to the lack of SSL support. | 8.7 |
| 2015-12-23 | CVE-2015-7928 | Information Exposure vulnerability in Ewon Firmware 10.0S0 eWON devices with firmware before 10.1s0 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | 8.5 |
| 2015-12-23 | CVE-2015-7925 | Cross-Site Request Forgery (CSRF) vulnerability in Ewon Firmware 10.0S0 Cross-site request forgery (CSRF) vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to hijack the authentication of administrators for requests that trigger firmware upload, removal of configuration data, or a reboot. | 8.0 |
| 2015-12-23 | CVE-2015-7924 | Unspecified vulnerability in Ewon Firmware 10.0S0 eWON devices with firmware before 10.1s0 do not trigger the discarding of browser session data in response to a log-off action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | 8.8 |
| 2015-12-23 | CVE-2015-7936 | Cross-Site Request Forgery (CSRF) vulnerability in Motorola Moscad IP Gateway Firmware Cross-site request forgery (CSRF) vulnerability in Motorola Solutions MOSCAD IP Gateway allows remote attackers to hijack the authentication of administrators for requests that modify a password. | 7.5 |
| 2015-12-23 | CVE-2015-7935 | Information Exposure vulnerability in Motorola Moscad IP Gateway Firmware Motorola Solutions MOSCAD IP Gateway allows remote attackers to read arbitrary files via unspecified vectors. | 7.5 |
| 2015-12-23 | CVE-2015-7917 | Unspecified vulnerability in Opcsystems OPC Systems.Net 8.00.0023 Untrusted search path vulnerability in Open Automation OPC Systems.NET 8.00.0023 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.2 |
| 2015-12-21 | CVE-2015-4545 | Permissions, Privileges, and Access Controls vulnerability in EMC Isilon Onefs EMC Isilon OneFS 7.1 before 7.1.1.8, 7.2.0 before 7.2.0.4, and 7.2.1 before 7.2.1.1 allows remote authenticated administrators to bypass a SmartLock root-login restriction by creating a root account and establishing a login session. | 8.0 |