Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-12-28 | CVE-2015-6850 | Permissions, Privileges, and Access Controls vulnerability in EMC Vplex Geosynchrony 5.4/5.5 EMC VPLEX GeoSynchrony 5.4 SP1 before P3 and 5.5 before Patch 1 has a default password for the root account, which allows local users to gain privileges by leveraging a login session. | 8.4 |
| 2015-12-28 | CVE-2015-8543 | Unspecified vulnerability in Linux Kernel The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application. | 7.0 |
| 2015-12-27 | CVE-2015-8263 | Unspecified vulnerability in Netgear Wnr1000V3 and Wnr1000V3 Firmware NETGEAR WNR1000v3 devices with firmware 1.0.2.68 use the same source port number for every DNS query, which makes it easier for remote attackers to spoof responses by selecting that number for the destination port. | 8.6 |
| 2015-12-24 | CVE-2015-8664 | Numeric Errors vulnerability in Google Chrome Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an RGBA pixel array with crafted dimensions, a different vulnerability than CVE-2015-6792. | 8.8 |
| 2015-12-24 | CVE-2015-8663 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ffmpeg 2.8.3 The ff_get_buffer function in libavcodec/utils.c in FFmpeg before 2.8.4 preserves width and height values after a failure, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .mov file. | 8.3 |
| 2015-12-24 | CVE-2015-8662 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ffmpeg The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data. | 7.3 |
| 2015-12-24 | CVE-2015-8661 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ffmpeg The h264_slice_header_init function in libavcodec/h264_slice.c in FFmpeg before 2.8.3 does not validate the relationship between the number of threads and the number of slices, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted H.264 data. | 8.3 |
| 2015-12-24 | CVE-2015-7934 | Information Exposure vulnerability in Adcon A840 Telemetry Gateway Base Station Firmware The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to discover log-file pathnames via unspecified vectors. | 8.6 |
| 2015-12-24 | CVE-2015-7932 | Information Exposure vulnerability in Adcon A840 Telemetry Gateway Base Station Firmware Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to obtain sensitive information by sniffing the network. | 8.6 |
| 2015-12-24 | CVE-2015-7931 | Improper Input Validation vulnerability in Adcon A840 Telemetry Gateway Base Station Firmware The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station does not authenticate the station device, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information by reading cleartext packet data, related to the lack of SSL support. | 8.7 |