Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2015-12-31 CVE-2015-2918 Improper Input Validation vulnerability in Orientdb 2.0.14/2.1.0
The Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
network
low complexity
orientdb CWE-20
6.1
2015-12-31 CVE-2015-2913 Information Exposure vulnerability in Orientdb 2.0.14/2.1.0
server/network/protocol/http/OHttpSessionManager.java in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 improperly relies on the java.util.Random class for generation of random Session ID values, which makes it easier for remote attackers to predict a value by determining the internal state of the PRNG in this class.
network
high complexity
orientdb CWE-200
5.9
2015-12-31 CVE-2015-2896 Information Exposure vulnerability in Idera Uptime Infrastructure Monitor
The up.time client in Idera Uptime Infrastructure Monitor through 7.6 allows remote attackers to obtain potentially sensitive version, OS, process, and event-log information via a command.
network
low complexity
idera CWE-200
5.3
2015-12-31 CVE-2015-2894 Use of Externally-Controlled Format String vulnerability in Idera Uptime Infrastructure Monitor 6.0/7.2
Format string vulnerability in the up.time client in Idera Uptime Infrastructure Monitor 6.0 and 7.2 allows remote attackers to cause a denial of service (application crash) via format string specifiers.
network
low complexity
idera CWE-134
5.3
2015-12-30 CVE-2015-8703 Information Exposure vulnerability in ZTE Zxhn H108N R1A Firmware and Zxv10 W300 Firmware
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a different vulnerability than CVE-2015-7248.
network
low complexity
zte CWE-200
6.5
2015-12-30 CVE-2015-7794 Improper Input Validation vulnerability in Corega Cg-Wlncm4G Firmware
Corega CG-WLNCM4G devices provide an open DNS resolver, which allows remote attackers to cause a denial of service (traffic amplification) via crafted queries.
network
low complexity
corega CWE-20
5.8
2015-12-30 CVE-2015-7793 Code vulnerability in Corega Cg-Wlbaragm Firmware
Corega CG-WLBARAGM devices provide an open proxy service, which allows remote attackers to trigger outbound network traffic via unspecified vectors.
network
low complexity
corega CWE-17
5.8
2015-12-30 CVE-2015-7790 Cross-site Scripting vulnerability in Asus Wl-330Nul Firmware 3.0.0.41
Cross-site scripting (XSS) vulnerability on ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
asus CWE-79
6.1
2015-12-30 CVE-2015-7789 Improper Input Validation vulnerability in Asus Wl-330Nul and Wl-33Nul Firmware
ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to cause a denial of service via unspecified vectors.
low complexity
asus CWE-20
4.3
2015-12-30 CVE-2015-7787 Information Exposure vulnerability in Asus Wl-330Nul Firmware 3.0.0.41
ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to discover the WPA2-PSK passphrase via unspecified vectors.
low complexity
asus CWE-200
4.3