Vulnerabilities > SUN > High

DATE CVE VULNERABILITY TITLE RISK
2021-12-01 CVE-2021-43358 Unspecified vulnerability in SUN Ehrd 8/9
Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files.
network
low complexity
sun
7.5
2020-03-27 CVE-2020-10508 Unspecified vulnerability in SUN Ehrd 8/9
Sunnet eHRD, a human training and development management system, improperly stores system files.
network
low complexity
sun
7.5
2016-04-06 CVE-2016-1290 Permissions, Privileges, and Access Controls vulnerability in multiple products
The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka Bug ID CSCuy10227.
network
low complexity
cisco sun CWE-264
8.1
2016-04-06 CVE-2015-6313 Resource Management Errors vulnerability in multiple products
Cisco TelePresence Server 4.1(2.29) through 4.2(4.17) on 7010; Mobility Services Engine (MSE) 8710; Multiparty Media 310, 320, and 820; and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted HTTP requests that are not followed by an unspecified negotiation, aka Bug ID CSCuv47565.
network
low complexity
sun zyxel zzinc CWE-399
7.5
2016-03-26 CVE-2016-1350 Resource Management Errors vulnerability in multiple products
Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCuj23293.
network
low complexity
cisco samsung sun zyxel lenovo zzinc CWE-399
7.5
2016-03-26 CVE-2016-1349 Resource Management Errors vulnerability in multiple products
The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in a Smart Install packet, aka Bug ID CSCuv45410.
network
low complexity
cisco samsung sun intel zyxel netgear zzinc CWE-399
7.5
2016-03-26 CVE-2016-1348 Resource Management Errors vulnerability in multiple products
Cisco IOS 15.0 through 15.5 and IOS XE 3.3 through 3.16 allow remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 Relay message, aka Bug ID CSCus55821.
network
low complexity
cisco samsung sun zyxel netgear zzinc CWE-399
7.5
2016-03-03 CVE-2015-0718 Resource Management Errors vulnerability in multiple products
Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload) by sending crafted TCP packets to a device that has a TIME_WAIT TCP session, aka Bug ID CSCub70579.
network
low complexity
cisco samsung sun zyxel netgear zzinc CWE-399
7.5
2016-02-07 CVE-2016-1302 Improper Access Control vulnerability in multiple products
Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka Bug ID CSCut12998.
network
low complexity
samsung sun zyxel zzinc cisco CWE-284
8.8
2004-11-23 CVE-2004-0079 NULL Pointer Dereference vulnerability in multiple products
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
7.5