Alert News - 

Home  Alert  APT  Attack  BigBrother  Bot  CERT  CoinMiner  Conference  CrimeGroup  Exploit  Hack  Incident  Malware  Ransom  Threats  Vulnerebility 
Alert News  Cyber Campaigns  Operation  CERT Alert  CERT Analysy New  CERT Publication New 

 

Update 11.02.2019 20:03:31

Published

Public 

Updated 

VU#

CVSS 

Title

2019-02-05

2018-11-21

2019-02-05

VU#730261

4.6

Marvell Avastar wireless SoCs have multiple vulnerabilities

2019-01-28

2019-01-21

2019-01-28

VU#465632

7.5

Microsoft Exchange 2013 and newer are vulnerable to NTLM relay attacks

2019-01-04

2018-11-12

2019-01-04

VU#531281

9.7

Microsoft Windows DNS servers are vulnerable to heap overflow

2019-01-04

2018-11-12

2019-01-04

VU#289907

5.0

Microsoft Windows Kernel Transaction Manager (KTM) is vulnerable to a race condition

2018-12-20

2018-12-19

2018-12-20

VU#228297

4.3

Microsoft Windows MsiAdvertiseProduct function vulnerable to privilege escalation via race condition

2018-12-20

2018-12-21

2018-12-20

VU#741315

4.7

A Dokan file driver contains a stack-based buffer overflow

2018-12-19

2018-12-19

2018-12-20

VU#573168

6.2

Microsoft Internet Explorer scripting engine JScript memory corruption vulnerability

2018-12-13

2018-12-12

2018-12-13

VU#756913

3.3

Pixars Tractor contains a stored cross-site scripting vulnerability

2018-11-06

2018-11-05

2018-11-07

VU#395981

3.7

Self-Encrypting Drives Have Multiple Vulnerabilities

2018-11-01

2018-11-01

2018-11-07

VU#317277

4.6

Texas Instruments Microcontrollers CC2640 and CC2650 are vulnerable to heap overflow

2018-11-01

2018-10-31

2018-11-05

VU#339704

5.5

Cisco ASA and FTD SIP Inspection denial-of-service vulnerability

2018-10-06

2018-10-06

2018-10-16

VU#176301

0

Auto-Maskin DCU 210E RP 210E and Marine Pro Observer App

2018-09-26

2018-09-18

2018-11-08

VU#581311

5.9

TP-Link EAP Controller lacks RMI authentication and is vulnerable to deserialization attacks

2018-09-05

2018-09-05

2018-10-23

VU#598349

0

Automatic DNS registration and proxy autodiscovery allow spoofing of network services

2018-08-28

2018-08-27

2018-09-13

VU#906424

6.4

Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the ALPC interface

2018-08-21

2018-02-21

2018-10-01

VU#332928

6.8

Ghostscript contains multiple -dSAFER sandbox bypass vulnerabilities

2018-08-15

2018-04-14

2018-09-10

VU#982149

5.6

Intel processors are vulnerable to a speculative execution side-channel attack called L1 Terminal Fault (L1TF)

2018-08-14

2018-08-10

2018-09-14

VU#787952

6.0

Android and iOS apps contain multiple vulnerabilities

2018-08-14

2018-08-14

2018-08-17

VU#857035

7.9

IKEv1 Main Mode vulnerable to brute force attacks

2018-08-14

2018-08-14

2018-10-12

VU#641765

6.6

Linux kernel IP fragment re-assembly vulnerable to denial of service

2018-08-06

2018-07-23

2018-09-14

VU#962459

6.4

TCP implementations vulnerable to Denial of Service

2018-08-03

2013-06-09

2018-08-03

VU#307144

0

mingw-w64 by default produces executables that opt in to ASLR, but are not compatible with ASLR

2018-07-23

2018-07-23

2018-08-17

VU#304725

5.7

Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange

2018-05-23

2018-05-22

2018-06-13

VU#338343

3.9

strongSwan VPN charon server vulnerable to buffer underflow

2018-05-21

2018-05-21

2018-06-19

VU#180049

3.4

CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks

2018-05-14

2018-05-14

2018-05-15

VU#122919

0

OpenPGP and S/MIME mail client vulnerabilities

2018-05-08

2018-05-08

2018-06-06

VU#631579

5.3

Hardware debug exception documentation may result in unexpected behavior

2018-05-03

2018-05-03

2018-05-03

VU#283803

2.7

Integrated GPUs may allow side-channel and rowhammer attacks using WebGL ("Glitch")

2018-04-10

2018-04-10

2018-04-10

VU#974272

4.1

Microsoft Outlook retrieves remote OLE content without prompting

2018-03-29

2018-03-27

2018-04-24

VU#277400

5.9

Windows 7 and Windows Server 2008 R2 x64 fail to protect kernel memory when the Microsoft update for meltdown is installed

2018-03-27

2018-02-07

2018-03-27

VU#184077

8.7

Navarino Infinity web interface is affected by multiple vulnerabilities.

2018-03-19

2012-03-20

2018-04-04

VU#306792

1.7

Bouncy Castle BKS-V1 keystore files vulnerable to trivial hash collisions

2018-02-27

2018-02-27

2018-06-05

VU#475445

4.9

Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal

2018-02-15

2018-02-15

2018-02-19

VU#940439

7.3

Quagga bgpd is affected by multiple vulnerabilities

2018-02-01

2018-02-01

2018-02-01

VU#319904

3

Pulse Secure Linux client GUI fails to validate SSL certificates

2018-01-04

2018-01-03

2018-07-03

VU#584653

5.1

CPU hardware vulnerable to side-channel attacks

2017-12-12

2017-12-12

2018-04-09

VU#144389

4.2

TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding

2017-11-29

2017-11-13

2017-11-30

VU#113765

4.6

Apple MacOS High Sierra disabled account authentication bypass

2017-11-21

2017-11-21

2017-11-21

VU#681983

1.3

Install Norton Security for Mac does not verify SSL certificates

2017-11-17

2017-11-16

2017-11-20

VU#817544

0

Windows 8 and later fail to properly randomize every application if system-wide mandatory ASLR is enabled via EMET or Windows Defender Exploit Guard

2017-11-15

2017-11-14

2017-11-20

VU#421280

5.5

Microsoft Office Equation Editor stack buffer overflow

2017-11-03

2017-11-01

2017-11-09

VU#739007

6.2

IEEE P1735 implementations may have weak cryptographic protections

2017-11-02

2017-10-03

2017-11-06

VU#446847

5.2

Savitech USB audio drivers install a new root CA certificate

2017-10-16

2017-10-16

2017-11-08

VU#307015

6.9

Infineon RSA library does not properly generate RSA key pairs

2017-10-16

2017-10-16

2017-11-16

VU#228519

5.7

Wi-Fi Protected Access (WPA) handshake traffic can be manipulated to induce nonce and session key reuse

2017-10-12

2017-10-12

2018-01-22

VU#590639

5.5

NXP Semiconductors MQX RTOS contains multiple vulnerabilities

2017-10-02

2017-10-02

2018-02-02

VU#973527

8.7

Dnsmasq contains multiple vulnerabilities

2017-09-13

2017-09-12

2017-09-16

VU#101048

6.5

Microsoft .NET framework SOAP Moniker PrintClientProxy remote code execution vulnerability

2017-09-12

2017-09-12

2017-11-08

VU#240311

6.2

Multiple Bluetooth implementation vulnerabilities affect many devices

2017-09-08

2017-09-08

2017-10-12

VU#166743

3.8

Das U-Boot AES-CBC encryption implementation contains multiple vulnerabilities

2017-09-06

2017-09-05

2017-09-06

VU#112992

8.3

Apache Struts 2 framework REST plugin insecurely deserializes untrusted XML data

2017-08-29

2017-08-28

2017-08-31

VU#403768

1.3

Akeo Consulting Rufus fails to update itself securely

2017-08-03

2017-06-13

2017-08-09

VU#824672

 

Microsoft Windows automatically executes code specified in shortcut files

2017-07-27

2017-07-27

2017-10-18

VU#793496

3.6

Open Shortest Path First (OSPF) protocol implementations may improperly determine LSA recency

2017-07-25

2017-06-26

2017-07-25

VU#838200

5.6

Telerik Web UI contains cryptographic weakness

2017-07-20

2017-07-20

2017-10-30

VU#586501

0

Inmarsat AmosConnect8 Mail Client Vulnerable to SQL Injection and Backdoor Account

2017-07-18

2017-07-18

2017-07-26

VU#547255

5.9

Dahua IP cameras Sonia web interface is vulnerable to stack buffer overflow

2017-06-19

2017-06-19

2017-06-28

VU#489392

5.6

Acronis True Image fails to update itself securely

2017-06-15

2017-06-15

2017-06-15

VU#846320

4.9

Samsung Magician fails to update itself securely

2017-06-13

2017-06-13

2017-06-29

VU#768399

5.3

HPE SiteScope contains multiple vulnerabilities

2017-06-08

2017-06-08

2017-06-14

VU#251927

6.7

CalAmp LMU-3030 devices may not authenticate SMS interface

2017-06-07

2017-06-07

2017-07-24

VU#350135

6.7

Various WiMAX routers contain a authentication bypass vulnerability in custom libmtk httpd plugin

2017-05-04

2017-05-04

2017-05-04

VU#556600

4.5

Space Coast Credit Union SCCU Mobile for Android and iPhone fails to properly validate SSL certificates

2017-05-04

2017-05-04

2017-05-10

VU#276408

4.5

Think Mutual Bank Mobile Banking App for iPhone fails to properly validate SSL certificates

2017-05-02

2017-05-01

2017-12-21

VU#491375

5.5

Intel Active Management Technology (AMT) does not properly enforce access control

2017-04-25

2017-04-24

2017-04-25

VU#219739

1.5

Portrait Displays SDK applications are vulnerable to arbitrary code execution and privilege escalation

2017-04-17

2017-04-14

2017-04-27

VU#676632

6.4

IBM Lotus Domino server mailbox name stack buffer overflow

2017-04-11

2017-04-11

2017-04-24

VU#334207

 

DBPOWER U818A WIFI quadcopter drone allows full filesystem permissions to anonymous FTP

2017-04-10

2017-04-07

2017-04-13

VU#921560

6.8

Microsoft OLE URL Moniker improperly handles remotely-linked HTA data

2017-04-04

2017-04-04

2017-04-14

VU#307983

6.3

Action Message Format (AMF3) Java implementations are vulnerable to insecure deserialization and XML external entities references

2017-03-31

2017-03-31

2017-03-31

VU#507496

7.1

GIGABYTE BRIX UEFI firmware fails to implement write protection and is not cryptographically signed

2017-03-28

2017-03-28

2017-04-13

VU#342303

5.3

Pandora iOS app does not properly validate SSL certificates

2017-03-21

2017-03-15

2017-04-21

VU#600671

4.2

PCAUSA Rawether for Windows local privilege escalation

2017-03-16

2017-03-15

2017-03-16

VU#214283

2

Commvault Edge contains a buffer overflow vulnerability

2017-03-15

2017-03-15

2017-03-24

VU#553503

6.7

D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass and do not protect credentials

2017-03-14

2017-03-06

2017-03-14

VU#834067

8.7

Apache Struts 2 is vulnerable to remote code execution

2017-03-08

2017-03-08

2017-03-08

VU#305448

4.9

D-Link DIR-850L web admin interface contains a stack-based buffer overflow vulnerability

2017-03-08

2017-03-08

2017-03-13

VU#247016

4.5

Flash Seats Mobile App for Android and iOS fails to validate SSL certificates

2017-03-07

2017-03-07

2017-03-07

VU#355151

6.4

ACTi cameras models from the D, B, I, and E series contain multiple security vulnerabilities

2017-03-07

2016-12-17

2017-03-07

VU#608591

5.8

PHP FormMail Generator generates code vulnerable to multiple issues

2017-03-06

2017-03-06

2017-03-07

VU#168699

4.6

dotCMS contains multiple vulnerabilities

2017-02-28

2017-02-28

2017-02-28

VU#742632

5.3

Sage XRT Treasury database fails to properly restrict access to authorized users

2017-02-15

2017-02-15

2018-02-27

VU#614751

4.7

Hughes satellite modems contain multiple vulnerabilities

2017-02-08

2017-01-31

2017-02-08

VU#745607

2.5

Accellion FTP server contains information exposure and cross-site scripting vulnerabilities

2017-02-02

2017-02-01

2017-03-17

VU#867968

7

Microsoft Windows SMB Tree Connect Response denial of service vulnerability

2017-01-31

2017-01-31

2017-04-07

VU#167623

6

SHDesigns Resident Download Manager does not authenticate firmware downloads

2017-01-27

2017-01-23

2017-01-27

VU#909240

6.8

Cisco WebEx web browser extension allows arbitrary code execution

2017-01-13

2017-01-13

2017-01-13

VU#865216

4

CodeLathe FileCloud is vulnerable to cross-site request forgery

2017-01-10

2017-01-10

2017-01-11

VU#767208

3.9

ThreatMetrix SDK for iOS fails to validate SSL certificates

2017-01-03

2017-01-03

2017-02-08

VU#475907

1.8

ShoreTel Mobility Client mobile application does not verify SSL certificates

2016-12-13

2016-12-12

2016-12-19

VU#535111

4.6

McAfee VirusScan Enterprise for Windows scriptproxy COM object memory corruption vulnerability

2016-12-13

2016-12-13

2016-12-14

VU#779243

4.5

EpubCheck 4.0.1 contains a XML external entity processing vulnerability

2016-12-12

2016-12-09

2016-12-13

VU#245327

5.5

McAfee VirusScan for Linux contains multiple vulnerabilities

2016-12-09

2016-12-07

2017-01-03

VU#582384

7

Multiple Netgear routers are vulnerable to arbitrary command injection

2016-12-08

2016-12-05

2016-12-08

VU#494015

7.5

PHP FormMail Generator generates code with multiple vulnerabilities

2016-12-07

2016-12-07

2016-12-07

VU#768331

4.4

ForeScout CounterACT SecureConnector agent is vulnerable to privilege escalation

2016-12-06

2016-12-06

2016-12-08

VU#548487

1.7

BSD libc contains a buffer overflow vulnerability in link_ntoa()

2016-12-06

2016-12-06

2016-12-12

VU#846103

6

Sungard eTRAKiT3 may be vulnerable to SQL injection

2016-11-30

2016-11-29

2016-12-02

VU#791496

6.5

Mozilla Firefox SVG animation nsSMILTimeContainer use-after-free vulnerability

2016-11-21

2016-11-21

2017-11-20

VU#633847

6.1

NTP.org ntpd contains multiple denial of service vulnerabilities

2016-11-17

2016-11-11

2016-11-17

VU#624539

6.3

Ragentek Android OTA update mechanism vulnerable to MITM attack

2016-11-16

2016-11-15

2016-11-16

VU#346175

5.3

Imagely NextGen Gallery plugin for Wordpress contains a local file inclusion vulnerability

2016-11-07

2016-11-07

2017-03-08

VU#677427

6

D-Link routers HNAP service contains stack-based buffer overflow

2016-10-25

2016-10-25

2016-10-25

VU#974055

1.4

iTrack Easy contains multiple vulnerabilities

2016-10-25

2016-10-25

2016-10-25

VU#402847

1.7

Zizai Tech Nut contains multiple vulnerabilities

2016-10-25

2016-10-25

2016-10-27

VU#617567

1.4

TrackR Bravo contains multiple vulnerabilities

2016-10-21

2016-10-20

2016-11-17

VU#243144

5.6

Linux kernel memory subsystem copy on write mechanism contains a race condition vulnerability

2016-10-20

2016-10-20

2016-10-20

VU#404187

4.7

Synology NAS servers contain insecure default credentials

2016-10-20

2016-10-20

2016-10-20

VU#970379

4.7

Green Packet DX-350 contains insecure default credentials

2016-10-20

2016-10-20

2016-10-20

VU#200907

3

Intellian Satellite TV t-Series and v-Series firmware contains insecure default credentials

2016-10-20

2016-10-20

2016-12-13

VU#326395

4.7

Nuuo NT-4040 firmware contains insecure default credentials

2016-10-17

2016-10-17

2016-10-28

VU#763843

6

ASUS RP-AC52 contains multiple vulnerabilities

2016-10-11

2016-10-10

2016-10-14

VU#396440

5.9

MatrixSSL contains multiple vulnerabilities

2016-10-04

2016-10-04

2016-10-11

VU#884840

6.5

Animas OneTouch Ping insulin pump contains multiple vulnerabilities

2016-09-30

2016-09-30

2016-10-10

VU#338624

1.8

U by BB&T iOS banking application fails to properly validate SSL certificates

2016-09-28

2016-09-28

2016-09-28

VU#706359

5.7

Aternity version 9 vulnerable to cross-site scripting and remote code execution

2016-09-13

2016-09-13

2016-09-22

VU#667480

2.3

AVer Information EH6108H+ hybrid DVR contains multiple vulnerabilities

2016-09-07

2016-09-06

2016-09-07

VU#282991

6.4

DEXIS Imaging Suite 10 contains hard-coded credentials

2016-09-06

2016-09-06

2016-09-07

VU#548399

7.1

Dentsply Sirona CDR DICOM contains multiple hard-coded credentials

2016-09-06

2016-09-06

2016-09-13

VU#619767

1.9

Open Dental uses blank database password by default

2016-09-06

2016-09-06

2016-09-09

VU#724487

6

Fortinet FortiWAN load balancer appliance contains multiple vulnerabilities

2016-08-26

2016-08-23

2016-08-26

VU#305607

5.3

Accellion Kiteworks contains multiple vulnerabilities

2016-08-16

2016-08-16

2016-08-16

VU#294272

4.8

ReadyDesk contains multiple vulnerabilities

2016-08-15

2016-08-15

2018-04-04

VU#905344

3.4

HTTP CONNECT and 407 Proxy Authentication Required messages are not integrity protected

2016-08-12

2016-08-11

2016-08-26

VU#301735

2.1

Zmodo ZP-NE14-S DVR and ZP-IBH-13W cameras contain hard-coded credentials

2016-08-11

2016-08-11

2016-08-12

VU#332115

6.3

D-Link routers contain buffer overflow vulnerability

2016-08-08

2016-08-06

2016-08-08

VU#735416

1

UltraVNC repeater does not restrict IP addresses or ports by default

2016-08-04

2016-08-04

2017-07-11

VU#877625

1.7

Proxy auto-config (PAC) files have access to full HTTPS URLs

2016-08-04

2016-08-04

2016-08-05

VU#856152

7

NUUO and Netgear Network Video Recorder (NVR) products web interfaces contain multiple vulnerabilities

2016-08-01

2016-08-01

2016-08-02

VU#603047

6.2

Crestron AirMedia AM-100 contains multiple vulnerabilities

2016-08-01

2016-08-01

2016-08-01

VU#974424

6.2

Crestron Electronics DM-TXRX-100-STR web interface contains multiple vulnerabilities

2016-07-29

2016-07-29

2016-07-29

VU#217871

3.4

Intel CrossWalk project does not validate SSL certificates after first acceptance

2016-07-19

2016-07-19

2016-08-08

VU#682704

2.2

Misys FusionCapital Opics Plus contains multiple vulnerabilities

2016-07-19

2016-07-18

2016-08-26

VU#790839

5.4

Objective Systems ASN1C generates code that contains a heap overflow vulnerability

2016-07-18

2016-07-18

2016-07-19

VU#797896

1.1

CGI web servers assign Proxy header values from client requests to internal HTTP_PROXY environment variables

2016-07-13

2016-07-13

2016-07-13

VU#665280

3.5

Accela Civic Platform Citizen Access portal contains multiple vulnerabilities

2016-07-12

2016-07-12

2016-07-12

VU#123799

4.4

libbpg contains a type confusion vulnerability that leads to out of bounds write

2016-07-05

2016-07-05

2016-07-05

VU#690343

3.4

Acer Portal app for Android does not properly validate SSL certificates

2016-06-23

2016-06-23

2016-06-23

VU#302544

3

Alertus Desktop Notification for OS X sets insecure permissions for configuration and other files

2016-06-20

2016-06-20

2016-06-20

VU#143335

4

mDNSResponder contains multiple memory-based vulnerabilities

2016-06-15

2016-06-14

2016-06-16

VU#748992

7.1

Adobe Flash memory corruption vulnerability

2016-06-10

2016-06-10

2016-07-01

VU#778696

5.6

Netgear D6000 and D3600 contain hard-coded cryptographic keys and are vulnerable to authentication bypass

2016-06-02

2016-06-02

2016-06-06

VU#321640

6.4

NTP.org ntpd is vulnerable to denial of service and other vulnerabilities

2016-06-01

2016-06-01

2016-12-21

VU#754056

5.8

Fonality contains a hard-coded password and embedded SSL private key

2016-05-26

2016-05-26

2016-05-26

VU#482135

2

MEDHOST Perioperative Information Management System contains hard-coded database credentials

2016-05-19

2016-05-11

2016-06-14

VU#204232

4.6

Up.time agent for Linux does not authenticate a user before allowing read access to the file system

2016-05-17

2016-05-17

2016-05-17

VU#586503

5.9

Chef Manage deserializes cookie data insecurely

2016-05-13

2016-05-13

2016-05-13

VU#785823

4.9

Lantronix xPrintServer contains multiple vulnerabilities

2016-05-04

2016-05-03

2016-05-04

VU#250519

7.3

ImageMagick does not properly validate input before processing images using a delegate

2016-05-04

2013-07-10

2016-05-04

VU#369800

7.4

Little CMS 2 DefaultICCintents double-free vulnerability

2016-05-02

2016-05-01

2016-05-04

VU#862384

4.6

libarchive contains a heap-based buffer overflow due to improper input validation

2016-04-29

2016-04-21

2016-04-29

VU#505560

4.4

Accellion File Transfer Appliance (FTA) contains multiple vulnerabilities

2016-04-27

2016-04-26

2016-04-28

VU#718152

5.3

NTP.org ntpd contains multiple vulnerabilities

2016-04-25

2016-04-29

2016-05-02

VU#229047

4.8

Allround Automations PL/SQL Developer v11 performs updates over HTTP

2016-04-22

2016-04-22

2016-04-22

VU#822980

7.1

SysLINK M2M Modular Gateway contains multiple vulnerabilities

2016-04-22

2016-04-18

2016-04-22

VU#267328

6.3

HP Data Protector does not perform authentication and contains an embedded SSL private key

2016-04-12

2016-04-12

2016-04-14

VU#813296

6.9

Microsoft Windows and Samba may allow spoofing of authenticated users ("Badlock")

2016-04-07

2016-04-07

2016-04-20

VU#615456

6.7

Lemur Vehicle Monitors BlueDriver LSB2 does not authenticate users for Bluetooth access

2016-03-30

2016-02-15

2016-03-30

VU#344432

2.4

Patterson Dental Eaglesoft uses a hard-coded database password across installations

2016-03-28

2016-03-28

2016-03-28

VU#732760

1.8

Autodesk Backburner Manager contains a stack-based buffer overflow vulnerability

2016-03-26

2016-03-25

2016-03-26

VU#319816

3.8

npm fails to restrict the actions of malicious npm packages

2016-03-24

2016-03-24

2016-03-24

VU#279472

1.4

Granite Data Services AMF framework fails to properly parse XML input containing a reference to external entities

2016-03-17

2016-03-17

2016-04-18

VU#897144

4.4

Solarwinds Dameware Remote Mini Controller Windows service is vulnerable to stack buffer overflow

2016-03-11

2016-03-10

2016-03-14

VU#713312

2.3

DTE Energy Insight app vulnerable to information exposure

2016-03-10

2016-03-10

2016-03-10

VU#270232

1.5

Quagga bgpd with BGP peers enabled for VPNv4 contains a buffer overflow vulnerability

2016-03-01

2016-03-01

2016-03-14

VU#583776

6.5

Network traffic encrypted using RSA-based SSL certificates over SSLv2 may be decrypted by the DROWN attack

2016-02-29

2016-02-24

2016-03-04

VU#938151

4.6

Forwarding Loop Attacks in Content Delivery Networks may result in denial of service

2016-02-29

2016-02-25

2017-07-18

VU#419128

6.7

IKE/IKEv2 protocol implementations may allow network amplification attacks

2016-02-25

2016-02-25

2016-02-25

VU#444472

5.6

QNAP Signage Station and iArtist Lite contain multiple vulnerabilities

2016-02-24

2016-02-23

2016-03-01

VU#981271

1.9

Multiple wireless keyboard/mouse devices use an unsafe proprietary wireless protocol

2016-02-22

2016-02-22

2016-04-04

VU#485744

5.9

Flexera Software FlexNet Publisher lmgrd contains a buffer overflow vulnerability

2016-02-17

2016-02-17

2016-02-19

VU#899080

6.4

Zhuhai Raysharp firmware for DVRs from multiple vendors contains hard-coded credentials

2016-02-17

2016-02-17

2016-02-17

VU#923388

6.2

Swann SRNVW-470 allows unauthorized access to video stream and contains a hard-coded password

2016-02-17

2016-02-16

2016-03-14

VU#457759

8.1

glibc vulnerable to stack buffer overflow in DNS resolver

2016-02-16

2016-02-16

2016-11-09

VU#507216

5.2

Hirschmann "Classic Platform" switches reveal administrator password in SNMP community string by default

2016-02-11

2016-02-11

2016-02-16

VU#327976

5.9

Cisco Adaptive Security Appliance (ASA) IKEv1 and IKEv2 contains a buffer overflow vulnerability

2016-02-04

2016-02-04

2016-02-08

VU#305096

1.6

Comodo Chromodo browser with Ad Sanitizer does not enforce same origin policy and is based on an outdated version of Chromium

2016-02-03

2016-02-03

2016-02-04

VU#777024

5.6

Netgear Management System NMS300 contains arbitrary file upload and path traversal vulnerabilities

2016-02-02

2016-02-02

2016-02-02

VU#544527

2.1

OpenELEC and RasPlex have a hard-coded SSH root password

2016-02-02

2016-02-02

2016-02-02

VU#719736

4.4

Fisher-Price Smart Toy platform allows some unauthenticated web API commands

2016-02-01

2016-02-01

2016-02-01

VU#972224

1

Huawei Mobile WiFi E5151 and E5186 routers use insufficiently random values for DNS queries

2016-01-28

2016-01-28

2016-01-29

VU#257823

6.9

OpenSSL re-uses unsafe prime numbers in Diffie-Hellman protocol

2016-01-21

2016-01-21

2016-01-27

VU#992624

5.9

Harman AMX multimedia devices contain hard-coded credentials

2016-01-20

2016-01-19

2016-01-20

VU#916896

5.9

Oracle Outside In 8.5.2 contains multiple stack buffer overflows

2016-01-20

2016-01-12

2016-03-10

VU#772447

2.9

ffmpeg and Libav cross-domain information disclosure vulnerability

2016-01-14

2016-01-14

2016-01-20

VU#456088

2.7

OpenSSH Client contains a client information leak vulnerability and buffer overflow

2016-01-12

2016-01-11

2016-01-25

VU#913000

5

Samsung SRN-1670D camera contains multiple vulnerabilities

2016-01-07

2015-12-19

2016-01-07

VU#753264

5.9

IPSwitch WhatsUp Gold does not validate commands when deserializing XML objects

2016-01-05

2016-01-05

2016-01-05

VU#418072

4.2

Comcast XFINITY Home Security fails to properly handle wireless communications disruption

2016-01-04

2015-01-04

2016-01-04

VU#820196

1.8

Furuno Voyage Data Recorder (VDR) moduleserv firmware update utility fails to properly sanitize user-provided input

2015-12-21

2015-12-17

2015-12-22

VU#640184

6.2

Juniper ScreenOS contains multiple vulnerabilities

2015-12-18

2015-12-18

2015-12-18

VU#757840

1.5

Dovestones Software AD Self Password Reset fails to properly restrict password reset request to authorized users

2015-12-16

2015-12-16

2015-12-27

VU#176160

4.4

IPswitch WhatsUp Gold contains multiple XSS vulnerabilities and a SQLi

2015-12-10

2015-12-10

2015-12-10

VU#403568

1.1

Netgear G54/N150 Wireless Router WNR1000v3 uses insufficiently random values for DNS queries

2015-12-10

2015-12-10

2016-01-25

VU#646008

1.1

Buffalo AirStation Extreme N600 Router WZR-600DHP2 uses insufficiently random values for DNS queries

2015-12-10

2015-12-10

2015-12-10

VU#330000

1.6

ZyXEL NBG-418N router uses default credentials and is vulnerable to cross-site request forgery

2015-12-10

2015-12-10

2015-12-10

VU#167992

1.6

ReadyNet WRT300N-DD Wireless Router contains multiple vulnerabilities

2015-12-10

2015-12-10

2015-12-10

VU#763576

1.6

Amped Wireless R10000 router contains multiple vulnerabilities

2015-12-08

2015-12-08

2016-05-16

VU#377260

4.1

Up.time agent for Windows contains multiple vulnerabilities

2015-12-08

2015-12-08

2015-12-08

VU#439016

4.4

TaxiHail Android mobile app contains multiple vulnerabilties

2015-12-04

2015-12-03

2017-03-22

VU#294607

6.7

Lenovo Solution Center LSCTaskService privilege escalation, directory traversal, and CSRF

2015-12-01

2015-11-30

2015-12-09

VU#630239

4.9

Epiphany Cardio Server is vulnerable to SQL and LDAP injection

2015-11-30

2015-11-30

2015-11-30

VU#792004

5.5

RSI Video Technologies Videofied security system Frontel software uses an insecure custom protocol

2015-11-25

2015-11-25

2016-09-06

VU#566724

3.5

Embedded devices use non-unique X.509 certificates and SSH host keys

2015-11-24

2015-11-24

2015-12-01

VU#925497

6.4

Dell System Detect installs root certificate and private key (DSDTestProvider)

2015-11-24

2015-11-23

2015-12-01

VU#870761

6.5

Dell Foundation Services installs root certificate and private key (eDellRoot)

2015-11-23

2015-11-23

2015-11-23

VU#428280

2

CSL DualCom GPRS CS2300-R alarm signalling boards contain multiple vulnerabilties

2015-11-20

2015-11-20

2015-11-23

VU#419568

6.7

ARRIS cable modems generate passwords deterministically and contain XSS and CSRF vulnerabilities

2015-11-13

2015-01-28

2018-08-27

VU#576313

6.4

Apache Commons Collections Java library insecurely deserializes data

2015-11-06

2015-11-06

2015-11-09

VU#438928

2

Huawei HG532 routers contain a path traversal vulnerability

2015-11-03

2015-11-03

2015-11-04

VU#391604

5.9

ZTE ZXHN H108N R1A routers contain multiple vulnerabilities

2015-11-03

2015-11-03

2015-11-06

VU#866432

2.1

Commvault Edge Server deserializes cookie data insecurely

2015-11-02

2015-10-31

2015-11-02

VU#316888

4.4

MobaXterm server may allow arbitrary command injection due to missing X11 authentication

2015-10-29

2015-10-29

2015-10-29

VU#573848

5.1

Qolsys IQ Panel contains multiple vulnerabilities

2015-10-27

2015-10-19

2015-11-03

VU#350508

4.6

HP ArcSight SmartConnector fails to properly validate SSL and contains a hard-coded password

2015-10-27

2015-10-27

2015-11-19

VU#672500

4.1

EPSON Network Utility installs EpsonBidirectionalService with insecure permissions

2015-10-21

2015-10-21

2015-10-21

VU#840844

4.4

HP Photosmart B210 printer SMB server buffer overflow vulnerability

2015-10-20

2015-07-20

2017-08-14

VU#966927

5.9

HP Client Automation and Radia Client Automation is vulnerable to remote code execution

2015-10-20

2015-07-30

2015-10-21

VU#935424

1

Virtual Machine Monitors (VMM) contain a memory deduplication vulnerability

2015-10-20

2015-10-20

2015-10-20

VU#675052

5

Medicomp MEDCIN Engine contains multiple vulnerabilities

2015-10-19

2015-10-19

2015-10-26

VU#842252

2.3

HP ArcSight Logger contains multiple vulnerabilities

2015-10-16

2015-10-13

2015-10-20

VU#943167

4.7

Voice over LTE implementations contain multiple vulnerabilities

2015-10-13

2015-10-13

2015-10-29

VU#870744

5.3

ZyXEL NBG-418N, PMG5318-B20A and P-660HW-T1 routers contain multiple vulnerabilities

2015-10-12

2015-10-12

2015-10-13

VU#751328

3.9

QNAP QTS is vulnerable to a path traversal attack when used with the AFP protocol and OS X

2015-09-30

2015-09-30

2015-09-30

VU#693036

6.4

Datalex airline booking software allowed authorization bypass for arbitrary users

2015-09-24

2015-08-13

2015-10-28

VU#804060

5.8

Cookies set via HTTP requests may be used to bypass HTTPS and reveal private information

2015-09-21

2015-09-21

2015-09-21

VU#374092

1.7

Web Reference Database (refbase) contains multiple vulnerabilities

2015-09-10

2015-09-10

2015-09-15

VU#906576

4.4

Securifi Almond routers contains multiple vulnerabilities

2015-09-09

2015-07-14

2015-09-10

VU#549807

5.9

Impero Education Pro classroom management software vulnerable to remote code execution

2015-09-03

2015-09-03

2016-05-31

VU#630872

4.6

Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N contains multiple vulnerabilities

2015-09-03

2015-08-31

2015-09-03

VU#845332

3.8

OrientDB and Studio prior to version 2.1.1 contain multiple vulnerabilities

2015-09-01

2015-09-01

2015-12-08

VU#903500

4.5

Seagate and LaCie wireless storage products contain multiple vulnerabilities

2015-08-31

2015-08-31

2016-09-22

VU#201168

4.6

Belkin N600 DB Wireless Dual Band N+ router contains multiple vulnerabilities

2015-08-31

2015-08-31

2016-01-04

VU#361684

3.7

Router devices do not implement sufficient UPnP authentication and security

2015-08-31

2015-08-31

2016-04-17

VU#525276

4.7

Philippine Long Distance Telephone SpeedSurf 504AN and Kasda KW58293 contain multiple vulnerabilities

2015-08-25

2015-08-25

2015-08-27

VU#950576

6

DSL routers contain hard-coded "XXXXairocon" credentials

2015-08-20

2015-08-20

2015-08-20

VU#276148

6.4

Dedicated Micros DVR products use plaintext protocols and require no password by default

2015-08-18

2015-08-18

2015-08-18

VU#248692

3

Trend Micro Deep Discovery threat appliance contains multiple vulnerabilities

2015-08-17

2015-07-31

2015-08-17

VU#300820

6.4

Cisco Prime Infrastructure contains SUID root binaries

2015-08-11

2015-08-11

2015-08-11

VU#335192

4.9

Actiontec GT784WN Wireless N DSL Modem contains multiple vulnerabilities

2015-08-11

2015-08-11

2015-08-28

VU#209512

7.1

Mobile Devices C4 ODB2 dongle contains multiple vulnerabilities

2015-08-07

2015-08-07

2015-08-10

VU#628568

6.7

Sierra Wireless GX, ES, and LS gateways running ALEOS contain hard-coded credentials

2015-07-31

2015-07-31

2015-07-31

VU#360431

4.8

Chiyu Technology fingerprint access control contains multiple vulnerabilities

2015-07-30

2015-07-30

2015-08-12

VU#577140

7.2

BIOS implementations fail to properly set UEFI write protections after waking from sleep mode

2015-07-28

2015-07-21

2016-01-08

VU#924951

3.5

Android Stagefright contains multiple vulnerabilities

2015-07-24

2015-07-21

2015-09-14

VU#819439

6.2

Fiat Chrysler Automobiles UConnect allows a vehicle to be remotely controlled

2015-07-24

2015-07-24

2017-03-22

VU#857948

1.8

Honeywell Tuxedo Touch Controller contains multiple vulnerabilities

2015-07-20

2015-07-20

2015-07-20

VU#912036

4.9

N-Able RSMWinService contains hard coded security constants allowing decryption of domain administrator password

2015-07-20

2015-07-16

2015-07-20

VU#813631

0.9

Total Commander File Info plugin vulnerable to denial of service via an out-of-bounds read

2015-07-13

2015-07-13

2015-07-13

VU#919604

2.5

Kaseya Virtual System Administrator contains multiple vulnerabilities

2015-07-12

2015-07-05

2015-07-14

VU#918568

6.7

Adobe Flash ActionScript 3 BitmapData memory corruption vulnerability

2015-07-11

2015-07-05

2015-07-14

VU#338736

7.5

Adobe Flash ActionScript 3 opaqueBackground use-after-free vulnerability

2015-07-08

2015-07-05

2015-07-14

VU#103336

6.8

Windows Adobe Type Manager privilege escalation vulnerability

2015-07-07

2015-07-07

2015-07-07

VU#253708

3.8

Grandsteam GXV3611_HD camera is vulnerable to SQL injection

2015-07-07

2015-07-05

2015-07-11

VU#561288

7.1

Adobe Flash ActionScript 3 ByteArray use-after-free vulnerability

2015-07-06

2015-07-06

2015-07-06

VU#485324

4.6

ANTLabs InnGate gateway device contains SQL injection and reflected cross-site scripting vulnerabilities

2015-06-16

2015-06-16

2015-06-25

VU#155412

4.5

Samsung Galaxy S phones fail to properly validate SwiftKey language pack updates

2015-06-16

2015-06-05

2015-06-16

VU#842780

3.5

Vesta Control Panel is vulnerable to cross-site request forgery

2015-06-16

2015-06-15

2015-06-16

VU#626420

1.3

Pearson ProctorCache contains hard coded credentials

2015-06-15

2014-07-09

2015-06-15

VU#101500

4.6

Retrospect Backup Client uses weak password hashing

2015-06-10

2015-06-08

2015-06-10

VU#555984

4.6

Avigilon Control Center is vulnerable to path traversal

2015-06-09

2015-06-08

2015-06-10

VU#810572

5.5

CUPS print service is vulnerable to privilege escalation and cross-site scripting

2015-06-08

2015-06-08

2015-07-01

VU#595884

2

Aptexx Resident Anywhere exposes sensitive account information

2015-06-08

2015-06-08

2015-06-08

VU#924506

3.4

Toshiba 4690 OS contains an information disclosure vulnerability

2015-06-08

2015-06-08

2015-06-08

VU#301788

4.5

Toshiba CHEC contains a hard-coded cryptographic key

2015-06-04

2015-06-04

2015-06-05

VU#264092

5

McAfee ePolicy Orchestrator fails to properly validate SSL/TLS certificates

2015-05-29

2015-05-29

2015-06-02

VU#498348

4

Blue Coat SSL Visibility Appliance contains multiple vulnerabilities

2015-05-26

2015-05-26

2015-05-27

VU#551972

1.3

Synology Cloud Station sync client for OS X allows regular users to claim ownership of system files

2015-05-19

2015-05-19

2015-06-05

VU#177092

3.7

KCodes NetUSB kernel driver is vulnerable to buffer overflow

2015-05-08

2015-04-27

2015-05-08

VU#110532

5.3

Subrion CMS vulnerable to SQL injection by an authenticated user

2015-05-05

2015-05-05

2015-05-05

VU#978652

1.3

Bomgar Remote Support Portal deserializes untrusted data

2015-05-04

2015-05-04

2015-08-03

VU#602540

3.4

ICU Project ICU4C library contains multiple overflow vulnerabilities

2015-04-30

2015-04-30

2015-04-30

VU#581276

6.3

EMC AutoStart is vulnerable to remote code execution via specially crafted packets

2015-04-28

2015-04-28

2015-04-28

VU#534407

5.2

Barracuda Web Filter insecurely performs SSL inspection

2015-04-20

2015-04-20

2015-05-07

VU#260780

4.9

NetNanny uses a shared private key and root CA

2015-04-17

2015-04-17

2015-04-17

VU#750060

4

Hewlett-Packard Network Automation contains multiple vulnerabilities

2015-04-14

2015-04-14

2015-04-17

VU#274244

3.9

Blue Coat Malware Analysis appliance contains a cross-site scripting (XSS) vulnerability and information disclosure

2015-04-14

2015-04-14

2015-04-14

VU#697316

5.5

SearchBlox contains multiple vulnerabilities

2015-04-13

2015-04-13

2017-09-05

VU#672268

5.7

Microsoft Windows NTLM automatically authenticates via SMB when following a file:// URL

2015-04-07

2015-04-07

2015-04-10

VU#374268

4.2

NTP Project ntpd reference implementation contains multiple vulnerabilities

2015-04-02

2015-04-02

2015-04-02

VU#924124

3.6

X-Cart contains multiple vulnerabilities

2015-03-31

2015-03-31

2015-05-15

VU#550620

3.9

Multicast DNS (mDNS) implementations may respond to unicast queries originating outside the local link

2015-03-27

2008-12-31

2015-04-07

VU#591120

6.4

Multiple SSL certificate authorities use predefined email addresses as proof of domain ownership

2015-03-26

2015-03-26

2015-03-26

VU#930956

6.2

Multiple ANTlabs InnGate models allow unauthenticated read/write to filesystem

2015-03-20

2015-03-20

2015-07-08

VU#631788

5.3

BIOS implementations permit unsafe SMM function calls to memory locations outside of SMRAM

2015-03-20

2011-01-31

2015-09-08

VU#894897

7.3

NSIS Inetc plug-in fails to validate SSL certificates

2015-03-17

2015-03-12

2015-03-17

VU#868948

1.8

HP ArcSight contains multiple vulnerabilities

2015-03-16

2015-03-13

2015-03-16

VU#184100

5.9

D-Link DAP-1320 Rev Ax is vulnerable to a command injection

2015-03-16

2015-03-13

2015-03-16

VU#377348

6.1

D-Link DCS-93xL model family allows unrestricted upload

2015-03-10

2015-03-10

2015-03-13

VU#794095

1.2

Telerik Analytics Monitor Library allows DLL hijacking

2015-03-06

2015-03-06

2015-10-27

VU#243585

6.4

SSL/TLS implementations accept export-grade RSA keys (FREAK attack)

2015-03-03

2015-03-02

2015-03-03

VU#302668

1.3

ShareLaTeX vulnerable to remote command execution and information disclosure

2015-02-27

2015-02-26

2015-03-05

VU#632140

3.9

Multiple Toshiba products are vulnerable to trusted service path privilege escalation

2015-02-23

2015-02-22

2015-02-26

VU#366544

8

Adtrustmedia PrivDog fails to validate SSL certificates

2015-02-19

2015-02-19

2015-03-17

VU#529496

8.6

Komodia Redirector with SSL Digestor fails to properly validate SSL and installs non-unique root CA certificates and private keys

2015-02-13

2015-02-04

2015-02-27

VU#695940

2.9

Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability

2015-02-13

2015-02-13

2015-02-13

VU#787252

8.5

Microsoft Windows domain-configured client Group Policy fails to authenticate servers

2015-02-05

2014-02-05

2015-02-10

VU#377644

3.2

Ektron Content Management System (CMS) contains multiple vulnerabilities

2015-02-05

2015-02-05

2015-02-06

VU#669156

1.3

Topline Systems Opportunity Form vulnerable to information disclosure

2015-02-02

2015-02-02

2015-02-02

VU#522460

5.9

SerVision HVG Video Gateway web interface contains multiple vulnerabilities

2015-01-28

2015-01-28

2015-10-22

VU#967332

5.9

GNU C Library (glibc) __nss_hostname_digits_dots() function vulnerable to buffer overflow

2015-01-23

2015-01-23

2015-01-23

VU#546340

2.5

QPR Portal contains multiple vulnerabilities

2015-01-23

2015-01-23

2015-01-29

VU#637068

5.8

LabTech contains privilege escalation vulnerability

2015-01-21

2015-01-21

2015-01-21

VU#110652

5

iPass Open Mobile Windows Client contains a remote code execution vulnerability

2015-01-16

2015-01-16

2015-01-21

VU#936356

6.8

Ceragon FiberAir IP-10 Microwave Bridge contains a default root password

2015-01-13

2014-12-11

2015-01-13

VU#117604

1

Panasonic Arbitrator Back-End Server (BES) uses unencrypted communication

2015-01-05

2014-12-28

2015-08-03

VU#976132

5.6

UEFI implementations do not properly secure the EFI S3 Resume Boot Path boot script

2015-01-05

2014-12-28

2015-07-23

VU#766164

5.3

Intel BIOS locking mechanism contains race condition that enables write protection bypass

 

20