2015-10-28
2015-10-28 10:59Z
CRIT

CVE-2015-6490 — Rockwellautomation Micrologix_1100_firmware: Stack-based buffer overflow on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2015-6490

Stack-based buffer overflow on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices through B FRN 15.003 allows remote attackers to execute arbitrary code via unspecified vectors. CVSSv3.1 9.8 (CRITICAL) · EPSS 81th percentile

CWECWE 121CWECWE 119VNDStackVNDRockwellautomationTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2015-10-18
2015-10-18 19:59Z
MED

CVE-2015-6477 — Nordex Nordex_control_2_scada: Multiple cross-site scripting (XSS) vulnerabilities in the Wind Farm Portal application in Nordex Control

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2015-6477

Multiple cross-site scripting (XSS) vulnerabilities in the Wind Farm Portal application in Nordex Control 2 (NC2) SCADA 16 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. CVSSv3.1 6.1 (MEDIUM) · EPSS 97th percentile

CWECWE 79VNDXssVNDNordexTYPVulnerability
6.1
CVSS v3.1
90
Edit Score
2015-10-06
2015-10-06 01:59Z
CRIT

CVE-2015-0987 — Omron Cx-programmer: CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2015-0987

Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remote attackers to obtain sensitive information by sniffing the network during a PLC unlock request. CVSSv3.1 10.0 (CRITICAL) · EPSS 67th percentile

CWECWE 319CWECWE 200VNDOmronTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2015-08-03
2015-08-03 01:59Z
HIGH

CVE-2015-5600 — Openbsd Openssh: The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2015-5600

The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this l CVSSv3.1 8.1 (HIGH) · EPSS 99th percentile

CWECWE 400CWECWE 264TYPVulnerability
8.1
CVSS v3.1
100
Edit Score
2015-07-02
2015-07-02 21:59Z
CRIT

CVE-2015-0192 — Ibm Java: Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2015-0192

Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine. CVSSv3.1 9.8 (CRITICAL) · EPSS 85th percentile

CWECWE 269VNDIbmVNDUnspecifiedTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2015-05-21
2015-05-21 00:59Z
LOW

CVE-2015-4000 — Openssl Openssl: The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2015-4000

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. CVSSv3.1 3.7 (LOW) · EPSS 100th percentile

CWECWE 295CWECWE 310VNDCanonicalVNDOpensslTYPVulnerability
3.7
CVSS v3.1
97
Edit Score
2015-04-01
2015-04-01 02:00Z
CRIT

CVE-2015-2808 — Oracle Communications_application_session_controller: The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2015-2808

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue. CVSSv3.1 10.0 (CRITICAL) · EPSS 97th percentile

CWECWE 327VNDOracleVNDRc4TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
728 × 90 / responsive · programmatic ad slot
2015-03-07
2015-03-07 02:59Z
HIGH

CVE-2015-2177 — Siemens Simatic_s7-300_cpu_firmware: SIMATIC S7-300 CPU devices allow remote attackers to cause a denial of service

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2015-2177

Siemens SIMATIC S7-300 CPU devices allow remote attackers to cause a denial of service (defect-mode transition) via crafted packets on (1) TCP port 102 or (2) Profibus. CVSSv3.1 7.5 (HIGH) · EPSS 98th percentile

CWECWE 20VNDSiemensTYPVulnerability
7.5
CVSS v3.1
100
Edit Score
2014-10-15
2014-10-15 00:55Z
LOW

CVE-2014-3566 — Redhat Enterprise_linux: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2014-3566

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. CVSSv3.1 3.4 (LOW) · EPSS 100th percentile

CWECWE 310CWECWE 329VNDSslTYPVulnerability
3.4
CVSS v3.1
95
Edit Score
2014-08-12
2014-08-12 21:55Z
HIGH

CVE-2014-2815 — Microsoft Onenote: 2007 SP3 allows remote attackers to execute arbitrary code via a crafted

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2014-2815

Microsoft OneNote 2007 SP3 allows remote attackers to execute arbitrary code via a crafted OneNote file that triggers creation of an executable file in a startup folder, aka "OneNote Remote Code Execution Vulnerability." CVSSv3.1 8.8 (HIGH)

VNDMicrosoftTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2014-06-18
2014-06-18 19:55Z
CRIT

CVE-2013-5017 — Symantec Web_gateway: SNMPConfig.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2013-5017

SNMPConfig.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote attackers to execute arbitrary commands via unspecified vectors. CVSSv3.1 9.8 (CRITICAL)

VNDSymantecVNDSnmpconfigTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2014-04-30
2014-04-30 10:49Z
CRIT

CVE-2014-1532 — Mozilla Firefox: Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2014-1532

Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to host resolution. CVSSv3.1 9.8 (CRITICAL)

CWECWE 416VNDMozillaVNDFedoraprojectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2014-04-30
2014-04-30 10:49Z
HIGH

CVE-2014-1531 — Mozilla Firefox: Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2014-1531

Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving an imgLoader object that is not properly handled during an image-resize operation. CVSSv3.1 8.8 (HIGH)

CWECWE 416VNDMozillaVNDCanonicalTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2014-04-30
2014-04-30 10:49Z
HIGH

CVE-2014-1529 — Mozilla Firefox: The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2014-1529

The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for which Notification.permission is granted. CVSSv3.1 8.8 (HIGH)

CWECWE 269VNDMozillaVNDCanonicalTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2014-04-30
2014-04-30 10:49Z
CRIT

CVE-2014-1524 — Mozilla Firefox: The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2014-1524

The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted JavaScript code that accesses a non-XBL object as if it were an XBL object. CVSSv3.1 9.8 (CRITICAL)

CWECWE 120VNDMozillaVNDCanonicalTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2014-04-30
2014-04-30 10:49Z
HIGH

CVE-2014-1518 — Mozilla Firefox: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2014-1518

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVSSv3.1 8.8 (HIGH)

VNDMozillaVNDFedoraprojectTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2014-03-19
2014-03-19 10:55Z
CRIT

CVE-2014-1514 — Mozilla Firefox: vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2014-1514

vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by triggering incorrect use of the TypedArrayObject class. CVSSv3.1 9.8 (CRITICAL)

CWECWE 787VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2014-03-19
2014-03-19 10:55Z
HIGH

CVE-2014-1513 — Mozilla Firefox: TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2014-1513

TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based out-of-bounds write or read) via a crafted web site. CVSSv3.1 8.8 (HIGH)

CWECWE 787VNDMozillaVNDTypedarrayobjectTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2014-03-19
2014-03-19 10:55Z
CRIT

CVE-2014-1511 — Mozilla Firefox: before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2014-1511

Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors. CVSSv3.1 9.8 (CRITICAL)

CWECWE 269VNDMozillaVNDCanonicalTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2014-03-19
2014-03-19 10:55Z
CRIT

CVE-2014-1510 — Mozilla Firefox: The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2014-1510

The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call. CVSSv3.1 9.8 (CRITICAL)

CWECWE 269VNDMozillaVNDCanonicalTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2014-03-19
2014-03-19 10:55Z
HIGH

CVE-2014-1509 — Mozilla Firefox: Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2014-1509

Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that renders fonts in a PDF document. CVSSv3.1 8.8 (HIGH)

CWECWE 120VNDMozillaVNDBufferTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2014-03-19
2014-03-19 10:55Z
CRIT

CVE-2014-1508 — Mozilla Firefox: The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2014-1508

The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read and application crash), or possibly bypass the Same Origin Policy via vectors involving MathML polygon rendering. CVSSv3.1 9.1 (CRITICAL)

CWECWE 125VNDMozillaVNDPolygonTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2014-03-19
2014-03-19 10:55Z
HIGH

CVE-2014-1497 — Mozilla Firefox: The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2014-1497

The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service (out-of-bounds read and application crash), or possibly have unspecified other impact via a crafted WAV file. CVSSv3.1 8.8 (HIGH)

CWECWE 125VNDMozillaVNDWavereaderTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2014-03-19
2014-03-19 10:55Z
CRIT

CVE-2014-1493 — Mozilla Firefox: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2014-1493

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDMozillaVNDCanonicalTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2014-03-14
2014-03-14 15:55Z
CRIT

CVE-2014-2323 — Lighttpd Lighttpd: SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2014-2323

SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname. CVSSv3.1 9.8 (CRITICAL)

CWECWE 89VNDLighttpdTYPVulnerability
9.8
CVSS v3.1
99
Edit Score