Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering an arbitrary program name in the Command field of the. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23129786. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23270724. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23227354. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
libutils in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22952485. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
libstagefright in Android 5.x before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22935234. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22882938. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23416608. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Skia, as used in Android before 5.1.1 LMY48T, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20723696. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Sonivox components in Android before 5.1.1 LMY48T allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23346388. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23031033. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23213430. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23306638. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23016072,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22771132. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23036083. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 21335999. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remote attackers to obtain sensitive. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Secure Element Evaluation Kit (aka SEEK or SmartCard API) plugin in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 19573085, a different vulnerability than. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
mediaserver in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bugs 20731946 and 20719651, a different vulnerability than CVE-2015-7717. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
Media Player Framework in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bug 23223325. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
The Runtime subsystem in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Algorithmic complexity vulnerability in Address.pm in the Email-Address module 1.908 and earlier for Perl allows remote attackers to cause a denial of service (CPU consumption) via a crafted string. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The HTTP application on Mitsubishi Electric MELSEC FX3G PLC devices before April 2015 allows remote attackers to cause a denial of service (device outage) via a long parameter. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.
Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.
The installer in ICZ MATCHA SNS before 1.3.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
The installer in ICZ MATCHA INVOICE before 2.5.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.
ICZ MATCHA SNS before 1.3.7 allows remote authenticated users to obtain administrative privileges via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
baserCMS before 3.0.8 allows remote authenticated users to modify arbitrary user settings via a crafted request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Multiple SQL injection vulnerabilities in ICZ MATCHA INVOICE before 2.5.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SQL injection vulnerability in baserCMS before 3.0.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Bluetooth in Android before 5.1.1 LMY48T allows attackers to remove stored SMS messages via a crafted application, aka internal bug 22343270. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM UrbanCode Deploy 6.0 and 6.0.1.x before 6.0.1.10, 6.1.1.x before 6.1.1.8, and 6.1.2 writes admin AUTH_TOKEN values to execution logs, which allows remote authenticated users to gain privileges by. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.
Directory traversal vulnerability in AjaXplorer 2.0 allows remote attackers to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22278703, a different. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22954006. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bugs 20915134 and 23142203, a different vulnerability. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Media Projection in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to bypass an intended screen-recording warning feature and obtain sensitive screen-snapshot information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
The Precious module in gollum before 4.0.1 allows remote attackers to read arbitrary files by leveraging the lack of a certain temporary-file check. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
Cross-site scripting (XSS) vulnerability in IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.3_2 allows remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.
Cross-site scripting (XSS) vulnerability in IBM Emptoris Supplier Lifecycle Management and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.
IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.3_2, when access by guests is enabled, place an internal hostname and a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
IBM Emptoris Sourcing 10.0.2.0 before iFix6, 10.0.2.2 before iFix11, 10.0.2.3, 10.0.2.5 before iFix4, 10.0.2.6 before iFix8, 10.0.2.7 before iFix1, and 10.0.4.x before iFix2 allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.