Latest CVE Feed
-
4.3
MEDIUMCVE-2015-2850
Cross-site scripting (XSS) vulnerability in index-login.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices allows remote attackers to inject arbitrary web script or HTML via the msg para... Read more
Affected Products : inngate_ig_3.01_e inngate_ig_3.10_e inngate_ig_3100 inngate_ig_3.10_m inngate_sg_4 inngate_ssg_4- EPSS Score: %0.50
- Published: Jul. 07, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-2849
SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli paramet... Read more
Affected Products : inngate_ig_3.01_e inngate_ig_3.10_e inngate_ig_3100 inngate_ig_3.10_m inngate_sg_4 inngate_ssg_4- EPSS Score: %0.31
- Published: Jul. 07, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-3216
Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a den... Read more
- EPSS Score: %1.17
- Published: Jul. 07, 2015
- Modified: Apr. 12, 2025
-
7.8
HIGHCVE-2015-3958
Hospira LifeCare PCA Infusion System 5.0 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (forced manual reboot) via a flood of TCP packets.... Read more
- EPSS Score: %3.14
- Published: Jul. 06, 2015
- Modified: Apr. 12, 2025
-
4.6
MEDIUMCVE-2015-3957
Hospira LifeCare PCA Infusion System before 7.0 stores private keys and certificates, which has unspecified impact and attack vectors.... Read more
- EPSS Score: %0.06
- Published: Jul. 06, 2015
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2015-3955
Stack-based buffer overflow in Hospira LifeCare PCA Infusion System 5.0 and earlier, and possibly other versions, allows remote attackers to execute arbitrary code via unspecified vectors.... Read more
- EPSS Score: %16.51
- Published: Jul. 06, 2015
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-1011
Hospira LifeCare PCA Infusion System before 7.0 has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.... Read more
- EPSS Score: %1.18
- Published: Jul. 06, 2015
- Modified: Apr. 12, 2025
-
9.3
HIGHCVE-2014-5406
The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote attackers to modify settings or medication data via pac... Read more
- EPSS Score: %0.61
- Published: Jul. 06, 2015
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-3281
The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous... Read more
- EPSS Score: %0.09
- Published: Jul. 06, 2015
- Modified: Apr. 12, 2025
-
2.1
LOWCVE-2014-9740
Cross-site scripting (XSS) vulnerability in the Rules Link module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer rules links" permission to inject arbitrary web script or HTML via unspecified vectors, which are no... Read more
Affected Products : rules_link- EPSS Score: %0.21
- Published: Jul. 06, 2015
- Modified: Apr. 12, 2025
-
3.5
LOWCVE-2014-9739
Cross-site scripting (XSS) vulnerability in the Node Field module 7.x-2.x before 7.x-2.45 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors involving internal fields.... Read more
Affected Products : node_field- EPSS Score: %0.16
- Published: Jul. 06, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2014-9738
Multiple cross-site scripting (XSS) vulnerabilities in the Tournament module 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via an (1) account username, a (2) node title, ... Read more
Affected Products : tournament- EPSS Score: %0.22
- Published: Jul. 06, 2015
- Modified: Apr. 12, 2025
-
5.8
MEDIUMCVE-2014-9737
Open redirect vulnerability in the Language Switcher Dropdown module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a block.... Read more
Affected Products : language_switcher_dropdown- EPSS Score: %0.25
- Published: Jul. 06, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2014-3653
Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted provisioning template.... Read more
Affected Products : foreman- EPSS Score: %0.28
- Published: Jul. 06, 2015
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2015-5371
The AuthenticationFilter class in SolarWinds Storage Manager allows remote attackers to upload and execute arbitrary scripts via unspecified vectors.... Read more
Affected Products : storage_manager- EPSS Score: %83.03
- Published: Jul. 06, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-4648
Stack-based buffer overflow in the Ipropsapi.ipropsapiCtrl.1 ActiveX control in ipropsapivideo in Panasonic Security API (PS-API) ActiveX SDK before 8.10.18 allows remote attackers to execute arbitrary code via a long string to the MulticastAddr method.... Read more
Affected Products : security_api_activex_sdk- EPSS Score: %2.70
- Published: Jul. 06, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2015-4647
Multiple stack-based buffer overflows in Ipropsapi in Panasonic Security API (PS-API) ActiveX SDK before 8.10.18 allow remote attackers to execute arbitrary code via a long string in the (1) FilePassword property or to the (2) GetStringInfo method.... Read more
Affected Products : security_api_activex_sdk- EPSS Score: %3.18
- Published: Jul. 06, 2015
- Modified: Apr. 12, 2025
-
7.8
HIGHCVE-2015-4230
Memory leak in Cisco Headend System Release allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, aka Bug ID CSCus91854.... Read more
Affected Products : headend_system_release- EPSS Score: %0.85
- Published: Jul. 06, 2015
- Modified: Apr. 12, 2025
-
7.9
HIGHCVE-2015-4034
The createFromParcel method in the com.absolute.android.persistence.MethodSpec class in Samsung Galaxy S5s allows remote attackers to execute arbitrary files via a crafted Parcelable object in a serialized MethodSpec object.... Read more
Affected Products : galaxy_s5- EPSS Score: %0.25
- Published: Jul. 06, 2015
- Modified: Apr. 12, 2025
-
3.3
LOWCVE-2015-4033
Samsung SBeam allows remote attackers to read arbitrary images by leveraging an NFC connection to access the HTTP server on port 15000.... Read more
Affected Products : s-beam- EPSS Score: %0.43
- Published: Jul. 06, 2015
- Modified: Apr. 12, 2025