U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
There are 229,331 matching records.
Displaying matches 145,501 through 145,520.
Vuln ID Summary CVSS Severity
CVE-2015-6021

Spiceworks Desktop before 2015-12-01 has XSS via an SNMP response.

Published: April 09, 2017; 11:59:00 PM -0400
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2015-2889

Summer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to gain privileges via manual entry of a Settings URL.

Published: April 09, 2017; 11:59:00 PM -0400
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2015-2888

Summer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to bypass authentication, related to the MySnapCam web service.

Published: April 09, 2017; 11:59:00 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2015-2887

iBaby M3S has a password of admin for the backdoor admin account.

Published: April 09, 2017; 11:59:00 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2015-2886

iBaby M6 allows remote attackers to obtain sensitive information, related to the ibabycloud.com service.

Published: April 09, 2017; 11:59:00 PM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2015-2885

Lens Peek-a-View has a password of 2601hx for the backdoor admin account, a password of user for the backdoor user account, and a password of guest for the backdoor guest account.

Published: April 09, 2017; 11:59:00 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2015-2884

Philips In.Sight B120/37 allows remote attackers to obtain sensitive information via a direct request, related to yoics.net URLs, stream.m3u8 URIs, and cam_service_enable.cgi.

Published: April 09, 2017; 11:59:00 PM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2015-2883

Philips In.Sight B120/37 has XSS, related to the Weaved cloud web service, as demonstrated by the name parameter to deviceSettings.php or shareDevice.php.

Published: April 09, 2017; 11:59:00 PM -0400
V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2015-2882

Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448 for the backdoor admin account.

Published: April 09, 2017; 11:59:00 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2015-2881

Gynoii has a password of guest for the backdoor guest account and a password of 12345 for the backdoor admin account.

Published: April 09, 2017; 11:59:00 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2015-2880

TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account.

Published: April 09, 2017; 11:59:00 PM -0400
V3.0: 8.8 HIGH
V2.0: 9.0 HIGH
CVE-2014-2960

Vision Critical before 2014-05-30 allows attackers to read arbitrary files via unspecified vectors, as demonstrated by image files and configuration files.

Published: April 09, 2017; 11:59:00 PM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2017-7614

elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an "int main() {return 0;}" program.

Published: April 09, 2017; 10:59:00 AM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2017-7613

elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.

Published: April 09, 2017; 10:59:00 AM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-7612

The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

Published: April 09, 2017; 10:59:00 AM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-7611

The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

Published: April 09, 2017; 10:59:00 AM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-7610

The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

Published: April 09, 2017; 10:59:00 AM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-7609

elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.

Published: April 09, 2017; 10:59:00 AM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-7608

The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

Published: April 09, 2017; 10:59:00 AM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-7607

The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

Published: April 09, 2017; 10:59:00 AM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM