| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Ring (formerly DoorBot) video doorbells allow remote attackers to obtain sensitive information about the wireless network configuration by pressing the set up button and leveraging an API in the GainSpan Wi-Fi module. |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Codestyling Localization plugin 1.99.30 and earlier for Wordpress. |
| Vesta Control Panel before 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the backup parameter to list/backup/index.php. |
| SQL injection vulnerability in ConnX ESP HR Management 4.4.0 allows remote attackers to execute arbitrary SQL commands via the ctl00$cphMainContent$txtUserName parameter to frmLogin.aspx. |
| Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings. |
| The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings. |
| Multiple cross-site scripting (XSS) vulnerabilities in the WP Membership plugin 1.2.3 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via unspecified (1) profile fields or (2) new post content. NOTE: CVE-2015-4038 can be used to bypass the administrator confirmation step for vector 2. |
| Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger "unanticipated operations" by leveraging "elevated privileges" for an unspecified call to an incorrectly exposed function. |
| Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pump commands, and unauthorized configuration changes from unauthenticated devices on the host network. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue. |
| Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the pump. Hospira recommends that customers close Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue. |
| Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue. |
| Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue. |
| CodeIgniter Rest Server (aka codeigniter-restserver) 2.7.1 allows XXE attacks. |
| Multiple open redirect vulnerabilities in Bonita BPM Portal before 6.5.3 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the redirectUrl parameter to (1) bonita/login.jsp or (2) bonita/loginservice. |
| Jolla Sailfish OS before 1.1.2.16 allows remote attackers to spoof phone numbers and trigger calls to arbitrary numbers via spaces in a tel: URL. |
| bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to cause a denial of service (disabled functionality such as a client application crash) via an "Easy" attack. |
| Cross-site scripting (XSS) vulnerability in assets/js/vm2admin.js in the VirtueMart component before 3.0.8 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors involving a "double encode combination of first_name, last_name and company." |
| Cross-site scripting (XSS) vulnerability in Nagios Business Process Intelligence (BPI) before 2.3.4 allows remote attackers to inject arbitrary web script or HTML via vectors involving index.php. |
| A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page |
| A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page. |
