Stack-based buffer overflow in the havok_write function in drivers/staging/havok/havok.c in Amazon Fire OS before 2016-01-15 allows attackers to cause a denial of service (panic) or possibly have unspecified other impact via a long string to /dev/hv.
Category Archives: NVD
National Vulnerability Database – This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
CVE-2016-5053
OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 allows remote attackers to execute arbitrary commands via TCP port 4000.
CVE-2015-6021
Spiceworks Desktop before 2015-12-01 has XSS via an SNMP response.
CVE-2016-5069
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL.
CVE-2015-2882
Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448 for the backdoor admin account.
CVE-2016-5066
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user.
CVE-2015-7275
Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS.
CVE-2016-5054
OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 allows Zigbee replay.
CVE-2015-6028
Castle Rock Computing SNMPc before 2015-12-17 has SQL injection via the sc parameter.
CVE-2016-5071
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root.