Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-01-11 | CVE-2015-7024 | Unspecified vulnerability in Apple mac OS X Untrusted search path vulnerability in Apple OS X before 10.11.1 allows local users to bypass intended Gatekeeper restrictions and gain privileges via a Trojan horse program that is loaded from an unexpected directory by an application that has a valid Apple digital signature. | 6.7 |
| 2016-01-11 | CVE-2015-6980 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X Directory Utility in Apple OS X before 10.11.1 mishandles authentication for new sessions, which allows local users to gain privileges via unspecified vectors. | 7.8 |
| 2016-01-10 | CVE-2015-7466 | Injection vulnerability in IBM Jazz Reporting Service 6.0 Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended query restrictions or modify the LDAP directory, via unspecified vectors. | 3.1 |
| 2016-01-10 | CVE-2015-7465 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Jazz Reporting Service 6.0 Cross-site request forgery (CSRF) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 8.8 |
| 2016-01-10 | CVE-2015-7397 | Unspecified vulnerability in IBM Websphere Commerce 7.0 Multiple open redirect vulnerabilities in the Aurora starter store in IBM WebSphere Commerce 7.0 through Feature Pack 8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referrer parameter. | 7.4 |
| 2016-01-10 | CVE-2015-7116 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X and Tvos libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7115. | 4.3 |
| 2016-01-10 | CVE-2015-7115 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7116. | 4.3 |
| 2016-01-09 | CVE-2015-8512 | Improper Access Control vulnerability in Mozilla Firefox OS The lockscreen feature in Mozilla Firefox OS before 2.5 does not properly restrict failed authentication attempts, which makes it easier for physically proximate attackers to obtain access by entering many passcode guesses. | 4.6 |
| 2016-01-09 | CVE-2015-8511 | Race Condition vulnerability in Mozilla Firefox OS Race condition in the lockscreen feature in Mozilla Firefox OS before 2.5 allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors. | 6.4 |
| 2016-01-09 | CVE-2015-8510 | Cross-site Scripting vulnerability in Mozilla Firefox OS Cross-site scripting (XSS) vulnerability in the internationalization feature in the default homescreen app in Mozilla Firefox OS before 2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted web site that is mishandled during "Add to home screen" bookmarking. | 6.1 |