Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-12-28 | CVE-2015-7884 | Information Exposure vulnerability in Linux Kernel The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application. | 2.3 |
| 2015-12-28 | CVE-2015-7509 | Improper Input Validation vulnerability in Linux Kernel fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015. | 4.4 |
| 2015-12-28 | CVE-2013-7446 | Unspecified vulnerability in Linux Kernel Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls. | 5.3 |
| 2015-12-27 | CVE-2015-7783 | Cross-site Scripting vulnerability in Let'S PHP! Pbbs 4.05 Cross-site scripting (XSS) vulnerability in Let's PHP! p++BBS before 4.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2015-12-27 | CVE-2015-7665 | Information Exposure vulnerability in Tails Project Tails 1.6 Tails before 1.7 includes the wget program but does not prevent automatic fallback from passive FTP to active FTP, which allows remote FTP servers to discover the Tor client IP address by reading a (1) PORT or (2) EPRT command. | 5.3 |
| 2015-12-27 | CVE-2015-6538 | Unspecified vulnerability in Ephiphanyheathdata Cardio Server 3.3/4.0/4.1 The login page in Epiphany Cardio Server 3.3, 4.0, and 4.1 mishandles authentication requests, which allows remote attackers to conduct LDAP injection attacks, and consequently bypass intended access restrictions, via a crafted URL. | 9.8 |
| 2015-12-27 | CVE-2015-6537 | SQL Injection vulnerability in Epiphanyhealthdata Cardio Server 3.3 SQL injection vulnerability in the login page in Epiphany Cardio Server 3.3 allows remote attackers to execute arbitrary SQL commands via a crafted URL. | 9.8 |
| 2015-12-27 | CVE-2015-8263 | Unspecified vulnerability in Netgear Wnr1000V3 and Wnr1000V3 Firmware NETGEAR WNR1000v3 devices with firmware 1.0.2.68 use the same source port number for every DNS query, which makes it easier for remote attackers to spoof responses by selecting that number for the destination port. | 8.6 |
| 2015-12-27 | CVE-2015-8262 | Unspecified vulnerability in Buffalotech products Buffalo WZR-600DHP2 devices with firmware 2.09, 2.13, and 2.16 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value. | 6.8 |
| 2015-12-27 | CVE-2015-8254 | Insufficient Verification of Data Authenticity vulnerability in RSI Video Technologies Frontel Protocol 2.0 The Frontel protocol before 3 on RSI Video Technologies Videofied devices does not use integrity protection, which makes it easier for man-in-the-middle attackers to (1) initiate a false alarm or (2) deactivate an alarm by modifying the client-server data stream. | 5.9 |