Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-12-27 | CVE-2015-6005 | Cross-site Scripting vulnerability in Progress Whatsup Gold Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names field, (5) the Flow Monitor Credentials field, (6) the Flow Monitor Threshold Name field, (7) the Task Library Name field, (8) the Task Library Description field, (9) the Policy Library Name field, (10) the Policy Library Description field, (11) the Template Library Name field, (12) the Template Library Description field, (13) the System Script Library Name field, (14) the System Script Library Description field, or (15) the CLI Settings Library Description field. | 6.9 |
2015-12-27 | CVE-2015-6004 | SQL Injection vulnerability in Progress Whatsup Gold Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.asp in the Reports component or (2) the Find Device parameter. | 6.5 |
2015-12-26 | CVE-2015-8669 | Information Exposure vulnerability in PHPmyadmin libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. | 5.3 |
2015-12-26 | CVE-2015-6409 | Information Exposure vulnerability in Cisco Jabber 10.6(2) Cisco Jabber 10.6.x, 11.0.x, and 11.1.x on Windows allows man-in-the-middle attackers to conduct STARTTLS downgrade attacks and trigger cleartext XMPP sessions via unspecified vectors, aka Bug ID CSCuw87419. | 5.9 |
2015-12-24 | CVE-2015-8664 | Numeric Errors vulnerability in Google Chrome Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an RGBA pixel array with crafted dimensions, a different vulnerability than CVE-2015-6792. | 8.8 |
2015-12-24 | CVE-2015-6792 | Unspecified vulnerability in Google Chrome The MIDI subsystem in Google Chrome before 47.0.2526.106 does not properly handle the sending of data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to midi_manager.cc, midi_manager_alsa.cc, and midi_manager_mac.cc, a different vulnerability than CVE-2015-8664. | 9.8 |
2015-12-24 | CVE-2015-8663 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ffmpeg 2.8.3 The ff_get_buffer function in libavcodec/utils.c in FFmpeg before 2.8.4 preserves width and height values after a failure, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .mov file. | 8.3 |
2015-12-24 | CVE-2015-8662 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ffmpeg The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data. | 7.3 |
2015-12-24 | CVE-2015-8661 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ffmpeg The h264_slice_header_init function in libavcodec/h264_slice.c in FFmpeg before 2.8.3 does not validate the relationship between the number of threads and the number of slices, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted H.264 data. | 8.3 |
2015-12-24 | CVE-2015-7934 | Information Exposure vulnerability in Adcon A840 Telemetry Gateway Base Station Firmware The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to discover log-file pathnames via unspecified vectors. | 8.6 |