Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2015-12-27 CVE-2015-6005 Cross-site Scripting vulnerability in Progress Whatsup Gold
Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names field, (5) the Flow Monitor Credentials field, (6) the Flow Monitor Threshold Name field, (7) the Task Library Name field, (8) the Task Library Description field, (9) the Policy Library Name field, (10) the Policy Library Description field, (11) the Template Library Name field, (12) the Template Library Description field, (13) the System Script Library Name field, (14) the System Script Library Description field, or (15) the CLI Settings Library Description field.
network
low complexity
progress CWE-79
6.9
2015-12-27 CVE-2015-6004 SQL Injection vulnerability in Progress Whatsup Gold
Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.asp in the Reports component or (2) the Find Device parameter.
network
low complexity
progress CWE-89
6.5
2015-12-26 CVE-2015-8669 Information Exposure vulnerability in PHPmyadmin
libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.
network
low complexity
phpmyadmin CWE-200
5.3
2015-12-26 CVE-2015-6409 Information Exposure vulnerability in Cisco Jabber 10.6(2)
Cisco Jabber 10.6.x, 11.0.x, and 11.1.x on Windows allows man-in-the-middle attackers to conduct STARTTLS downgrade attacks and trigger cleartext XMPP sessions via unspecified vectors, aka Bug ID CSCuw87419.
network
high complexity
cisco CWE-200
5.9
2015-12-24 CVE-2015-8664 Numeric Errors vulnerability in Google Chrome
Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an RGBA pixel array with crafted dimensions, a different vulnerability than CVE-2015-6792.
network
low complexity
google CWE-189
8.8
2015-12-24 CVE-2015-6792 Unspecified vulnerability in Google Chrome
The MIDI subsystem in Google Chrome before 47.0.2526.106 does not properly handle the sending of data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to midi_manager.cc, midi_manager_alsa.cc, and midi_manager_mac.cc, a different vulnerability than CVE-2015-8664.
network
low complexity
google
critical
9.8
2015-12-24 CVE-2015-8663 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ffmpeg 2.8.3
The ff_get_buffer function in libavcodec/utils.c in FFmpeg before 2.8.4 preserves width and height values after a failure, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .mov file.
network
low complexity
ffmpeg CWE-119
8.3
2015-12-24 CVE-2015-8662 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ffmpeg
The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data.
network
low complexity
ffmpeg CWE-119
7.3
2015-12-24 CVE-2015-8661 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ffmpeg
The h264_slice_header_init function in libavcodec/h264_slice.c in FFmpeg before 2.8.3 does not validate the relationship between the number of threads and the number of slices, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted H.264 data.
network
low complexity
ffmpeg CWE-119
8.3
2015-12-24 CVE-2015-7934 Information Exposure vulnerability in Adcon A840 Telemetry Gateway Base Station Firmware
The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to discover log-file pathnames via unspecified vectors.
network
low complexity
adcon CWE-200
8.6