Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2016-02-15 CVE-2016-1331 Cross-site Scripting vulnerability in SUN Opensolaris Snv124
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 11.5(0.99833.5) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuy10766.
network
low complexity
sun CWE-79
6.1
2016-02-15 CVE-2016-1330 Resource Management Errors vulnerability in Zzinc Keymouse Firmware 3.08
Cisco IOS 15.2(4)E on Industrial Ethernet 2000 devices allows remote attackers to cause a denial of service (device reload) via crafted Cisco Discovery Protocol (CDP) packets, aka Bug ID CSCuy27746.
low complexity
zzinc CWE-399
6.5
2016-02-15 CVE-2016-1321 Information Exposure vulnerability in Cisco Universal Small Cell Firmware
Cisco Universal Small Cell devices with firmware R2.12 through R3.5 contain an image-decryption key in flash memory, which allows remote attackers to bypass a certain certificate-validation feature and obtain sensitive firmware-image and IP address data via a request to an unspecified Cisco server, aka Bug ID CSCut98082.
network
low complexity
cisco CWE-200
5.8
2016-02-15 CVE-2016-0232 Information Exposure vulnerability in IBM Financial Transaction Manager
IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Services (CPS) 3.0.0 before FP12 allows remote authenticated users to obtain sensitive information by reading README files.
network
low complexity
ibm CWE-200
4.3
2016-02-15 CVE-2016-0231 Information Exposure vulnerability in IBM Financial Transaction Manager 3.0.0.0
IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Services (CPS) 3.0.0 before FP12 allows remote authenticated users to obtain sensitive information by reading exception details in error logs.
network
low complexity
ibm CWE-200
4.3
2016-02-15 CVE-2016-0747 Resource Exhaustion vulnerability in multiple products
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.
network
low complexity
f5 canonical debian opensuse apple CWE-400
5.3
2016-02-15 CVE-2016-0746 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing.
network
low complexity
f5 canonical debian opensuse apple CWE-416
critical
9.8
2016-02-15 CVE-2016-0742 NULL Pointer Dereference vulnerability in multiple products
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.
network
low complexity
f5 canonical debian opensuse apple redhat CWE-476
7.5
2016-02-15 CVE-2016-2314 Code vulnerability in Huawei Mt882 Firmware V200R002B022Arg
GlobespanVirata ftpd 1.0, as used on Huawei SmartAX MT882 devices V200R002B022 Arg, allows remote authenticated users to cause a denial of service (device outage) by using the FTP MKD command to create a directory with a long name, and then using certain other commands.
network
low complexity
huawei CWE-17
4.9
2016-02-15 CVE-2016-2231 Data Processing Errors vulnerability in Huawei Mt882 Firmware V200R002B022
The Windows-based Host Interface Program (WHIP) service on Huawei SmartAX MT882 devices V200R002B022 Arg relies on the client to send a length field that is consistent with a buffer size, which allows remote attackers to cause a denial of service (device outage) or possibly have unspecified other impact via crafted traffic on TCP port 8701.
network
low complexity
huawei CWE-19
critical
9.8