Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-02-20 | CVE-2016-1927 | 7PK - Security Features vulnerability in PHPmyadmin The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach. | 7.5 |
| 2016-02-19 | CVE-2016-1335 | Permissions, Privileges, and Access Controls vulnerability in Cisco ASR 5000 Series Software The SSH implementation in Cisco StarOS before 19.3.M0.62771 and 20.x before 20.0.M0.62768 on ASR 5000 devices mishandles a multi-user public-key authentication configuration, which allows remote authenticated users to gain privileges by establishing a connection from an endpoint that was previously used for an administrator's connection, aka Bug ID CSCux22492. | 7.5 |
| 2016-02-19 | CVE-2016-1156 | Improper Input Validation vulnerability in Linecorp Line 4.3.0.724/4.3.1 LINE 4.3.0.724 and earlier on Windows and 4.3.1 and earlier on OS X allows remote authenticated users to cause a denial of service (application crash) via a crafted post that is mishandled when displaying a Timeline. | 5.7 |
| 2016-02-19 | CVE-2016-1154 | SQL Injection vulnerability in Cuore Ec-Cube Help Plugin SQL injection vulnerability in the Help plug-in 1.3.5 and earlier in Cuore EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 9.1 |
| 2016-02-19 | CVE-2015-7769 | OS Command Injection vulnerability in Basercms baserCMS 3.0.2 through 3.0.8 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors. | 6.3 |
| 2016-02-19 | CVE-2016-2271 | Unspecified vulnerability in XEN 4.6.0/4.6.1 VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP. | 5.5 |
| 2016-02-19 | CVE-2016-2270 | Improper Input Validation vulnerability in multiple products Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings. | 6.8 |
| 2016-02-18 | CVE-2016-2509 | Information Exposure vulnerability in Belden Hirschmann Firmware and Hirschmann L2B The password-sync feature on Belden Hirschmann Classic Platform switches L2B before 05.3.07 and L2E, L2P, L3E, and L3P before 09.0.06 sets an SNMP community to the same string as the administrator password, which allows remote attackers to obtain sensitive information by sniffing the network. | 5.3 |
| 2016-02-18 | CVE-2016-1987 | Improper Input Validation vulnerability in HP Hp-Ux Ipfilter A.11.31.18.21 HPE IPFilter A.11.31.18.21 on HP-UX, when a certain keep-state configuration is enabled, allows remote attackers to cause a denial of service via unspecified UDP packets. | 5.9 |
| 2016-02-18 | CVE-2016-0069 | Permissions, Privileges, and Access Controls vulnerability in Microsoft Internet Explorer 10/11/9 Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0068. | 8.8 |