Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-02-23 | CVE-2015-8803 | 7PK - Security Features vulnerability in multiple products The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805. | 9.8 |
| 2016-02-23 | CVE-2013-7448 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in wiki.c in didiwiki allows remote attackers to read arbitrary files via the page parameter to api/page/get. | 7.5 |
| 2016-02-23 | CVE-2016-2537 | Improper Input Validation vulnerability in IS MY Json Valid Project IS MY Json Valid The is-my-json-valid package before 2.12.4 for Node.js has an incorrect exports['utc-millisec'] regular expression, which allows remote attackers to cause a denial of service (blocked event loop) via a crafted string. | 7.5 |
| 2016-02-23 | CVE-2016-1157 | Cross-site Scripting vulnerability in Log-Chat Project Log-Chat 1.0 Cross-site scripting (XSS) vulnerability in log_chat.cgi in Script* Log-Chat before 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2016-02-22 | CVE-2016-2536 | Resource Management Errors vulnerability in multiple products Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document. | 8.8 |
| 2016-02-22 | CVE-2016-2316 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service (file descriptor consumption) via vectors related to large retransmit timeout values. | 5.9 |
| 2016-02-22 | CVE-2016-2232 | Unspecified vulnerability in Digium Asterisk and Certified Asterisk Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a zero length error correcting redundancy packet for a UDPTL FAX packet that is lost. | 6.5 |
| 2016-02-22 | CVE-2016-2037 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file. | 6.5 |
| 2016-02-22 | CVE-2016-0725 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the search_pagination function in course/classes/management_renderer.php in Moodle 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted search string. | 6.1 |
| 2016-02-22 | CVE-2016-0724 | Information Exposure vulnerability in multiple products The (1) core_enrol_get_course_enrolment_methods and (2) enrol_self_get_instance_info web services in Moodle through 2.6.11, 2.7.x before 2.7.12, 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 do not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to obtain sensitive information via a web-service request. | 4.3 |