Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-01-10 | CVE-2015-7397 | Unspecified vulnerability in IBM Websphere Commerce 7.0 Multiple open redirect vulnerabilities in the Aurora starter store in IBM WebSphere Commerce 7.0 through Feature Pack 8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referrer parameter. | 7.4 |
| 2016-01-10 | CVE-2015-7116 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X and Tvos libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7115. | 4.3 |
| 2016-01-10 | CVE-2015-7115 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7116. | 4.3 |
| 2016-01-09 | CVE-2015-8512 | Improper Access Control vulnerability in Mozilla Firefox OS The lockscreen feature in Mozilla Firefox OS before 2.5 does not properly restrict failed authentication attempts, which makes it easier for physically proximate attackers to obtain access by entering many passcode guesses. | 4.6 |
| 2016-01-09 | CVE-2015-8511 | Race Condition vulnerability in Mozilla Firefox OS Race condition in the lockscreen feature in Mozilla Firefox OS before 2.5 allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors. | 6.4 |
| 2016-01-09 | CVE-2015-8510 | Cross-site Scripting vulnerability in Mozilla Firefox OS Cross-site scripting (XSS) vulnerability in the internationalization feature in the default homescreen app in Mozilla Firefox OS before 2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted web site that is mishandled during "Add to home screen" bookmarking. | 6.1 |
| 2016-01-09 | CVE-2015-7939 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Unitronics Visilogic Oplc IDE 9.8.0.00 Heap-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.09 allows remote attackers to execute arbitrary code via a long vlp filename. | 9.6 |
| 2016-01-09 | CVE-2015-7938 | Improper Authentication vulnerability in Advantech Eki-1321 Series Firmware and Eki-1322 Series Firmware Advantech EKI-132x devices with firmware before 2015-12-31 allow remote attackers to bypass authentication via unspecified vectors. | 9.8 |
| 2016-01-09 | CVE-2015-7575 | Data Processing Errors vulnerability in multiple products Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. | 5.9 |
| 2016-01-09 | CVE-2015-7117 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Quicktime Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, and CVE-2015-7092. | 6.6 |