Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-01-08 | CVE-2015-8755 | Cross-site Scripting vulnerability in Typo3 Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors. | 5.4 |
| 2016-01-08 | CVE-2015-8754 | Permissions, Privileges, and Access Controls vulnerability in Acquia Mollom The Mollom module 6.x-2.7 before 6.x-2.15 for Drupal allows remote attackers to bypass intended access restrictions and modify the mollom blacklist via unspecified vectors. | 7.5 |
| 2016-01-08 | CVE-2015-8753 | Permissions, Privileges, and Access Controls vulnerability in SAP Afaria 7.0.6001.5 SAP Afaria 7.0.6001.5 allows remote attackers to bypass authorization checks and wipe or lock mobile devices via a crafted request, related to "Insecure signature," aka SAP Security Note 2134905. | 9.1 |
| 2016-01-08 | CVE-2015-8668 | Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a large width field in a BMP image. | 9.8 |
| 2016-01-08 | CVE-2015-8615 | 7PK - Security Features vulnerability in XEN 4.6.0 The hvm_set_callback_via function in arch/x86/hvm/irq.c in Xen 4.6 does not limit the number of printk console messages when logging the new callback method, which allows local HVM guest OS users to cause a denial of service via a large number of changes to the callback method (HVM_PARAM_CALLBACK_IRQ). | 5.0 |
| 2016-01-08 | CVE-2015-8612 | Permissions, Privileges, and Access Controls vulnerability in Blueman Project Blueman 1.99/2.0 The EnableNetwork method in the Network class in plugins/mechanism/Network.py in Blueman before 2.0.3 allows local users to gain privileges via the dhcp_handler argument. | 8.4 |
| 2016-01-08 | CVE-2015-8597 | Unspecified vulnerability in Bluecoat Advanced Secure Gateway and Proxysg Open redirect vulnerability in Blue Coat ProxySG 6.5 before 6.5.8.8 and 6.6 and Advanced Secure Gateway (ASG) 6.6 might allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in conjunction with a "clear text" one in a coaching page, as demonstrated by "http://www.%humbug-URL%.local/bluecoat-splash-API?%BASE64-URL%." | 7.4 |
| 2016-01-08 | CVE-2015-8547 | Code vulnerability in multiple products The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the "/op *" command in a query. | 7.5 |
| 2016-01-08 | CVE-2015-8481 | Information Exposure vulnerability in Atlassian Jira Core, Jira Server and Jira Service Desk Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain sensitive information by updating a different issue that includes wiki markup for an external image reference. | 3.1 |
| 2016-01-08 | CVE-2015-8303 | Information Exposure vulnerability in Huawei Document Security Management V100R002C03Spc005 Huawei Document Security Management (DSM) with software before V100R002C05SPC661 does not clear the clipboard when closing a secure file, which allows local users to obtain sensitive information by pasting the contents to another file. | 4.0 |