Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-01-08 | CVE-2015-8226 | Improper Input Validation vulnerability in Huawei ALE Firmware and Gem-703L Firmware The Joint Photographic Experts Group Processing Unit (JPU) driver in Huawei ALE smartphones with software before ALE-UL00C00B220 and ALE-TL00C01B220 and GEM-703L smartphones with software before V100R001C233B111 allows remote attackers to cause a denial of service (crash) via a crafted application with the system or camera permission, a different vulnerability than CVE-2015-8225. | 5.5 |
| 2016-01-08 | CVE-2015-8225 | Improper Input Validation vulnerability in Huawei ALE Firmware and Gem-703L Firmware The Joint Photographic Experts Group Processing Unit (JPU) driver in Huawei ALE smartphones with software before ALE-UL00C00B220 and ALE-TL00C01B220 and GEM-703L smartphones with software before V100R001C233B111 allows remote attackers to cause a denial of service (crash) via a crafted application with the system or camera permission, a different vulnerability than CVE-2015-8226. | 5.5 |
| 2016-01-08 | CVE-2015-7758 | Link Following vulnerability in multiple products Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a (1) .aux, (2) .log, (3) .out, (4) .pdf, or (5) .toc extension for the file name, as demonstrated by .thesis.tex.aux. | 3.3 |
| 2016-01-08 | CVE-2015-7754 | Improper Input Validation vulnerability in Juniper Screenos 6.3.0 Juniper ScreenOS before 6.3.0r21, when ssh-pka is configured and enabled, allows remote attackers to cause a denial of service (system crash) or execute arbitrary code via crafted SSH negotiation. | 8.1 |
| 2016-01-08 | CVE-2015-7554 | 7PK - Security Features vulnerability in Libtiff 4.0.6 The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image. | 9.8 |
| 2016-01-08 | CVE-2015-7519 | Improper Input Validation vulnerability in Phusionpassenger Phusion Passenger agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X_User header. | 3.7 |
| 2016-01-08 | CVE-2015-7362 | Permissions, Privileges, and Access Controls vulnerability in Fortinet Forticlient Fortinet FortiClient Linux SSLVPN before build 2313, when installed on Linux in a home directory that is world readable and executable, allows local users to gain privileges via the helper/subroc setuid program. | 7.8 |
| 2016-01-08 | CVE-2015-7328 | Information Exposure vulnerability in Puppet Enterprise Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during the initial installation and configuration, which might allow local users to obtain sensitive information via unspecified vectors. | 4.7 |
| 2016-01-08 | CVE-2015-6856 | Permissions, Privileges, and Access Controls vulnerability in Dell Pre-Boot Authentication Driver 1.0.1.5 Dell Pre-Boot Authentication Driver (PBADRV.sys) 1.0.1.5 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x0022201c IOCTL call. | 7.8 |
| 2016-01-08 | CVE-2015-5259 | Numeric Errors vulnerability in Apache Subversion 1.9.0/1.9.1/1.9.2 Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read. | 8.6 |