Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2016-02-24 CVE-2016-1341 Permissions, Privileges, and Access Controls vulnerability in Cisco Nx-Os 7.0(1)N1(1)/7.0(1)N1(3)/7.0(4)N1(1)
Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3), and 7.0(4)N1(1) on Nexus 2000 Fabric Extender devices has a blank root password, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCur22079.
network
low complexity
cisco CWE-264
critical
9.8
2016-02-24 CVE-2015-8277 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Flexerasoftware Flexnet Publisher 11.10/11.13.1.0
Multiple buffer overflows in (1) lmgrd and (2) Vendor Daemon in Flexera FlexNet Publisher before 11.13.1.2 Security Update 1 allow remote attackers to execute arbitrary code via a crafted packet with opcode (a) 0x107 or (b) 0x10a.
network
low complexity
flexerasoftware CWE-119
critical
9.8
2016-02-23 CVE-2015-8805 Cryptographic Issues vulnerability in multiple products
The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.
network
low complexity
nettle-project canonical opensuse CWE-310
critical
9.8
2016-02-23 CVE-2015-8804 7PK - Security Features vulnerability in multiple products
x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.
network
low complexity
nettle-project canonical opensuse CWE-254
critical
9.8
2016-02-23 CVE-2015-8803 7PK - Security Features vulnerability in multiple products
The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
network
low complexity
nettle-project canonical opensuse CWE-254
critical
9.8
2016-02-23 CVE-2013-7448 Path Traversal vulnerability in multiple products
Directory traversal vulnerability in wiki.c in didiwiki allows remote attackers to read arbitrary files via the page parameter to api/page/get.
network
low complexity
debian didiwiki-project CWE-22
7.5
2016-02-23 CVE-2016-2537 Improper Input Validation vulnerability in IS MY Json Valid Project IS MY Json Valid
The is-my-json-valid package before 2.12.4 for Node.js has an incorrect exports['utc-millisec'] regular expression, which allows remote attackers to cause a denial of service (blocked event loop) via a crafted string.
network
low complexity
is-my-json-valid-project CWE-20
7.5
2016-02-23 CVE-2016-1157 Cross-site Scripting vulnerability in Log-Chat Project Log-Chat 1.0
Cross-site scripting (XSS) vulnerability in log_chat.cgi in Script* Log-Chat before 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
log-chat-project CWE-79
6.1
2016-02-22 CVE-2016-2536 Resource Management Errors vulnerability in multiple products
Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document.
network
low complexity
sap google CWE-399
8.8
2016-02-22 CVE-2016-2316 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service (file descriptor consumption) via vectors related to large retransmit timeout values.
network
high complexity
fedoraproject digium CWE-191
5.9