Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2016-01-29 CVE-2016-0754 Improper Input Validation vulnerability in Haxx Curl
cURL before 7.47.0 on Windows allows attackers to write to arbitrary files in the current working directory on a different drive via a colon in a remote file name.
network
low complexity
haxx CWE-20
5.3
2016-01-29 CVE-2016-0738 Resource Management Errors vulnerability in Openstack Swift
OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.
network
low complexity
openstack CWE-399
7.5
2016-01-29 CVE-2016-0737 Resource Management Errors vulnerability in Openstack Swift
OpenStack Object Storage (Swift) before 2.4.0 does not properly close client connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.
network
low complexity
openstack CWE-399
7.5
2016-01-29 CVE-2015-8773 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mcafee File Lock 5.0
Stack-based buffer overflow in McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total Protection allows attackers to cause a denial of service (system crash) via a long vault GUID in an ioctl call.
network
low complexity
mcafee CWE-119
7.5
2016-01-29 CVE-2015-8772 Data Processing Errors vulnerability in Mcafee File Lock 5.0
McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total Protection allows local users to obtain sensitive information from kernel memory or cause a denial of service (system crash) via a large VERIFY_INFORMATION.Length value in an IOCTL_DISK_VERIFY ioctl call.
network
low complexity
mcafee CWE-19
critical
9.1
2016-01-29 CVE-2015-7521 Improper Authentication vulnerability in Apache Hive
The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows attackers to bypass intended parent table access restrictions via unspecified partition-level operations.
network
low complexity
apache CWE-287
8.3
2016-01-29 CVE-2016-1882 Data Processing Errors vulnerability in Freebsd 10.1/10.2/9.3
FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9 allow remote attackers to cause a denial of service (kernel crash) via vectors related to creating a TCP connection with the TCP_MD5SIG and TCP_NOOPT socket options.
network
low complexity
freebsd CWE-19
7.5
2016-01-29 CVE-2016-1879 Unspecified vulnerability in Freebsd 10.1/10.2/9.3
The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9, when the kernel is configured for IPv6, allows remote attackers to cause a denial of service (assertion failure or NULL pointer dereference and kernel panic) via a crafted ICMPv6 packet.
network
low complexity
freebsd
7.5
2016-01-29 CVE-2015-8794 Path Traversal vulnerability in Roundcube Webmail 1.1.0/1.1.1
Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via a full pathname in the _alt parameter, related to contact photo handling.
network
low complexity
roundcube CWE-22
6.5
2016-01-29 CVE-2015-8793 Cross-site Scripting vulnerability in Roundcube Webmail
Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter in a mail task to the default URL, a different vulnerability than CVE-2011-2937.
network
low complexity
roundcube CWE-79
6.1