Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-01-29 | CVE-2015-8792 | Information Exposure vulnerability in multiple products The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 allows context-dependent attackers to obtain sensitive information from process heap memory via crafted EBML lacing, which triggers an invalid memory access. | 5.3 |
| 2016-01-29 | CVE-2015-8791 | Information Exposure vulnerability in Matroska Libebml The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted length value in an EBML id, which triggers an invalid memory access. | 4.3 |
| 2016-01-29 | CVE-2015-8790 | Information Exposure vulnerability in Matroska Libebml The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted UTF-8 string, which triggers an invalid memory access. | 4.3 |
| 2016-01-29 | CVE-2015-8789 | Unspecified vulnerability in Matroska Libebml Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply nested element with infinite size" followed by another element of an upper level in an EBML document. | 9.6 |
| 2016-01-29 | CVE-2015-8770 | Path Traversal vulnerability in Roundcube Webmail Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube before 1.0.8 and 1.1.x before 1.1.4 allows remote authenticated users with certain permissions to read arbitrary files or possibly execute arbitrary code via a .. | 7.5 |
| 2016-01-29 | CVE-2015-7464 | Unspecified vulnerability in IBM Jazz Reporting Service Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote attackers to cause a denial of service (Report Builder server outage) via a crafted request to a Report Builder instance URL. | 7.5 |
| 2016-01-28 | CVE-2016-0868 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rockwellautomation products Stack-based buffer overflow on Rockwell Automation Allen-Bradley MicroLogix 1100 devices A through 15.000 and B before 15.002 allows remote attackers to execute arbitrary code via a crafted web request. | 9.8 |
| 2016-01-27 | CVE-2016-1300 | Cross-site Scripting vulnerability in Cisco Unity Connection 10.5(2.3009) Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux82582. | 6.1 |
| 2016-01-27 | CVE-2016-1299 | Resource Management Errors vulnerability in Cisco 300 Series Managed Switch Firmware 1.4.1 The web-management GUI implementation on Cisco Small Business SG300 devices 1.4.1.x allows remote attackers to cause a denial of service (HTTPS outage) via crafted HTTPS requests, aka Bug ID CSCuw87174. | 5.3 |
| 2016-01-27 | CVE-2015-6421 | Resource Management Errors vulnerability in Cisco Wide Area Application Services cifs-ao in the CIFS optimization functionality on Cisco Wide Area Application Service (WAAS) and Virtual WAAS (vWAAS) devices 5.x before 5.3.5d and 5.4 and 5.5 before 5.5.3 allows remote attackers to cause a denial of service (resource consumption and device reload) via crafted network traffic, aka Bug ID CSCus85330. | 7.5 |