Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2016-01-29 CVE-2015-8792 Information Exposure vulnerability in multiple products
The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 allows context-dependent attackers to obtain sensitive information from process heap memory via crafted EBML lacing, which triggers an invalid memory access.
network
low complexity
matroska opensuse CWE-200
5.3
2016-01-29 CVE-2015-8791 Information Exposure vulnerability in Matroska Libebml
The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted length value in an EBML id, which triggers an invalid memory access.
network
low complexity
matroska CWE-200
4.3
2016-01-29 CVE-2015-8790 Information Exposure vulnerability in Matroska Libebml
The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted UTF-8 string, which triggers an invalid memory access.
network
low complexity
matroska CWE-200
4.3
2016-01-29 CVE-2015-8789 Unspecified vulnerability in Matroska Libebml
Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply nested element with infinite size" followed by another element of an upper level in an EBML document.
network
low complexity
matroska
critical
9.6
2016-01-29 CVE-2015-8770 Path Traversal vulnerability in Roundcube Webmail
Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube before 1.0.8 and 1.1.x before 1.1.4 allows remote authenticated users with certain permissions to read arbitrary files or possibly execute arbitrary code via a ..
network
high complexity
roundcube CWE-22
7.5
2016-01-29 CVE-2015-7464 Unspecified vulnerability in IBM Jazz Reporting Service
Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote attackers to cause a denial of service (Report Builder server outage) via a crafted request to a Report Builder instance URL.
network
low complexity
ibm
7.5
2016-01-28 CVE-2016-0868 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rockwellautomation products
Stack-based buffer overflow on Rockwell Automation Allen-Bradley MicroLogix 1100 devices A through 15.000 and B before 15.002 allows remote attackers to execute arbitrary code via a crafted web request.
network
low complexity
rockwellautomation CWE-119
critical
9.8
2016-01-27 CVE-2016-1300 Cross-site Scripting vulnerability in Cisco Unity Connection 10.5(2.3009)
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux82582.
network
low complexity
cisco CWE-79
6.1
2016-01-27 CVE-2016-1299 Resource Management Errors vulnerability in Cisco 300 Series Managed Switch Firmware 1.4.1
The web-management GUI implementation on Cisco Small Business SG300 devices 1.4.1.x allows remote attackers to cause a denial of service (HTTPS outage) via crafted HTTPS requests, aka Bug ID CSCuw87174.
network
low complexity
cisco CWE-399
5.3
2016-01-27 CVE-2015-6421 Resource Management Errors vulnerability in Cisco Wide Area Application Services
cifs-ao in the CIFS optimization functionality on Cisco Wide Area Application Service (WAAS) and Virtual WAAS (vWAAS) devices 5.x before 5.3.5d and 5.4 and 5.5 before 5.5.3 allows remote attackers to cause a denial of service (resource consumption and device reload) via crafted network traffic, aka Bug ID CSCus85330.
network
low complexity
cisco CWE-399
7.5