Vulnerabilities > Code

DATE CVE VULNERABILITY TITLE RISK
2016-01-31 CVE-2016-1940 Code vulnerability in multiple products
Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via a data: URL that is mishandled during (1) shortcut opening or (2) BOOKMARK intent processing.
network
low complexity
google mozilla CWE-17
5.3
2016-01-22 CVE-2016-1571 Code vulnerability in multiple products
The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID instruction, which triggers a hypervisor bug check.
network
high complexity
citrix xen CWE-17
6.3
2016-01-08 CVE-2015-8547 Code vulnerability in multiple products
The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the "/op *" command in a query.
network
low complexity
quassel-irc opensuse CWE-17
7.5
2016-01-02 CVE-2015-8027 Code vulnerability in Nodejs Node.Js
Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the availability of a parser for each HTTP socket, which allows remote attackers to cause a denial of service (uncaughtException and service outage) via a pipelined HTTP request.
network
low complexity
nodejs CWE-17
7.5
2016-01-01 CVE-2015-7410 Code vulnerability in IBM Sterling B2B Integrator 5.2
The Health Check tool in IBM Sterling B2B Integrator 5.2 does not properly use cookies in conjunction with HTTPS sessions, which allows man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors.
network
high complexity
ibm CWE-17
7.4
2016-01-01 CVE-2015-4943 Code vulnerability in IBM Websphere MQ Light 1.0/1.0.0.1
IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cause a denial of service (MQXR service crash) via a series of connect and disconnect actions, a different vulnerability than CVE-2015-4942.
network
low complexity
ibm CWE-17
5.3
2016-01-01 CVE-2015-4941 Code vulnerability in IBM Websphere MQ Light 1.0/1.0.0.1
IBM WebSphere MQ Light 1.x before 1.0.2 mishandles abbreviated TLS handshakes, which allows remote attackers to cause a denial of service (MQXR service crash) via unspecified vectors.
network
low complexity
ibm CWE-17
5.3
2016-01-01 CVE-2015-7441 Code vulnerability in IBM Business Process Manager and Websphere Process Server
Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.2 does not properly use SSL for its HTTPS connection, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
network
high complexity
ibm CWE-17
6.8
2015-12-30 CVE-2015-7793 Code vulnerability in Corega Cg-Wlbaragm Firmware
Corega CG-WLBARAGM devices provide an open proxy service, which allows remote attackers to trigger outbound network traffic via unspecified vectors.
network
low complexity
corega CWE-17
5.8