Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-01-31 CVE-2016-1937 Cross-site Scripting vulnerability in multiple products
The protocol-handler dialog in Mozilla Firefox before 44.0 allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended.
network
low complexity
mozilla opensuse CWE-79
6.1
6.1
2016-01-31 CVE-2016-1933 Numeric Errors vulnerability in multiple products
Integer overflow in the image-deinterlacing functionality in Mozilla Firefox before 44.0 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted GIF image.
network
low complexity
opensuse mozilla CWE-189
6.5
6.5
2016-01-30 CVE-2016-1144 Cross-site Scripting vulnerability in Websquare Job-Cube
Cross-site scripting (XSS) vulnerability in JOB-CUBE -JOB WEB SYSTEM before 1.2.2 and -JOB WEB SYSTEM High Income 1.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
websquare CWE-79
5.4
5.4
2016-01-30 CVE-2016-1143 Cross-site Scripting vulnerability in Vine MV Project Vine MV 20150909
Cross-site scripting (XSS) vulnerability in main.rb in Vine MV before 2015-11-08 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
vine-mv-project CWE-79
6.1
6.1
2016-01-30 CVE-2016-1141 OS Command Injection vulnerability in Kddi Home Spot Cube Firmware 2.0
KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.
network
low complexity
kddi CWE-78
4.7
4.7
2016-01-30 CVE-2016-1140 7PK - Security Features vulnerability in Kddi Home Spot Cube Firmware 2.0
KDDI HOME SPOT CUBE devices before 2 allow remote attackers to conduct clickjacking attacks via unspecified vectors.
network
low complexity
kddi CWE-254
6.1
6.1
2016-01-30 CVE-2016-1138 Unspecified vulnerability in Kddi Home Spot Cube Firmware 2.0
CRLF injection vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to inject arbitrary HTTP headers via unspecified vectors.
network
low complexity
kddi
4.7
4.7
2016-01-30 CVE-2016-1136 Cross-site Scripting vulnerability in Kddi Home Spot Cube Firmware 2.0
Cross-site scripting (XSS) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
kddi CWE-79
5.4
5.4
2016-01-30 CVE-2016-1488 Cross-site Scripting vulnerability in Siemens Ozw672 Firmware and Ozw772 Firmware
Cross-site scripting (XSS) vulnerability in the login form in the integrated web server on Siemens OZW OZW672 devices before 6.00 and OZW772 devices before 6.00 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
siemens CWE-79
6.1
6.1
2016-01-30 CVE-2016-1304 Cross-site Scripting vulnerability in Cisco Unity Connection 10.5(2.3009)
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux82596.
network
low complexity
cisco CWE-79
6.1
6.1