2016-02-07
Med.
Low
2016-02-06
Med.
Low
High
Low
2016-02-05
Med.
Low
Low
High
2016-02-04
Low
High
Low
Low
Med.
Low
Med.
Med.
Med.
Low

2016-02-01
CVE-2016-1720 Apple Apple tv
IOKit in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

2016-01-30
CVE-2016-1141 KDDI Home spot cube firmware
KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.

2016-01-29
CVE-2015-8792 Matroska Libmatroska
The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 allows context-dependent attackers to obtain sensitive information from process heap memory via crafted EBML lacing, which triggers an invalid memory access.

2016-01-27
CVE-2015-7439 IBM Rational software architect
Cross-site scripting (XSS) vulnerability in InfoSphere Data Architect (IDA), as distributed in IBM Rational Software Architect 8.5 through 9.5, Rational Software Architect for WebSphere Software (RSA4WS) 8.5 through 9.5, and Rational Software Architect RealTime (RSART) 8.5 through 9.5, allows remote attackers to inject arbitrary web script or HTML ...

CVE-2015-7487 IBM Change and configuration manag...
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other ...

CVE-2015-7488 IBM Spectrum scale
IBM Spectrum Scale 4.1.1.x before 4.1.1.4 and 4.2.x before 4.2.0.1, in certain LDAP File protocol configurations, allows remote attackers to discover an LDAP password via unspecified vectors.

CVE-2016-0209 IBM Websphere portal
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF09 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2016-1896 Lexmark Printer firmware
Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper status.

CVE-2016-1982 Privoxy Privoxy
The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content.

CVE-2016-1983 Privoxy Privoxy
The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header.

CVE-2016-1300 Cisco Unity connection
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux82582.

2016-01-26
CVE-2015-6337 Cisco Application policy infrastruct...
Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0.10 allows remote attackers to inject arbitrary web script or HTML via a crafted hostname in an SNMP response, aka Bug ID CSCuw47238.

CVE-2016-1298 Cisco Unified contact center express
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Contact Center Express 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via vectors related to permalinks, aka Bug ID CSCux92033.

CVE-2015-8379 Cakephp Cakephp
CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter.

CVE-2016-0869 Microsys Promotic
Heap-based buffer overflow in MICROSYS PROMOTIC before 8.3.11 allows remote authenticated users to cause a denial of service via a malformed HTML document.

CVE-2016-1233 Debian FUSE
An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an ioctl.

CVE-2016-1489 Lenovo Shareit
Lenovo SHAREit before 3.2.0 for Windows and SHAREit before 3.5.48_ww for Android transfer files in cleartext, which allows remote attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors.

CVE-2016-1490 Lenovo Shareit
The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows allows remote attackers to obtain sensitive file names via a crafted file request to /list.

CVE-2016-1491 Lenovo Shareit
The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows, when configured to receive files, has a hardcoded password of 12345678, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.

CVE-2016-1492 Lenovo Shareit
The Wifi hotspot in Lenovo SHAREit before 3.5.48_ww for Android, when configured to receive files, does not require a password, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.

Read More

 

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  
 
Full List of Vendors  

 

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 10   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  
 

Full List of Products  


Copyright 2016, cxsecurity.com